![[Available Now!] Book Report: Q3 2024 - GenAI Safety and Security](https://substackcdn.com/image/fetch/w_140,h_140,c_fill,f_webp,q_auto:good,fl_progressive:steep,g_auto/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F789f986a-4e77-4889-8d33-8d82c944c46d_950x707.png)
Highlights:
57M retail customers exposed (Hot Topic breach).
T-Mobile hacked: Chinese state-sponsored.
OpenAI dominant: Despite Altman's ouster.
Data breach delays: Average 6 months.
Lock your SSN: After a data breach.
Deep Dive
1. 57 Million Retail Customers Exposed in Massive Data Breach Forbes
57 million accounts across Hot Topic, Torrid, and Box Lunch.
54 million email addresses exposed.
Lightly encrypted credit card information for 25 million users.
Allegedly stemmed from a Snowflake vulnerability.
Hacker known as "Satanic" claimed responsibility.
Mitigation: Improve cloud security posture; enforce strong MFA.
2. T-Mobile Hack Linked to Chinese State-Sponsored Hackers Forbes
Targeted by Salt Typhoon hacking group.
Call records & private communications of specific customers accessed.
Info on law enforcement surveillance requests compromised.
Attack focused on high-ranking US officials' communications.
Other major US telecoms also affected.
Mitigation: Strengthen network security; enhance threat intelligence.
3. 1Yr After Altman’s Ouster, OpenAI Remains Dominant Bloomberg
OpenAI maintains leadership despite internal turmoil.
Significant staff turnover, including safety team departures.
New products launched, including AI agents.
Over 250 million weekly active users.
Regulatory scrutiny and competition from Elon Musk/ WH 2025.
Notice: Put on AI safety first; address regulatory concerns.
4. Are Companies Leaving You in the Dark About Data Breaches Too Long? NBC Bay Area
Average delay in breach notification: 27 WEEKS.
California law lacks specific timeframe for notification.
Federal standard exists but doesn't require direct consumer notification.
Experts advocate for notification within days, not months.
Consumers should freeze credit and enhance online security.
Mitigation: Advocate for faster breach notification laws; proactively protect your data.
5. Want to Lock Your Social Security Number After a Data Breach? CNET
Lock SSN via SSA phone call or MyE-Verify account.
SSN lock restricts both malicious and legitimate access.
MyE-Verify lock lasts one year, with 30-day expiration notice.
Consider a credit freeze for added protection.
Monitor accounts and credit reports regularly.
Mitigation: Lock your SSN immediately after a breach; monitor your accounts closely.
Share this post