Skip to main content

Executive Orders, Russian Ransomware Gangs & Social Account Takeovers: October 2022 Newsletter

October 26, 2022

In the October 2022 edition of our business privacy newsletter, you’ll find our take on:

Under New Executive Order, Europeans Can Complain to the U.S. About Data Collection

In early October President Biden signed an executive order giving Europeans the ability to protest when they believe their personal information has been caught in America’s National Security online surveillance dragnet. The announcement brings the US and EU closer to a deal to let companies transfer digital data across the Atlantic without running afoul of Europe’s GDPR. While the rule nominally only affects data collected and used by Federal agencies, given the increased data sharing between private sector data brokers and the security state, questions about its scope will likely be a source of future litigation and debate.

Our Take

The lack of a US/EU data-sharing agreement has been a thorn in the side of U.S. companies for many years, and while this executive order may give a sense of temporary relief to large companies worried about litigation, it is likely to serve as a placeholder until Congress either passes comprehensive data privacy legislation (e.g. like the ADPPA) or imposes specific limits on data sharing between private entities and federal agencies, like what was previously proposed in “The 4th Amendment is Not For Sale Act”.

Airports, Hospitals, and Schools are Targeted by Ransomware Gangs Connected to Russia 

In early 2022 there were frequent warnings of the potential for coordinated state-sponsored cyber attacks against US infrastructure and businesses in retaliation for Western opposition to the Russian invasion of Ukraine. By summer, little of this had materialized and there was speculation that it would never be forthcoming. However, in recent months there has been a growing pattern of Russian cyber-criminal gangs targeting schools, hospitals, airports, and other public-private institutions that are causing real disruptions in civic and economic life. 

Our Take

It’s not clear if this is an extension of an existing pattern of ransomware groups targeting quasi-public institutions because their data sources are very lucrative targets or if it’s being actively coordinated and encouraged by the Russian state simply to wreak havoc in the US. In either case, it’s very concerning that ransomware groups that have been proven to use data broker sites like ZoomInfo and SignalHire for OSINT on their targets now seem to be equally motivated by remuneration AND sabotage. 

Malicious Social Account Takeover Epidemic

A recent report released by the Identity Theft Resource Center noted that consumer social media account takeovers have grown by more than 1,000% in the last 12 months. 

Our Take

We draw attention to this trend because it has implications for potential risks to employees who maintain social media profiles and may expose businesses to the reputational or financial risks that come from identity spoofing. The ecosystem of consumer fraud is always shifting from one format to another, often replicating the same types of scams via new platforms. We saw this over the past decade in a shift from robocalls, to e-mail spam and phishing, to smishing. The unique risk that social media presents compared to other communications technologies is the risk of ‘going viral’, where a misrepresentation doesn’t just reach a handful of targeted individuals but millions within a short scope of time. Since it’s still Cyber Security Awareness month; now is a good opportunity to discuss best practices for securing social media accounts with employees who might need a reminder about how to better manage their personal security and privacy.

DeleteMe In The News

Check out our log of where DeleteMe has been featured in the news in October.

Upcoming Events

CyberRisk Leadership Exchange: Chicago
We’re heading to Chicago on November 3rd for this one-day event designed by a community of cybersecurity leaders. We’re excited to participate and learn from the others attending. Let us know if you are attending and would like to meet up by reaching out to our sales team.

DeleteMe was created in 2010 when we realized the difficulty of navigating privacy issues in today’s interconnected and digital world. Our mission is to provide everyone with the power to control their digital identity.

How does DeleteMe privacy protection work?

  1. Employees, Executives, and Board Members complete a quick signup 
  2. DeleteMe scans for exposed personal information
  3. Opt-out and removal requests begin
  4. Initial privacy report shared and ongoing reporting initiated
  5. DeleteMe provides continuous privacy protection and service all year

    Your employees’ personal data is on the web for the taking.

    DeleteMe is built for organizations that want to decrease their risk from vulnerabilities ranging from executive threats to cybersecurity risks.

    Related Posts

    10 Ways to Reboot Your Privacy at Work

    When personal data is out there on the open web it can lead to privacy and security incidents at…

    Our 2022 Cybersecurity Excellence Award Speech: How We Started, Where We’re Going

    We are excited to announce that DeleteMe was recognized (twice!) with 2022 Cybersecurity Ex…

    The Time is Now to Limit Russian Hacker Access to Publicly Available PII

    Although the launch of ContiLeaks and the information revealed there didn’t slow the Russian Hac…