The beginning of September can only mean one thing for most of us… it’s back to school week! If you’ve been busy celebrating this joyous event, you might have missed the comings and goings in the I.T. and Tech world. Never fear, our roundup of the week’s biggest stories will bring you right up to date.
Speaking of back to school, the government-backed online cybersecurity training program, Cyber Discovery, launched for the third year across the UK this week. The programme aims to help close the UK’s cybersecurity skills gap by inspiring teenagers to pursue a career in the industry.
Cyber Discovery uses an online game platform with hundreds of hours of challenges and teaching to educate teenagers about the skills needed to be a cybersecurity expert. Over 46,000 young people aged between 14 and 18 have already taken part in the program and this year, the program is opening its doors to students aged 13 for the first time. It offers training in a broad range of disciplines including; digital forensics, penetration testing, web attack defence, cryptography and ethics.
Cybersecurity Minister Nigel Adams said: “Our tech sector is one of the UK’s greatest strengths but to support its continued success we need a skilled and diverse workforce. Cyber Discovery has already inspired thousands of young people to think about a career in the cyber industry and I hope this year’s students will also have fun learning about the opportunities on offer.” Read more here.
We’re watching you
In our roundup a few weeks ago we discussed the use of facial recognition software at a site close to Kings Cross station in London. At the time it was unclear what the purpose was and if in fact it was even legal. This week, in a report by the BBC, it’s emerged that the site owners, Argent, claim to use the software to spot people who have previously committed an offence on the site. However, the company also says that due to development in the area the software has not been in continuous use for some time.
It does appear that Argent is in the process of installing an "upgraded system", that’s designed to run in the background. It remains dormant unless a face matches against a small number of ’flagged’ individuals – those who have committed an offence on the estate or high risk-missing persons, for example. At this point, all other faces would be automatically blurred out when the footage is played back or captured – it will not store the facial images of others.
While Argent claims that it has been audited to ensure it complies with GDPR and it intends to work with the Information Commissioners Office (IOC), the IOC has pointed out that any software that can recognise a face and then match to a database, counts as the processing of personal information and as such is in breach of GDPR – whether or not faces are subsequently blurred out.
Teletext Holidays customer data exposed for three years
In a recent investigation Teletext Holidays found that the recorded telephone calls of 200,000 customers were left exposed on a cloud server for three years. The breach was reported to the IOC by the company and will now be independently investigated. The audio files were recorded between April and August 2016 and in some recordings, partial credit card numbers are heard. The files were stored on an Amazon Web Services cloud and this is the latest in a long line of security issues for businesses using the cloud to store data.
Truly Travel, trading as Teletext Holidays, said: "Our booking procedure does not allow agents to take card numbers over the phone. Customers are asked to punch their card details into a secure automated system. If a customer attempts to give their card information verbally, they are stopped by the agent. Once the matter was brought to our attention, we immediately secured the files in question. We have contacted the Information Commissioner’s Office."
The calls ranged from a few minutes to up to an hour and involved discussion of holiday details. In some calls, people begin to say their card number. However, when businesses take credit card numbers, whether spoken or tapped into a phone, they should mute this section of the call, so the card details are not recorded which clearly hadn’t happened in this instance.
People widely accept that businesses keep recordings for ’training purposes’, but there is an expectation that these recordings will be stored securely and not left exposed so individuals with malicious intent can access them. Even more concerning is the fact that some of the calls had been transcribed, making it even easier for a criminal to scour through the database to access information that they could monetise with fraudulent intent.
Those were some of this week’s top stories but if you want more content, follow us across our four social media channels: