Credit card data for Saks and Lord & Taylor customers in North America has been compromised, owner Hudson Bay Co. announced Sunday, and reports say data for as many as 5 million credit and debit cards were stolen. HBC said there's no indication the company’s e-commerce or digital platforms were affected, and customers won't be liable for fraudulent charges. Once more information is available, HBC said it will offer free identity protection services. Gemini Advisory claimed a JokerStash hacking syndicate reported the release of more than 5 million cards across the entire network of Lord & Taylor and 83 Saks Fifth Avenue stores, though most of the stolen data was from New York and New Jersey locations. The cybersecurity consultant estimated the hacking started in May, and as of Sunday, 125,000 records had been released for sale.

Facebook will double its staff of content reviewers, systems engineers and security experts from 10,000 to 20,000 in 2018, Samidh Chakrabarti, product manager, said Thursday as part of several statements issued by the company. Guy Rosen, vice president of product management said Facebook’s restructuring will involve four election security priorities: combating foreign interference, fake account removal, ad transparency and reducing the spread of “false news.” “None of us can turn back the clock, but we are all responsible for making sure” the U.S. avoids foreign election interference in the future, he said: “We are taking our role in that effort very, very seriously.” Instead of reacting to reports from users about illicit content, Facebook is “proactively” monitoring for harmful election-related activity, Chakrabarti said.

FCC Chairman Ajit Pai intends to “take proactive steps to help ensure the integrity of the communications supply chain in the United States in the near future,” he said in March 20 letters to 18 lawmakers released Friday. The proposal would reduce FCC subsidies to carriers that use Huawei equipment or products, including barring them from receiving USF funding, a communications sector lobbyist told us. The FCC didn’t comment on the contours of the plan. Senate Majority Whip John Cornyn, R-Texas, Sen. Angus King, I-Maine, and other lawmakers wrote Pai in December to raise concerns about reports Huawei was set to begin selling its consumer products in the U.S. as soon as this year “with little or no modifications" to address privacy and cybersecurity concerns. The lawmakers cited 2012 and 2013 House Intelligence Committee reports detailing Huawei’s ties to the Chinese government. The 2012 report recommended the U.S. “view with suspicion” any attempts by Hauwei to continue making inroads into the U.S. market (see 1210100053 or 1210100091). AT&T and Verizon “abandoned” plans to sell Huawei’s Mate 10 pro smartphone, but “I share your concerns about the security threat that Huawei and other Chinese technology companies pose to our communications networks,” Pai said in letters to the lawmakers. Best Buy has said it will also stop selling Huawei products. Pai said he's taking action on supply chain security after a recent “briefing on these issues from the Intelligence Community.” The FCC itself already doesn’t “purchase or use” Huawei or ZTE products or equipment “and I do not expect that would change if a major U.S. communications company partnered with Huawei,” Pai said. Huawei and ZTE didn’t comment.

Six companies joined the Automotive Information Sharing and Analysis Center, said the group, which automakers formed in 2015 to promote industry collaboration on vehicle cybersecurity. New are Allison Transmission, Autoliv, Calsonic Kansei, Hitachi, Intel and Navistar.

The House passed the DHS Cyber Incident Response Teams Act (HR-5074) Monday by voice vote, which would authorize the long-term use of cyber response teams at the Department of Homeland Security. The legislation authorizes DHS to “maintain cyber hunt and incident response teams,” which could include private sector specialists. Americans are increasingly relying on computers, iPads and smartphones for personal and professional uses, said lead sponsor and House Homeland Security Committee Chairman Michael McCaul, R-Texas, drawing attention to Russian and Chinese threats. The U.S. needs to do more to stop cyberattacks from foreign adversaries, he said. The legislation was referred to the Senate Homeland Security and Governmental Affairs.

Companies worldwide lose about $1.5 trillion annually to cybercrime, and insurance covers about 15 percent of the cost, reported WomenCorporateDirectors and Marsh & McLennan’s Global Risk Center. A survey by Marsh and Microsoft from January showed 30 percent of companies have a cyber response plan, the report said, and research shows 40 percent of U.S. boards have reviewed their cyber insurance coverage in the past year. The 2017-2018 National Association of Corporate Directors' Public Company Governance Survey showed 60 percent of boards reviewed breach response plans in the past year.

A federal court froze assets and operations of four individuals the FTC alleged engaged in cryptocurrency scams in which they “falsely promised” participants large returns if they used digital currencies to participate. Thomas Dluca, Louis Gatto and Eric Pinkston deceptively promoted Bitcoin Funding Team and My7Network, promising participants could turn $100 of investment into $80,000 in monthly income, according to FTC filings. A fourth defendant, Scott Chandler, supported Bitcoin Funding Team and another allegedly illegal scheme, Jetcoin, said the FTC. The structures ensured that “few would benefit” from investment and a majority of investors would fail “to recoup” their initial payment, FTC said. The schemes involved digital currencies like Bitcoin and Litecoin. At the request of the FTC, the U.S. District Court for the Southern District of Florida issued a temporary restraining order and froze defendants’ assets until a trial decision. The commission separately Friday said it established an agency blockchain working group, which will focus on cryptocurrency and blockchain issues. “I expect that fraudsters will repurpose old schemes to capitalize on the current glamour and mystery of cryptocurrency," said acting Chief Technologist Neil Chilson. “The FTC staff will diligently apply its expertise to identify such schemes.”

Equifax distanced itself from a former employee DOJ alleged conducted illegal trading. Acting CEO Paulino Do Rego Barros said Wednesday that after learning about Jun Ying’s August sale of Equifax shares, the company reviewed his trading activity and concluded he “violated our company’s trading policies, separated him from the company and reported our findings to government authorities. We are fully cooperating with the DOJ and the SEC, and will continue to.”

Congress should set cybersecurity standards for IoT devices through federal procurement strategy, Sen. Mark Warner, D-Va., said. Saturday's comments (22:00) at the South by Southwest Conference were praised by Public Knowledge. Warner is “championing” the need for national cybersecurity strategy, citing his call to lawmakers to re-examine software liability terms, PK said. Between election meddling and social media manipulation, the U.S. has failed to protect against known weaknesses, which destroyed public confidence in technology, said Cybersecurity Policy Director Megan Stifel.

The FBI paid Best Buy Geek Squad employees to act as informants (see 1706010015) in a close relationship dating back at least 10 years, said documents released Tuesday that the Electronic Frontier Foundation obtained through a Freedom of Information Act lawsuit. An FBI memo said the company hosted a bureau cyber working group meeting at its Kentucky repair facility in September 2008 and worked with the agency to flag illegal material on customer computers, which EFF claims violates the Fourth Amendment. The documents detail communications between Best Buy employees and the FBI’s Louisville office over customer material believed to be child pornography and illegal material discovered through manual device searches. Best Buy said in a statement that at least four employees, three of whom no longer work there, received payment for turning over alleged child porn to the FBI. “Any decision to accept payment was in very poor judgment and inconsistent with our training and policies,” said its statement Wednesday, noting the fourth employee was reprimanded and reassigned. The company said Geek Squad repair employees discover what appears to be child porn about 100 times a year inadvertently through recovering lost customer data. “We have a moral and, in more than 20 states, a legal obligation to report these findings to law enforcement,” the retailer said. “We share this policy with our customers in writing before we begin any repair.” The company denies employees received law enforcement training, saying they do only what's “necessary” to solve customer queries. The FBI didn’t comment.