IT Security Stories to Watch: Gemalto Investigates Alleged Hack

Digital security company Gemalto — a maker of SIM cards used in mobile phones, bank cards and  unique identity documents —  was reportedly hacked by the U.S. National Security Agency (NSA) and Britain’s Government Communications Headquarters (GCHQ) to steal encryption keys protecting private information.

And as a result, Gemalto lands atop this week’s list of IT security newsmakers to watch, followed by Anthem, Lenovo and The University of Maine.

What can managed service providers (MSPs) and their customers learn from these IT security newsmakers? Check out this week’s list of the top IT security stories to find out:

1. Gemalto says SIM products are secure

Gemalto is investigating an alleged hack that raised questions about its security measures.

The Intercept reported that hackers illegally accessed Gemalto’s internal computer network in 2010 and stole encryption keys used to protect the privacy of cell phone communications worldwide. These cyberattackers included spies from the NSA and GCHQ, according to the report, which relies on secret documents provided to The Intercept by Edward Snowden.

Gemalto will hold a press conference later this week to address security concerns. However, the company said in a statement that its security information management (SIM) products are safe to use: “Initial conclusions already indicate that Gemalto SIM products (as well as banking cards, passports and other products and platforms) are secure.”

2. Anthem faces class-action lawsuits

Several class-action lawsuits have been filed against Anthem in response to the health insurer’s recent data breach.

Fortune reported that the first lawsuits were filed a few days after the Anthem data breach was announced earlier this month. Since that time, Weitz & Luxenberg, P.C.,  Morgan & Morgan and other law firms have filed class-action lawsuits that claim Anthem was negligent in protecting its members’ data.

Anthem, the nation’s second-largest healthcare insurance company, told the FBI that data from 80 million of its current and former members may have been exposed.

3. Lenovo responds to Superfish concerns

Lenovo is working with McAfee (MFE) and Microsoft (MSFT) to eliminate “Superfish” adware concerns.

Superfish was shipped on Lenovo’s notebook devices between Sept. 2014 and Dec. 2014, according to Lenovo. However, the computer technology giant said it did not know about the potential security vulnerability until last week.

Lenovo has apologized to customers and noted that it will “continue to take steps to make removal of the software and underlying vulnerable certificates in question easy for customers.”

4. University of Maine investigates data breach

University of Maine officials discovered a data breach last week after a faculty laptop and media card were reported stolen. The Maine Campus pointed out that the incident could affect more than 900 students.

As of Feb. 18, there has been no indication that the compromised information has been used, and UMaine officials are working with information security company Experian Information Solutions to control the breach.

The university said students who may have been affected will be offered one free year of identity protection from Experian, including credit monitoring, alerts regarding credit changes and identity theft insurance.

What do you think will be the biggest IT security stories for MSPs this week? Share your thoughts in the Comments section below, via Twitter @dkobialka or email me at [email protected].