Apparel giant Under Armour has revealed that cyberattackers exploited a chink in the company’s armor, affecting millions of users of the business’s fitness app.
The company has announced that a data breach affected an estimated 150 million users of the MyFitnessPal app. An investigation indicated that affected information may include usernames, email addresses, and hashed passwords.
Customer payment information stored by the app, which Under Armour, collects and processes separately and has not been affected by the breach, CNBC reported.
The Baltimore-based active wear manufacturer first became aware of a potential data breach on March 25, when it discovered an unauthorized party had accessed MyFitnessPal user data in February.
Under Armour has since taken steps to warn its affected users, and is working with investigators and data security firms.
CNBC additionally reported that Under Armour’s shares dropped 3.8%, before paring losses, after the company reported the breach last week.
The spending bill passed by Congress and signed by President Donald Trump on Friday contains language that renews three-year-old restrictions on earmarking federal funds to interfere with state medical marijuana programs, despite Attorney General Jeff Sessions’s continuing negative stance on the spread of marijuana laws.
Marijuana is legal for medical use in 29 states and Washington, D.C. Nine states and Washington have legalized recreational use. The U.S. Food and Drug Administration classifies marijuana as a Schedule 1 drug, on par with cocaine and heroin.
The new budget will continue to prevent the Department of Justice from spending resources to target medical marijuana patients and providers who are in compliance with state law, protections that were put in place in 2014 and were set to expire on Sept. 30, according to the Washington, D.C.-based advocacy group Marijuana Policy Project.
The nonprofit noted Friday that Attorney General Sessions in January rescinded a Department of Justice policy instituted in 2013 that directed federal prosecutors not to enforce federal marijuana laws against individuals and businesses that are in compliance with state medical or adult-use marijuana laws. This move created uncertainty in states where marijuana is legal for adults, but passage of the spending bill ensures that medical marijuana programs will still be protected for the remainder of the fiscal year, officials with the project said in a press release issued Friday.
“Patients across the country will be relieved to hear that Congress has maintained the current policy of allowing states to make their own decisions on medical marijuana policy,” said Matthew Schweich, executive director for the project in a press statement. “A strong majority of American voters oppose federal interference in state-level marijuana laws.”
Few companies have faith in their cyber risk management, despite the skyrocketing stakes of an attack.
Two-thirds of 1,300 senior executives surveyed in a newly released global survey by Marsh and Microsoft ranked cybersecurity among their top five risk management priorities, yet only 19% felt highly confident in their ability to prevent and respond to an attack.
Of companies with over US$1bn in revenue, nearly half predicted a doomsday cyber event could rack up a bill of over US$50m. But only 30% have a response plan in place for such a scenario. That’s shocking news considering cyber attacks are no longer a matter of if, but when. “Cyber risk is an escalating management priority as the use of technology in business increases and the threat environment gets more complex,” said John Drzik, president Global Risk and Digital, Marsh. “It’s time for organizations to adopt a more comprehensive approach to cyber resilience, which engages the full executive team and spans risk prevention, response, mitigation and transfer.”
Quantifying the economic risk of an attack is seen as an important part of cyber risk management, yet fewer than half of respondents said their company has estimated the potential financial impact of a cyber incident. Without quantifiable information, organisations have difficulty making risk-appropriate decisions on strategic planning and investment decisions, particularly as they relate to purchasing insurance coverage, says the report.
Despite the enterprise-wide impact of incidents, cyber risk management remains stunted by its relegation to the IT department. As new types of attacks emerge, and major financial losses are incurred, organisations are being challenged to move cyber risk management out of the IT silo and into the realms of stakeholders across the entire enterprise. However, an overwhelming 70% of respondents still cited IT as the primary decision-maker for cyber risk within their organisation.
“While technology is the foundation of any good cybersecurity strategy, companies can benefit from investing in non-technology solutions like risk management as part of a holistic approach,” said Matt Penarczyk, vice president and deputy general counsel, Microsoft. “Through advanced technology, tools and training, for example, companies can better protect the data in their networks and be ready for the business interruptions and reputational risks associated with cyberattacks.”
A key to preventing cyber attacks from crippling U.S. power grids could be changing passwords on internet routers, wifi-connected thermostats and smart lawn-sprinklers.
There’s nothing relaxing about teaching your teenager to drive. This milestone in many young people’s development is a royal headache for parents, who are forced to battle with the natural urge to take control of the wheel.
What if autonomous vehicles are no different? What if occupants are required to constantly monitor their driverless car so they can jump in and take control if the system goes wrong? There’s nothing relaxing in that.
“Safety is a key area of the autonomous vehicle debate. It’s the primary, if not the sole reason, for driverless vehicles to exist. But one of the things we have to get our heads around is how to determine this safety,” said Tom Karol, general counsel – federal, The National Association of Mutual Insurance Companies.
“There are numerous questions that need answering. How much safer [than human drivers] do we want autonomous vehicles to be? Is 1% safer enough, or do we need 10%, or 100%? Yes, a driverless car won’t fall asleep, but can it identify a bicycle? Can it determine a stop sign in the snow? Can it identify a paper bag versus a child running across the street?”
Another key issue to be resolved is what happens when something goes wrong. Who will take control in the event of a system failure and how will the occupants know what to do? Will it be a ‘desperate grab the wheel off your teenage child’ scenario? This also links into the “incredibly complex” problem of liability. The obligations of the human occupants can only be determined upon the design and specifications of the individual vehicle.
At present, no jurisdiction has yet determined operational and safety requirements for driverless cars, leaving numerous developers to explore different avenues. There are two key schools of thought right now, with some manufacturers developing vehicle-to-vehicle systemic data cars, and others creating iron-clad and fully-contained data-tight vehicles. It’s difficult to predict which school might prevail in the eyes of the authorities.
“As a rule, the insurance industry is completely supportive of a platform that will develop safety,” Karol told Insurance Business. “If autonomous vehicles improve safety and reduce the frequency of accidents, problems and fatalities, then we’re 100% in favor of that. The problem’s in the details – and there are a number of fundamental issues that need resolving.
“We’re not yet at a point where we can make bets on how the autonomous vehicle industry will develop. At this point in time, insurance brokers need to keep their eyes and ears open, be as educated as possible and stay aware of who’s involved in the discussion, how they’re involved and what legal developments and regulations are introduced.”
by Bethan Moorcraft
A week of destructive fires in Southern California is ending but danger still looms.
Well into what’s considered the wet season, there’s been nary a drop of rain. That’s good for sun-seeking tourists, but could spell more disaster for a region that emerged this spring from a yearslong drought and now has firefighters on edge because of parched conditions and no end in sight to the typical fire season.
“This is the new normal,” Gov. Jerry Brown warned over the weekend after surveying damage from the deadly Ventura County fire that has caused the most destruction and continued burning out of control. “We’re about ready to have firefighting at Christmas. This is very odd and unusual.”
Even as firefighters made progress containing six major wildfires from Santa Barbara to San Diego County and most evacuees were allowed to return home, predicted gusts of up to 50 mph through Sunday posed a threat of flaring up existing blazes or spreading new ones. High fire risk is expected to last into January and the governor and experts said climate change is making it a year-round threat.
Overall, the fires have destroyed nearly 800 homes and other buildings, killed dozens of horses and forced more than 200,000 people to flee flames that have burned over 270 square miles (700 square kilometers) since Monday. One death, so far, a 70-year-old woman who crashed her car on an evacuation route, is attributed to the fire in Santa Paula, a small city next to Ventura where the fire began.
The Ventura blaze continued to burn into rugged mountains in the Los Padres National Forest near the little town of Ojai and toward a preserve established for endangered California condors. While many evacuation orders were lifted, new ones were established as the fire grew.
Brown said he had witnessed the “vagaries of the wind” that had destroyed some houses and left others standing and expressed concern for those who lost everything.
“What can you say?” he asked. “When you lose your house and your belongings and people lose their animals, it is a horror and it’s a horror we want to minimize.”
Firefighters were on high alert for dangerous fire potential even before the first blazes broke out. On Dec. 1, they began planning for extreme winds forecast in the week ahead.
Ken Pimlott, chief of the California Department of Forestry and Fire Protection, said authorities were prepared for destruction on the level of 2003 and 2007 firestorms in Southern California and possibly those in Northern California that killed 44 people and destroyed nearly 9,000 homes and other buildings in October.
By Monday, officials had brought in fire crews from the northern part of the state as reinforcements and marshaled engines, bulldozers and aircraft.
On Tuesday they brought in more helicopters from the National Guard and “every last plane we could find in the nation,” said Thom Porter, southern chief of the California Department of Forestry and Fire Protection.
The military provided C-130 planes for firefighting, said Mark Ghilarducci, director of the California Office of Emergency Services. More than 290 fire engines came from Montana, Utah, New Mexico, Idaho, Arizona, Oregon and Nevada.
But when flames met ferocious winds, crews were largely powerless to stop them. Even fire-attacking aircraft were helpless while being grounded at times because of night, high winds or smoke.
As fires burned in Ventura and Los Angeles counties, firefighters from other states were already in place north of San Diego on Thursday when a major fire erupted and rapidly spread in the Fallbrook area, known for its avocado groves and horse stables in the rolling hills.
“We had many resources in the area very quickly on this incident, but unfortunately within several minutes the fire had gotten out of control and well-established, and necessitated massive evacuations,” said Steve Abbott, chief of the North County Fire Protection District.
The fire swept through the San Luis Rey Training Facility, where it killed more than 40 elite thoroughbreds and destroyed more than 100 homes, most of them in the Rancho Monserate Country Club retirement community. Three people were burned trying to escape the fire that continued to smolder Saturday.
Most of this week’s fires were in places that burned in the past, including one in the ritzy Los Angeles neighborhood of Bel-Air that burned six homes and another in the city’s rugged foothills above the community of Sylmar and in Santa Paula.
The fire in Fallbrook was no exception. Ten years ago, during a deadly spate of Santa Ana wind-driven infernos, flames wiped out most of the more than 200 homes in the Valley Oaks Mobile Home Park.
Memories of that blaze were fresh as flames approached Thursday and sheriff’s deputies told residents to leave immediately.
By the time he got the order to go, Mateo Gonzalez had already helped his brother move out of his nearby place and packed all of his important belongings.
In the 2007 firestorm, Gonzalez had almost no warning before his house was destroyed, only four months after moving in.
“We weren’t prepared the first time around. This time we were,” he said Saturday, the day after he returned to his undamaged home.