Keep Up to Date With the Latest Advancements in Data Privacy and Explore Rewarding Career Opportunities in the Field

01. Verizon Insider Data Breach Hits Over 63,000 Employees

Verizon experienced an insider data breach affecting nearly half of its workforce, compromising sensitive employee information including names, addresses, Social Security numbers, and more. The breach, discovered in December 2023, impacted 63,206 employees but did not affect customer data. Verizon is enhancing its security measures and offering affected employees identity theft protection. There is no evidence of external sharing or malicious intent, and law enforcement has not been involved.

02. loanDepot Cyberattack Causes Data Breach for 16.6 Million People

loanDepot, a significant mortgage lender, revealed a ransomware attack affecting about 16.6 million people, resulting in stolen personal information. The attack, disclosed in early January, led to system shutdowns and delays in payment processing. The company is providing free credit monitoring and identity protection services to affected individuals. Although the investigation is ongoing, loanDepot has not specified the type of information accessed. This incident follows a previous data breach in August 2022.

03. Google Settles Google+ API Data Leak Lawsuit for $350M

Google has agreed to settle a shareholder lawsuit for $350 million over a privacy flaw in Google+ that exposed private profile information. Plaintiffs alleged that Google attempted to cover up the flaw to avoid regulatory consequences. The settlement, which does not require Google to admit liability, compensates shareholders who bought stock between April and October 2018. The flaw allowed third-party apps to access users' private data, but Google argued that it found no evidence of abuse. The settlement is pending approval by a federal judge.

Strac’s Latest Views on Securing User Data

01. ​​Guide to GDPR Privacy by Design and Default

This article provides a comprehensive overview of GDPR's Privacy by Design and Default principles, emphasizing the integration of privacy into all stages of product development and ensuring privacy-friendly default settings. It outlines seven key principles, offers a checklist for compliance, and provides examples of implementation using Strac's solutions across various platforms. Compliance is crucial due to GDPR's enforcement and penalties, and Strac's DLP solutions help organizations meet these requirements while safeguarding sensitive data.

02. AI Data Security Risks & DLP for AI

This blog written by Strac founder, Aatish Mandelecha, discusses the data security risks associated with popular AI tools such as ChatGPT, Google's Bard chatbot, Zendesk chatbot, JIRA service desk chatbot, and Zoom AI companion. It highlights potential vulnerabilities and misuse of these tools, along with the need for robust Data Loss Prevention (DLP) solutions to combat these risks. Additionally, it provides eight ways DLP solutions like Strac can mitigate data security risks posed by generative AI, including IP leak prevention, monitoring data overflow, restricting data collection, mitigating compliance risks, preventing AI misuse, and offering endpoint DLP solutions.

03. Why is Automated Redaction Necessary? Best Practices and Tools

This article explores the need for automated redaction which is crucial for protecting sensitive data due to the increasing volume and complexity of digital information. It ensures data protection, compliance with regulations, consistency in data handling, risk management, and cost-effectiveness. Although automated redaction offers many benefits, organizations should also consider its limitations and implement best practices, including establishing clear policies, regular updates of redaction rules, user education, audits, and integration with document management systems. Several automated redaction software options are available, such as Strac Automated Redaction, Symantec Data Loss Prevention, McAfee Total Protection for DLP, Digital Guardian, and Proofpoint Data Loss Prevention. These tools play a vital role in enhancing data security, compliance, and efficiency, especially in SaaS applications where sensitive data processing is prevalent.

Security Jobs On The Market

1. The Zebra is hiring an Information Security Analyst

Looking for: “an Information Security Analyst to help us secure, maintain and grow a world-class insurance buying experience.”

Skills required: a strong sense of ownership, great communication and collaboration skills, a dedication to continuous improvement, exposure with DevSecOps, exposure with cloud technologies (e.g., AWS, GCP, Azure, etc.), exposure with container security (e.g., Docker, Dockerfile, CI/CD building, etc.), experience with scripting languages and tools (e.g., Python, Node, Bash, etc.), exposure to run books, and general standard operating procedures (e.g., network issues, alert handling, etc.), exposure to networks, network configurations and hardening, at scale (e.g., enterprise level networks), CEH, CCSP, CISA, CCSP,  AWS Security, DevSecOps Foundation, CompTIA+ experience, information security experience in PCI / SOC environments, networking, application security, SIEM experience, identity and access management configuration and hardening experience.

Learn more here

1. Anthropic is hiring a Privacy Operations Program Manager

Looking for: “a Privacy Operations Program Manager to manage and scale privacy-related policies and procedures to ensure that our AI products and services comply with privacy regulations and protect user data.”

Skills required: at least 3 years of experience in a privacy operations role at a technology company, a knack for identifying and implementing efficient processes and policies, excellent project management, analytical, and problem-solving skills, thrive in fast-paced, high-volume, ambiguous environments, excel as a member of cross-functional teams building frontier technologies and a want to develop a deep understanding of our technical teams and what we are building.

Learn more here

1. Asana is hiring a Corporate Security Engineer

Looking for “a Corporate Security Engineer to lead our cross-functional IT and security initiatives.”

Skills required: 6+ years working in security, on a security-focused IT or engineering team, strong communication skills, including empathy and the ability to speak to a diverse number of stakeholders effectively, competency and interest in writing clear documentation and proposals, risk-based approach to prioritization, rather than checkbox ticking, experience with networking, servers, cloud service providers, and security best practices, solid automation and scripting skills (Bash, Python or similar), able to balance risk and getting things done.

Learn more here