Equifax Faces Legal Scrutiny in Wake of Data Breach

Today’s topics include continued fallout from the Equifax data breach as lawsuits are filed; OLED screen issues hampering production of the latest iPhones from Apple; Google’s recommendations on protecting G Suite from phishing attacks; and Microsoft and Facebook partnering on AI framework interoperability.

The Equifax data breach that exposed personally identifiable information on 143 million American consumers has led to multiple legal actions, including at least one class-action lawsuit and an investigation into whether Equifax and certain of its officers and directors sold Equifax stock days after the company first became aware of the breach on July 29.

The class-action lawsuit was filed “on behalf of over 140 million consumers across the Country harmed by Equifax’s failure to adequately protect their credit and personal information," the lawsuit states.

Equifax has not yet publicly disclosed the root cause of the data breach, but said that the attackers exploited a U.S. website application vulnerability to gain access to certain files. As part of its breach response, Equifax is providing free identity and credit monitoring to impacted consumers via its own TrustedID service.

Manufacturing problems with the OLED displays in the upcoming new Apple iPhones are leading to lower-than-expected phone production inventories and could mean a shortage of the devices as the December 2017 holiday gift-giving season approaches.

The latest iPhones, including an expected 10th anniversary special edition, are expected to be available for sale starting Sept. 22. The OLED issues, and related problems trying to incorporate fingerprint sensors into the new phones, were reported in a Sept. 7 story by The Wall Street Journal.

This issue means that normal iPhone shortages when new models are released will be exacerbated by the production problems. "The glitches, which occurred early in the manufacturing process, set back the phone’s production timetable by about a month," the Journal story reported.

Google last week identified seven measures administrators can take to protect G Suite accounts from phishing attacks like the ones that targeted Gmail users earlier this year.

These recommendations include enforcing two-factor authentication for users upon sign-in, deploying a "Password Alert" extension for the Chrome browser, and disabling the use of the POP and IMAP methods for accessing emails for those who do not require it.

Google also recommended that administrators define a formal policy based on the Domain Message Authentication Reporting & Conformance standard and implement standard email signing to ensure all emails are authentic.

"We work hard to help protect your company against phishing attacks—from using machine learning —to tailoring our detection algorithms, to building features to spot previously unseen attacks," Google product managers Nicolas Kardas and Sam Lugani said.

Microsoft and Facebook announced last week Open Neural Network Exchange, a format for deep learning models that encourages interoperability between artificial intelligence frameworks.

The two companies co-developed ONNX as an open-source project and are now encouraging developers to help extend the technology by visiting the project's page on GitHub and downloading its code and related documentation.

"ONNX provides a shared model representation for interoperability and innovation in the AI framework ecosystem," wrote Eric Boyd, corporate vice president of AI Data and Infrastructure at Microsoft, in a blog post.

The ONNX standard will allow developers to move between frameworks with greater ease, encountering less friction as they settle on the frameworks that offer them the ideal functionality and optimizations for their applications, he said.