Security

US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach

Those affected get free protection services – but only if their Social Security numbers were exposed


Law firm Campbell Conroy & O'Neil has warned of a breach from late February which may have exposed data from the company's lengthy client list of big-name corporations including Apple and IBM.

The breach, which was discovered on 27 February 2021 when a ransomware infection blocked access to selected files on the company's internal systems, has been blamed on an unnamed "unauthorised actor."

At the time of writing, none of the usual suspects had claimed responsibility. For REvil, one of the biggest and most successful ransomware groups, that's no surprise: its websites have been down for a week and counting after a wide-ranging attack on IT management firm Kaseya and its clients.

While it's not yet known precisely what data was accessed during the breach, the system affected held a treasure trove including "certain individuals' names, dates of birth, driver's license numbers/state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials (i.e. usernames and passwords)," the company confirmed in a statement regarding the attack.

"Campbell is committed to, and takes very seriously, its responsibility to protect all data entrusted to us," the company continued. "As part of our ongoing commitment to the privacy of personal information in our care, we are reviewing our existing policies and procedures, and are working to implement additional safeguards to further secure our information systems."

The company has also offered those affected a 24-month subscription to credit monitoring, fraud consultation, and identity theft restoration services – but only if they had their Social Security numbers held on the system. For those whose data did not include Social Security numbers, they get nothing bar the company's apologies.

Founded in 1983, Campbell boasts a laundry list of big clients across a range of industries including Ford, Toyota, Honda, and others in automotive; British Airways, Boeing, Continental Airlines, Gulfstream, and others in aerospace; Monsanto, Corning, Dow Chemical, and others in the chemical industry; Apple, IBM, Toshiba Information Systems, and others in computing; Exxon Mobil and BP-owned Amoco in oil; and others too numerous to mention across consumer products, heavy equipment and industrial machinery, insurance, medical and pharmaceutical, retail, transportation, and more.

In short: the impact of the breach could be felt by a huge number of companies, not just Campbell itself. Depending on what data was exposed, it could spell a repeat of the attack on Grubman Shire Meiselas & Sacks last year, which exposed client data belonging to A-list celebrities.

Campbell confirmed it had enlisted unnamed "third-party forensic investigators" to investigate the attack, and that it had informed the FBI of the breach. It did not, however, indicate why it had taken five months to alert its clients.

Campbell had not responded to a request for additional comment by the time of publication. ®

Send us news
19 Comments

Another US president, time for another big Intel factory promise by another CEO

Let's not get too excited about this right away

Comment Intel puts on a show for its biggest manufacturing announcements, with episodes every few years using a rotating cast of CEOs and US presidents.

Intel boss Pat Gelsinger and President Joe Biden were the latest to join the series, on Friday jointly announcing the chip maker's investment of $20bn in plants near Columbus, Ohio. The fabs could be operational by 2025 and make chips down to 2nm and beyond.

"This is our first major site announcement in 40 years," Gelsinger said on on-stage later in the day with Ohio Governor Mike DeWine (R).

Continue reading

European silicon output shrinking, metal smelters closing as electricity prices quadruple, trade body warns

Probably something to tackle before those chip fabs are built, eh?

Soaring electricity prices have derailed manufacturing involving silicon and non-ferrous metals in Europe, politicians were warned this week.

Eurometaux, a European metals association, urged action [PDF] from the EU, fearing the region could experience spikes in electricity prices for the next decade if nothing is done to control the situation.

The power crisis has already curtailed production and shut down facilities in silicon and metals industries across EU nations. "After a quadrupling of electricity prices, over half of the EU’s aluminium and zinc smelters are today operating at reduced capacity or have temporarily closed, together with a significant reduction in silicon output," Eurometaux said.

Continue reading

Tougher rules on targeted ads, deepfakes, crafty web design, and more? Euro lawmakers give a thumbs up

'This is strongly limiting the scope of maneuver by Big Tech' expert tells El Reg

Analysis The European Parliament has adopted a set of amendments to the Digital Services Act (DSA) that makes the pending legislation even more protective of personal privacy and requires businesses to give greater consideration to advertising technology, respecting user choice, and web design.

The DSA, advanced by the European Commission in late 2020, aims to police online services and platforms by creating "a safer digital space where the fundamental rights of users are protected and to establish a level playing field for businesses." It's a set of rules for limiting illegal content and misinformation online and for making digital advertising more accountable and transparent.

It complements the Digital Markets Act (DMA), which focuses on regulating large technology "gatekeepers" like Amazon, Apple, Google, Meta (Facebook), and Microsoft.

Continue reading

Meta trains data2vec neural network to understand speech, images, text so it can 'understand the world'

Whatever it takes, Mark

Researchers at Facebook parent's Meta have trained a single AI model capable of processing speech, images, and text in the hope that these so-called multi-modal systems will power the company’s augmented reality and metaverse products.

The model, known as data2vec, can perform different tasks. Given an audio snippet, it can recognize speech. If it’s fed an image, it can classify objects. And when faced with text, it can check the grammar or analyse the writing’s tone and emotions.

AI algorithms are typically trained on one type of data, though data2vec is trained on three different modalities. It still, however, processes each form, whether its speech, images, and text, separately.

Continue reading

Apple preps fix for Safari's web-history-leaking IndexedDB privacy bug

Disclosure of WebKit flaw appears to have prodded iBiz to undertake repairs

Apple is preparing to repair a bug in its WebKit browser engine that has been leaking data from its Safari 15 browser at least since the problem was reported last November.

Updates made available on Thursday to Apple developers – iOS 15.3 RC and macOS 12.2 RC – reportedly fix the flaw, an improper implementation of IndexedDB API that allows websites to track users and potentially identify them.

The bug affects Apple's Safari 15 browser on macOS, and all browsers on iOS and iPadOS 15 – because Apple requires all browsers on iOS to be based upon its WebKit engine, instead of alternatives like Chromium's Blink or Mozilla's Gecko.

Continue reading

Nvidia pushes crowd-pleasing container support into AI Enterprise suite

As long as you're running on VMware

Nvidia has rolled out the latest version of its AI Enterprise suite for GPU-accelerated workloads, adding integration for VMware's vSphere with Tanzu to enable organisations to run workloads in both containers and inside virtual machines.

Available now, Nvidia AI Enterprise 1.1 is an updated release of the suite that GPUzilla delivered last year in collaboration with VMware. It is essentially a collection of enterprise-grade AI tools and frameworks certified and supported by Nvidia to help organisations develop and operate a range of AI applications.

That's so long as those organisations are running VMware, of course, which a great many enterprises still use in order to manage virtual machines across their environment, but many also do not.

Continue reading

Wolfing down ebooks during lockdown? You might want to check out Calibre, the Swiss Army ebook tool

When audiobooks just take too darn long...

Friday FOSS Fest In this week's edition of our column on free and open-source software, El Reg takes a look at Calibre, which converts almost any file type into almost any other file type, so you can read whatever you want, wherever you want, no matter what format it's in.

It's free and runs on Windows, Linux and Mac.

There's more to ebooks than the Kindle, of course, with devices such as the Kobo, Nook, and Onyx Boox. The author's own Sony Reader still worked fine when I gave it to a friend a year ago.

Continue reading

Dog forgets all about risk of drowning in a marsh as soon as drone dangles a sausage

It's not the wurst idea in the world

Man's best friend, though far from the dumbest animal, isn't that smart either. And if there's one sure-fire way to get a dog moving, it's the promise of a snack.

In another fine example of drones being used as a force for good, this week a dog was rescued from mudflats in Hampshire on the south coast of England because it realised that chasing a sausage dangling from a UAV would be a preferable outcome to drowning as the tide rose.

Or rather the tantalising treat overrode any instinct the pet had to avoid the incoming water.

Continue reading

Almost there: James Webb Space Telescope frees its mirrors and prepares for insertion

Freed of launch restraints, mirror segments can waggle at will

NASA scientists have deployed mirrors on the James Webb Space Telescope ahead of a critical thruster firing on Monday.

With less than 50,000km to go until the spacecraft reaches its L2 orbit, the segments that make up the primary mirror of the James Webb Space Telescope (JWST) are ready for alignment. The team carefully moved all 132 actuators lurking on the back of the primary mirror segments and secondary mirror, driving the former 12.5mm away from the telescope structure.

Continue reading

Arm rages against the insecure chip machine with new Morello architecture

Prototypes now available for testing

Arm has made available for testing prototypes of its Morello architecture, aimed at bringing features into the design of CPUs that provide greater robustness and make them resistant to certain attack vectors. If it performs as expected, it will likely become a fundamental part of future processor designs.

The Morello programme involves Arm collaborating with the University of Cambridge and others in tech to develop a processor architecture that is intended to be fundamentally more secure. Morello prototype boards are now being released for testing by developers and security specialists, based on a prototype system-on-chip (SoC) that Arm has built.

Arm said that the limited-edition evaluation boards are based on the Morello prototype architecture embedded into an Armv8.2-A processor. This is an adaptation of the architecture in the Arm Neoverse N1 design aimed at data centre workloads.

Continue reading

Multi-level marketing corporation that sells weightloss products sues ex-exec over 'fraudulent' Dell deal

Alleges he had an off-the-books agreement with reseller

MLM firm Herbalife, which sells diet-linked products but styles itself as a "nutrition company", has accused one of its former execs of cutting a "fraudulent" $20m deal with a Dell reseller.

Continue reading