Happy trails to you.. until we meet again Happy trails to you.. keep smilin' until then Who cares about the clouds when we're together? Just sing ...

Page created by Joe Pearson
 
CONTINUE READING
Happy trails to you.. until we meet again Happy trails to you.. keep smilin' until then Who cares about the clouds when we're together? Just sing ...
Happy trails to you.. until we meet again
       Happy trails to you.. keep smilin' until then
Who cares about the clouds when we're together?
    Just sing a song and bring the sunny weather
            Happy trails to you 'till we meet again
Happy trails to you.. until we meet again Happy trails to you.. keep smilin' until then Who cares about the clouds when we're together? Just sing ...
Welcome to the June edition           Historian; Margaret Hermesmeyer, Business Partner
                      of "For the Record”! As we            Liaison; Kevin Waldrup, CRM Liaison; Crystal Koutz,
                      officially start summer this          Website Co-Chair; Megan Carey, Website Co-Chair.
                      month, I hope you have some           Congratulations and welcome to those who are new
                      fun activities in mind for the        to the Austin Chapter Board of Directors! Your new
                      lazy weekends of scorching            board will be meeting in August to begin planning the
                      heat we'll be getting!                next year and approving the budget! I can't wait to
                      Hopefully we'll have a mild           see what the new board has in store for the Chapter;
few months here in Central Texas!                           we can look forward to fresh, new ideas and great
                                                            events and educational opportunities!
As my final President's Message to you, I'd like to say a
few words regarding my presidency these past two            In keeping you current on Chapter information, we'd
years. As your Chapter President, I'm sad to be leaving     like you to know that the Chapter Bylaws have been
this position, and it's been an honor and a privilege       updated. The Austin Chapter Board of Directors has
serve you all. I've enjoyed all the duties and              approved the following change: we will now refer to
experiences this position has given me, and I'm sad to      our Chapter Sponsors as Business Partners. This will
be stepping down. However, I'm also super excited to        more effectively convey the relationship and build a
see what Steven Williams and your new board of              partnership with our Chapter sponsors and vendors. A
directors have in store for the next two years!             final copy of the most current Chapter Bylaws is
                                                            available on the "Members Only" page of the Chapter
With that being said, the board voted in June to
                                                            website.
approve the election results! Thank you to those who
participated in the elections. I'm happy to introduce       Our April Chapter meeting was held on Thursday, May
your 2019-2020 Austin ARMA Board of                         23rd, at the Twin Towers location. We welcomed
Directors: Steven Williams, President; Azure Brown,         ARMA International President Mr. Ryan Zilm as he
President-Elect; Gina Cervantes, Immediate Past             presented on Content Clean Up Carnival: Outlining
President; Sheila Anderson, Secretary; Mary Anne            Success for Your Organization. There was a great
Huckman, Treasurer; Douglas Allen, Publicity; Michelle      turnout for Ryan's presentation, and we closing out
Stafford, Programs Co-Chair; Trista Evans, Programs         the year with a great educational opportunity! It's
Co-Chair; Sharon Siske-Crunk, Membership Co-                always a pleasure to welcome Ryan back to Austin,
Chair; Wendy Scarborough, Membership Co-                    and his presentations are always excellent and
                                       Chair; Jennifer      insightful! Thanks, Ryan!
                                       Greer, Seminar       Our final meeting will be our Appreciation Meeting,
                                       Co-Chair; Julia      on June 27th, at Pappasito’s Restaurant located at
                                       Johnson,             6513 North 1-35. The focus of the meeting will be to
                                       Seminar Co-
                                                            show our appreciation to all our Business Partners,
                                       Chair; Jessica       event sponsors, members, and guests! The Austin
                                       BlueBird,            Chapter wouldn't have enjoyed such a success this
                                       Newsletter           past year without all the help and support. Awards
                                       Editor; Dawn         and door prizes will be raffled throughout the lunch
                                       Crane,               meeting! We will also be announcing and installing
                                                            your 2019-2021 Board of Directors during this event.
                                                            Seats are limited, so be sure to RSVP. This meeting is
                                                            free to Chapter members, volunteers and business
                                                            partners. (If space allows, the meeting will be opened
                                                            to non-members and guests.) Door prizes will include
                                                            a drawing for up to $1,000 to use toward the ARMA
                                                            InfoCon 2019 in October and a year’s membership to
                                                            ARMA International (and the Austin Chapter). Don’t
                                                            miss your chance to win these prizes!
                                                            Continued on page 4
2
Happy trails to you.. until we meet again Happy trails to you.. keep smilin' until then Who cares about the clouds when we're together? Just sing ...
President’s message            2, 4
                                                                               Editor’s Note                  3
                                                                               Budget                         4
                                                                               Desjardins, Canada's
                                                                               Largest Credit Union,
                                                                               Announces Security Breach      5
                                                                               By : Catalin Cimpanu for
                                                                               Zero Day
                                                                               Eye on Security: California
                                                                               Is the Golden State for
                                                                               Data Breaches; Florida City    6
                                      Until then, happy trails to you all. I
                                                                               Pays Bitcoin Ransom
                                      hope you have a safe, fun-filled
This month’s edition draws to a                                                By : John Stewart
                                      summer and I look forward to see-
close my four years as the newslet-                                            Hundreds of Thousands of
                                      ing you at lunch this week!
ter editor and website co-chair.                                               Medical Records
It has been one of my greatest                                                 Exposed in Two Data

                                             Kim
                                                                                                              7
pleasures to provide for the news-                                             Breaches
letter and I hope you’ve enjoyed                                               By: Duncan Riley, Silicon
reading the issues as much as I’ve                                             Angle
enjoyed putting them together.                                                 Appeals court allows data
                                                                               breach lawsuit by federal
I leave you in the very capable                                                                               8
                                                                               workers to go forward
hands of my good friend, Jessica
                                                                               By: Emily Birnbaum, The Hill
BlueBird, and I know she is excited
to start this new chapter.                                                     NASA Data Breach
                                                                               Demonstrates Need for
A new year for the chapter looms                                               Proper Network
ahead with new and familiar faces.                                                                            9
                                                                               Governance
I look forward to more exciting                                                By : Danny Bradbury, Info
times and maybe one day, a return                                              Security Magazine
to the Board. ☺
                                                                               Facebook Must Face Lawsuit
                                                                               Over 29 Million-User
                                                                               Data Breach                    10
                                                                               By : Kartikay Mehrotra and
                                                                               Aoife White, Bloomberg
                                                                               Word Search/Training Ideas     12
                                                                               Quest Diagnostics Hit With
                                                                               Class Action Lawsuit Over
                                                                               Breach That Exposed            13
                                                                               Patient Data
                                                                               By : AJ Dellinger, Forbes
                                                                               Board of Directors             14
                                                                               Survey/White Papers            15
                                                                               Chapter CRMs/Fellows           16
                                                                               Participation Prizes           19
                                                                               Upcoming Events                21
                                                                               Chapter Awards                 22
                                                                               Ways to Help                   22
                                                                               Shred Day 2019                 23-27
3
Happy trails to you.. until we meet again Happy trails to you.. keep smilin' until then Who cares about the clouds when we're together? Just sing ...
Continued from page 2…                                   request that the password not be shared. Thank
                                                         you.)
Don’t forget to check out the survey in this month’s
newsletter. It focuses on questions to help the          While you're browsing the Austin ARMA site, feel
Chapter submit for the Chapter Luminary Award.           free to click on Shop and order yourself an Austin
The Austin Chapter has received this award the past      ARMA branded T-shirt to show your Austin ARMA
two years, so fill out the survey and help the chap-     pride! All proceeds benefit the Chapter.
ter receive the award for a third year. The survey
will remain open until June 26th. The Lumi-              Interested in more ways to help your Chapter? Click
nary Award is presented at the ARMA International        on Ways to Help from the Chapter website! You can
Conference in October.                                   help by volunteering to speak at a Chapter meeting
                                                         or by snapping photos at Chapter events. There are
Speaking of the ARMA International Conference,           a few committees you can be apart of, if you are
let’s look a bit ahead towards the end of 2019! AR-      interested in helping your chapter reach out to a
MA International has released the schedule for AR-
                                                         board member and ask how you can help!
MA InfoCon 2019, taking place in Nashville, TN on
October 21-23, 2019. Visit the ARMA International        Not getting chapter emails, be sure to
conference page here for more details and to regis-      add mail@austinarmachapter.com and austinarmac
ter. We hope to see you at the conference!               hapter@gmail.com to your address book as a trust-
                                                         ed source. This will hopefully ensure chapter news
As an Austin ARMA Chapter member, you can view           and events will not go to your spam or junk folders.
past Chapter meetings through our Members Only           You can also visit Austin ARMA and click on Austin
section on our Chapter website. By clicking on Re-       ARMA Events or visit ARMA International and click
sources, you can view a recording of the meeting or      on Events.
download the presenter's slides (if provided by the      Thank you for being a part of the Austin ARMA
presenter) for your reference. This is benefit of be-    Chapter and I hope to see you at our Appreciation
ing a Chapter member, and as such, it is a password      meeting and future Austin ARMA events, thanks
protected area of the website. To obtain the pass-       again and have a great summer!
word,                                         please
email austinarmachapter@gmail.com (We politely

             Month                         Beginning Balance                     Ending Balance
              March                              $51,133.93                          $51,111.32
               April                              $51,111.32                        $50,886.12
               May                               $50,886.12                         $56,040.38
4
Happy trails to you.. until we meet again Happy trails to you.. keep smilin' until then Who cares about the clouds when we're together? Just sing ...
Desjardins, Canada's Largest Credit Union,
                                                 Announces Security Breach
                                         By : Catalin Cimpanu for Zero Day
Today, Desjardins, Canada's largest credit union and     the coming days.
one of the world's biggest banks, announced a secu-      FIRST BREACH IN THE BANK'S HISTORY
rity breach caused by a former employee.
                                                         Desjardins said this was the first data breach the
In a statement posted on its website, the bank said a    bank experienced in its history since it was founded
bank employee had taken the data of 2.9 million          in 1900; however, this claim has been disput-
members (2.7 million home users and 173,000 busi-
                                                         ed and proven to be false.
nesses and associated contacts) from its database,
without authorization.                                   The bank went above and beyond to what similar
                                                         organizations do in these cases. Besides providing
The bank said it fired the employee after learning of    paid-for credit monitoring services for all impacted
the incident from Quebec police last week, on Fri-       customers, Desjardins also changed the procedures
day, June 14.                                            through which its staff confirms the identity of its
NO PASSWORDS OR CARD NUMBERS EXPOSED                     customers, in person or over the phone, so the sto-
                                                         len data can't be used against impacted users.
Desjardins said that only personally-identifiable in-
formation (PII) was taken from its system, but not       "Other measures have also been put in place, but
any e-banking passwords, security questions, ac-         these must remain confidential to ensure their effec-
count PINs, and credit and debit card numbers.           tiveness," Desjardins said.
For home users, the exposed information included         Article updated shortly after publication with infor-
first and last name, date of birth, social insurance     mation disproving Desjardins' claims that this incident
number, address, phone number, email address, and        marked the company's first data breach.
details of banking habits and Desjardins products.
For business customers, the exposed information          Original Article
included business name, business address, business
phone number, owner's name and names of users
on the AccèsD Affaires account.
The bank said it's working with local law enforce-
ment on the case.
It also said it has started notifying impacted custom-
ers of the breach, and all affected individuals and
businesses will receive breach notification letters in

5
Happy trails to you.. until we meet again Happy trails to you.. keep smilin' until then Who cares about the clouds when we're together? Just sing ...
Eye on Security: California Is the Golden State for
       Data Breaches; Florida City Pays Bitcoin Ransom
                   By : John Stewart, Digital Transactions

A new analysis of 10 years’ worth of figures on data     says, it assigned the incidents to a national category.
breaches reveals that California by far holds the du-    This U.S. category shows 20 breaches accounting for
bious distinction of suffering the most breaches as      a whopping 1.19 billion records. The study covers da-
well as leaking the most records. Meanwhile, a Flori-    ta from 2008 through 2019 to date.
da city has agreed to pay hackers about $600,000 in      In other data-security news, the City Council of Rivi-
Bitcoin to be released from ransomware that              era Beach, Fla., a town of about 35,000 just north of
gummed up its online systems.                            West Palm Beach, on Monday authorized its insurer
New York is number 2 in the ranking of states by         to pay a fraudster’s demand for 65 Bitcoin, worth
breaches, with Texas, Florida, and Georgia placing       about $600,000, to be released from ransomware
third, fourth, and fifth, according to the analysis by   that paralyzed the city’s computer system, The Palm
Comparitech, a United Kingdom-based research             Beach Post reported. The ransomware became ac-
firm.                                                    tive after an employee in the Police Department
                                                         downloaded an infected email attachment May 29,
The data also reveals that 2017 was a record year for
                                                         the newspaper said.
breaches in the United States, at 1,683, though the
number fell in 2018 to 1,237, a 27% drop. Breaches so    The ransomware affected numerous city operations,
far this year have totaled 454, according to Compar-     including email, telephones, and water-pumping sta-
itech’s data.                                            tions. Online payments of city bills became impossi-
                                                         ble. Many of the affected systems were again oper-
Since 2008, California has sustained 1,493 breaches
                                                         ating early this week. The attack prompted the city
that yielded 5.59 billion records, Comparitech re-
                                                         to fast-track a planned computer upgrade, the Post
ported. New York isn’t even close, with 729 breach-
                                                         said.
es in which perpetrators accessed 293 million rec-
ords.                                                    Other cities have been hit by ransomware attacks,
                                                         with some of the most serious happening in Balti-
As the analysis points out, both states are home to
                                                         more and Atlanta. Many cities struggle with how to
large companies with significant storehouses of digi-
                                                         manage ransomware-induced crises when they hap-
tal data. However, some states gave up more rec-
                                                         pen, says Trace Fooshee, a senior fraud analyst at
ords on a smaller number of intrusions. Maryland,
                                                         Boston-based research firm Aite Group LLC.
for example, has sustained 236 breaches but yielded
388 million records. Oregon’s total has come to 1.37     “I’d point to what happened with Baltimore as an
billion records on 152 incidents, but Comparitech        example,” Fooshee tells Digital Transactions News by
notes that most of these records were exposed in a       email. “Several of their systems were hijacked by a
single breach, that of River City Media in 2017.         ransomware attack that demanded less than
                                                         $100,000 in Bitcoin. In the weeks it took for city offi-
The firm’s primary data sources were the Privacy
                                                         cials to devise a plan for managing the crisis they put
Rights Clearinghouse and the Identity Theft Re-
                                                         the city at risk of losing almost $19 million in reve-
source Center. It assigned breaches to the states
where the records were exposed, but in some cases        nue.”
an intrusion was allocated to the state where the
victim was headquartered, as the incident involved       Original Article
several states.
For breaches that were “U.S.-wide,” Comparitech

6
Happy trails to you.. until we meet again Happy trails to you.. keep smilin' until then Who cares about the clouds when we're together? Just sing ...
Hundreds of Thousands of Medical Records
                                                Exposed in Two Data Breaches
                                                      By: Duncan Riley, Silicon Angle
Hundreds of thousands of medical records, including        volved some 150,000 personal records and other data
those belonging to U.S. military personnel injured in      on a server belonging to xSocialMedia Inc., a Facebook
combat, have been found exposed in two separate            Inc. marketing agency that specializes in running cam-
data breaches, one linked to a medical processing firm     paigns for medical malpractice lawsuits.
and the other a social media company.
                                                           The exposed data appears to have been gathered
Both data breaches were discovered by security re-         from responses to Facebook ads and included names,
searchers Noam Rotem and Ran Locar from vpn-               email address, street address, phone number and de-
Mentor and involved the private data sitting on serv-      tails about the person’s injuries. In additional to the
ers exposed to all and sundry.                             personal information, the servers included invoices,
                                                           customer data and exact numbers for advertising cam-
In the first case, described earlier this week, personal
                                                           paigns for injury-check.com, a website used by xSo-
data belonging to about 78,000 patients using a drug
                                                           cialMedia to gather data.
called Vascepa were found on an unsecured MongoDB
database. The exposed data include patients’ names,        The data included information from veterans where
addresses, phone numbers, email addresses, prescrib-       they described injuries including post-traumatic stress
ing doctor, their NPI number and pharmacy infor-           disorder and other intimate medical details that should
mation.                                                    never have been exposed. The vpnMentor researchers
                                                           immediately contacted xSocialMedia about the data
It was not entirely clear who owns the database. The
                                                           breach, but the company took nine days to take the
researchers found identification codes for two compa-
                                                           data offline.
nies in the data: email marketing platform provider
Constant Contact and PSKW, the legal name of an            There is no evidence at this stage that the data in ei-
electronic prescription program called ConntectiveRX.      ther case had been accessed by those with malicious
                                                           intent, but there’s also no evidence to prove that the
“We suspect the database may belong to Connec-
                                                           data hadn’t been accessed either.
tiveRX, given the consistency of the tags in the data,”
the researchers wrote. “However, we only found data        “When such a range of information is packaged up like
concerning Vascepa prescriptions, which makes it less      this, it is just like a present waiting for bad actors to
clear where the leak originated.”                          come and grab it,” said Terry Ray, senior vice presi-
                                                           dent and fellow at cybersecurity firm Imperva Inc. “It
Discussing the Vascepa database, Kevin Gosschalk,
                                                           is very likely this information already being traded on
chief executive of fraud prevention technology
                                                           the dark web,” the shady part of the internet reacha-
firm Arkose Labs Inc., told SiliconANGLE that on the
                                                           ble with special software where people sell drugs, user
heels of Quest Diagnostic and LabCorp, this is the third
                                                           data and other illicit goods.
high-profile healthcare breach in the past three weeks.
                                                           In these cases, he said, “much more care should have
“Companies handling medical records are heavily tar-
                                                           been taken since the database was storing medical
geted by cybercriminals and must take every precau-
                                                           information in addition to personal information.” The
tion necessary to protect all of their attack surfac-
                                                           failure to encrypt this patient data, he added, could be
es,” Gosschalk said. “In today’s advanced threat land-
                                                           in violation of the Health Insurance Portability and Ac-
scape, companies cannot afford a serious lapse in se-
                                                           countability Act or HIPAA and those responsible could
curity of this nature. Proactive security measures must
                                                           face a substantial fine.
be in place at all times to protect the attack surface
and secure sensitive data.”
The second and larger of the two data breaches in-         Original Article

7
Happy trails to you.. until we meet again Happy trails to you.. keep smilin' until then Who cares about the clouds when we're together? Just sing ...
Appeals court allows data breach lawsuit by federal
                            workers to go forward
                                                          By: Emily Birnbaum, The Hill
The D.C. Circuit Court of Appeals on Friday ruled          government was behind the attack.
that two groups of federal workers can move for-           "As an initial matter, the district court should not
ward with their class action lawsuits against the          have relied even in part on its own surmise that the
Office of Personnel Management (OPM) over a 2015           Chinese government perpetrated these attacks,"
data breach that exposed the personal information          the opinion states.
of 22 million people.
                                                           Experts have tied the hack to the Chinese govern-
According to the appeals court, the data breach left       ment, alleging it was a form of espionage, but the
the plaintiffs vulnerable to identity theft, a substan-    appeals court on Friday argued that identity theft
tial and ongoing "injury" that can be traced back to       could be part of an espionage plot.
OPM's failure to adequately safeguard its systems.
                                                           "Given that espionage and identity theft are not mu-
Hackers in 2014 began stealing personal information        tually exclusive, the likely existence of an espionage-
such as Social Security numbers, birth dates, finger-      related     motive       hardly    renders     implausi-
prints and addresses from OPM, which functions as          ble [plaintiffs'] claim that they face a substantial fu-
the federal government's human resources depart-           ture risk of identity theft and financial fraud as a re-
ment.                                                      sult of the breaches," the court wrote.
In the years since, federal workers affected by the        The groups of federal workers will now be allowed
breach have reported various types of identity theft,      to move forward with their lawsuits against OPM,
including credit cards being opened and fraudulent         which the appeals court said still has not secured its
tax returns in their name, according to the lawsuit.       systems against future cyberattacks.
The breach set off a flurry of lawsuits, which were
combined into two complaints in D.C. In 2017, a fed-
eral judge dismissed the complaints, saying plaintiffs     Original Article
lacked sufficient evidence that they faced a substan-
tial or imminent threat of identity theft.
The appeals court on Friday argued there is evidence
the hack left federal workers vulnerable to identity
theft or fraud.
"There is no question that the OPM hackers ... now
have in their possession all the information needed
to steal [plaintiffs'] identities," the court wrote.
"Plaintiffs have alleged that the hackers stole Social
Security numbers, birth dates, fingerprints, and ad-
dresses, among other sensitive personal infor-
mation. It hardly takes a criminal mastermind to im-
agine how such information could be used to com-
mit identity theft."
The appeals court also criticized the lower court for
citing outside reports to conclude that the Chinese

8
Happy trails to you.. until we meet again Happy trails to you.. keep smilin' until then Who cares about the clouds when we're together? Just sing ...
NASA Data Breach Demonstrates Need for Proper
                             Network Governance
                       By : Danny Bradbury, Info Security Magazine
A cyber-attack on NASA's Jet Propulsion Laborato-       gateway for over six months. As late as March this
ry was so severe that it prompted parts of the Agen-    year, the Center still hadn't re-established full com-
cy to disconnect from the Lab's networks, a report      munication between the two networks.
revealed this month, and it all began because of a      Network admins failed to deal with log tickets high-
rogue Raspberry Pi.                                     lighting potential security vulnerabilities, sometimes
The Jet Propulsion Laboratory (JPL) is a NASA re-       for longer than 180 days. The software vulnerability
search facility that conducts robotic space missions.   that the attackers exploited was first identified in
It's the organization that builds probes and sends      2017 with a vulnerability score of ten. JPL didn't fully
them to Mars.                                           eliminate the vulnerability until this March.
Discovered in 2018, the attackers had been lurking in   Inadequate incident response procedures made it
JPL's infrastructure for ten months. According to       difficult to ensure that the JPL had properly con-
the report from NASA's Inspector General, they          tained the attack, according to the report. NASA
broke into its network through the Raspberry Pi,        asked the Department of Homeland Security (DHS)
which is a tiny computer marketed to consumers          to scan the Lab's network and ensure that the at-
and enthusiasts for simple Linux projects.              tack had been properly cleared up, but JPL's unfa-
                                                        miliarity with DHS procedures and concerns over
Using an external user account, the attackers gained
                                                        access to its corporate network introduced a four-
access to two of three primary networks and stole
                                                        month delay.
23 files containing 500Mb of data. Two of these files
included International Traffic in Arms Regulations      The report shows that a string of security shortcom-
information related to the Mars Science Laboratory      ing combined allowed the attackers to steal the files
mission.                                                they needed. It also demonstrates clearly how a sin-
                                                        gle rogue device can provide the perfect gateway
An incomplete inventory of the devices connected
                                                        for an attack. Admins should use it as a prompt to
to the JPL network allowed the Pi onto the network
                                                        check their process for documenting new hardware
unnoticed. Although the Lab maintains a database
                                                        on their networks, and to audit their infrastructure
for hardware and applications, it wasn't regularly
                                                        for unauthorized devices.
updated. "The April 2018 cyberattack exploited this
particular weakness when the hacker accessed the
JPL network by targeting a Raspberry Pi computer
                                                        Original Article
that was not authorized to be attached to the JPL
network," the report said.
Poor network segmentation in the Lab's network
gateway then enabled the attacker to get to its mis-
sion network. Their ability to move laterally through
JPL's infrastructure could have enabled them to gain
access to live mission communications and send ma-
licious signals to human space flight missions, said
the report. For this reason, staff at the Johnson
Space Center (which handles the International
Space Station mission) cut communications with the

9
Happy trails to you.. until we meet again Happy trails to you.. keep smilin' until then Who cares about the clouds when we're together? Just sing ...
Facebook Must Face Lawsuit Over 29 Million-User
                                                                                        Data Breach
          By : Kartikay Mehrotra and Aoife White, Bloomberg
Facebook Inc. failed to fend off a lawsuit over a data      Facebook didn’t immediately respond to a request
breach that affected nearly 30 million users, one of        for comment.
several privacy snafus that have put the company            The Menlo Park, California-based company faces a
under siege.                                                slew of lawsuits and regulatory probes of its privacy
The company’s disclosure in September that hackers          practices after revelations in early 2018 that it al-
exploited several software bugs to obtain login ac-         lowed the personal data of tens of millions of users
cess to accounts was tagged as Facebook’s worst             to be shared with political consultancy Cambridge
security breach ever. An initial estimate that as many      Analytica. As lawmakers have focused greater scruti-
as 50 million accounts were affected was scaled             ny on the company, Zuckerberg in March called for
back weeks later.                                           new global regulations governing the internet, in-
                                                            cluding rules for privacy safeguards.
A federal appeals court in San Francisco on June 21
rejected the company’s request to block the lawsuit,        The case is Echavarria v. Facebook Inc., 3:18-cv-
saying claims against Facebook can proceed for neg-         05982 , U.S. District Court, Northern District of Cali-
ligence and for failing to secure users’ data as prom-      fornia (San Francisco).
ised. Discovery should move "with alacrity" for a tri-
al, U.S. District Judge William Alsup said in his ruling.
He dismissed breach-of-contract and breach-of-              Original Article
confidence claims due to liability limitations. Plain-
tiffs can seek to amend their cases by July 18.
“From a policy standpoint, to hold that Facebook
has no duty of care here ‘would create perverse in-
centives for businesses who profit off the use of
consumers’ personal data to turn a blind eye and
ignore known security risks,”’ Judge Alsup said, cit-
ing a decision a separate case.
The world’s largest social network portrayed itself
as the victim of a sophisticated cyber-attack and ar-
gued that it isn’t liable for thieves gaining access to
user names and contact information. The company
said attackers failed to get more sensitive infor-
mation, including credit card numbers and pass-
words, saving users from any real harm.
Attorneys for users called that argument “cynical,”
saying in a court filing that Facebook has ”abdicated
all accountability” while ”seeking to avoid all liabil-
ity” for the data breach despite Chief Executive
Officer Mark Zuckerberg’s promise that the compa-
ny would learn from its lapses. The case was filed in
San Francisco federal court as a class action.

10
11
Updated Training Resources                       Cyber Security and Forensics

     https://slrmtraining.tsl.texas.gov/course/       https://www.sans.org/online-security-training/
     index.php
                                                      http://www.open.edu/openlearn/science-maths-
     https://www.everbridge.com/resources/?           technology/digital-forensics/content-section-0?
     _sft_category=webinars                           active-tab=description-tab

     https://training.fema.gov/emi.aspx               https://www.eccu.edu/academics/online-cyber-
                                                      security-degrees/
     https://www.brighttalk.com/channel/7841/edrm
                                                      Professional Development:
     https://www.archives.gov/records-mgmt/training
                                                      http://www.ascd.org/professional-development/
     https://cognitiveclass.ai/
                                                      webinars/ascd-webinar-archive.aspx

12
Quest Diagnostics Hit With Class Action Lawsuit
                Over Breach That Exposed Patient Data
                                                              By : AJ Dellinger, Forbes
Earlier this month, it was revealed that nearly 12 mil-   credit card or bank account information stolen. In
lion patients of Quest Diagnostics had their personal     both cases, medical information and laboratory test
information stolen as part of a widespread data           results were not exposed, but that appears to be a
breach of third-party billing company American            relatively minor silver lining for the victims of the
Medical Collection Agency (AMCA). Now, the clinical       data exposure.
laboratory firm and its billing contractor are facing     According to the class action lawsuit filed by the law
a class action lawsuit. The case—brought to the           firm Morgan and Morgan, there are approximately
United States District Court in the District of New       11.9 million class members who may expect compen-
Jersey by a Quest customer based in Florida—is
                                                          sation for the breach. The lawsuit seeks at least $5
seeking more than $5 million in damages caused by         million for potential damages. Many of the victims
the breach.                                               may be at risk of identity fraud and other criminal
AMCA first reported the breach on May 14 of this          actions because of the data exposure, according to
year. It is believed that an attacker may have first      a recent report from USA Today.
compromised the company's systems on August 1,            “Healthcare companies are especially susceptible to
2018, and had access until March 30, 2019. Caught in      data breaches not only because they aggregate a
that breach along with the 11.9 million Quest Diag-       tremendous amount of important and sensitive da-
nostics patients was the data of 7.7 million patients     ta, but also because they tend to be less focused on
of LabCorp, another large clinical laboratory net-        cyber security protection than other industries,"
work that worked with AMCA. Both companies have           Morgan & Morgan attorney John Yanchunis said in a
since suspended sending collection requests to AM-        statement. "These companies, like Quest Diagnos-
CA.                                                       tics, know they are at an increased risk and yet have
Filings with the United States Securities and Ex-         not taken the proper steps to protect their patients’
change Commission made by Quest Diagnostics re-           data. We will fight for justice on behalf of those im-
vealed that information including patient names,          pacted by this breach.”
dates of birth, addresses, phone numbers, dates of
service, care providers and account balances were
exposed. In SEC filings made by LabCorp, it was dis-      Original Article
closed that about 200,000 of its customers had

13
2018-2019 Austin ARMA
                              Board of Directors
                         Position                                         Name
                         President                                        Gina Cervantes
                         President Elect                                  Steven Williams
                         Secretary                                        Steven Williams
                         Treasurer                                        Alex Webb
                         Programs Co-Chair                                Azure Brown
                         Programs Co-Chair                                Bryan Cooper
                         Membership Co-Chair                              Michelle Stafford
                         Membership Co-Chair                              Wendy Scarborough
                         Seminar Co-Chair                                 Chris Barden
                         Seminar Co-Chair                                 Julia Johnson
                         Publicity Chair                                  Doug Allen
                         Newsletter Editor                                Kimberly DeCola
                         Webmaster Co Chair                               Kimberly DeCola
                         Webmaster Co Chair                               Megan Carey
                         ICRM Liaison                                     Kevin Waldrup
                         Education Chair                                  Vickie Stephens
                         Sponsor Liaison                                  Martha Whitted
                         Historian                                        Debra Korty
                         Immediate Past President                         William Basinger
Content notice & disclaimer
All content and materials herein, including but not limited to articles, critiques, summaries, and other types of materials; to include any reproductions,
to the extent such reproductions exist in this newsletter, are done so with the express permission from the publisher and/or copyright holder. Any
images, cartoons, or photographs appearing herein have been licensed from the copyright holder through purchase or creative commons license, are
royalty free stock images, have been expressly permitted for use, and/or are the property of Austin ARMA. If you believe any content or material
herein has been used without proper permission, or for further information regarding permissions for use, you should contact Austin ARMA.

Attributions
Cover photo: Texas Ranger Statue and snow! Circa 1980s. Photo courtesy of the Austin History Center (creativecommons.org/licenses/by-sa/2.0/
legalcode).
14
Austin ARMA survey

 This month’s survey focuses on the Chapter Luminary Award. Please take
             a moment to answer this quick list of questions.

              https://www.surveymonkey.com/r/GNN7GKL

                 Don’t forget to visit the store for your
                  Austin ARMA branded merchandise.
                              CLICK HERE

                             White Papers

          NARA                   Katpro               Axcient Resources
        Contoural                 GRM                 EDRM - Duke Law
     Iron Mountain                 Tab                     Integro
        Laserfiche              KMWorld               Active Navigation
       Virtualdoxx            Cadence Group               Doculabs

15
Chapter CRMs
Douglas Allen         Andrea Gilbert        Peter Kurilecz                Kevin Waldrup
Local Government      Legal                 Energy                        Local Government

Christopher Barden    Jannette Goodall      Tammy Russo                   Alexander Webb
Utilities             Local Government      High Technology               Local Government

William Basinger      Ryan Hanus            Jimmie Savage                 Ryan Zilm
Banking               Energy                State Government              Energy

Azure Brown           Susan Hassett         Kim Scofield                  Julia Johnson
Education             Manufacturing         Consulting                    Transportation
Martin Brown          Margaret Hermes-      J’nise Smith                  Jennifer Alexander
State Government      meyer                 Other
                                                                          State Government
Susan Cisco           State Government      Kay Steed
                                                                          Mary Anne Huckman
Consulting            Craig Kelso           State Government
                      State Government                                    Other
Kimberly DeCola                             Eric Stene
Local Government      Debra Korty           Local Government

John Frost            Local Government      Vickie Stephens
Other                                       State Government

                               Chapter Fellows
Susan Cisco                    John Frost                     Tad Howington
Consulting                     Other                          Other

       What a knowledge base!
 If you have questions, want to
  learn something new, or just
 want to network, please reach
   out and make new friends!
16
17
18
2018 Austin ARMA chapter participation prizes
Monthly Chapter Meeting Attendance Prize
A monthly drawing from the active Chapter membership will be held at each meeting. A gift card in the amount of $25
will be awarded to the member whose name is drawn, from those in attendance. Must be present to win.
Attendance and Participation Prizes
Active members will receive points for Chapter involvement throughout the year. Each point earned will result in the
total number of tickets presented to the member for prizes, drawn at the June Appreciation Lunch. Members will be
responsible for reporting their presentations, and guests at the time of the event.
The Chapter’s Membership Chair will track points earned.

Points are earned for the following activities:
 Task                              Description                                                          Points
 Programs Help                     Catering and Speaker ideas that are realized                         5 points per event

 Power Point Help                  Maintain chapter PowerPoint for meeting with important info          4 points per meeting

 Newsletter Photograph             Document chapter events for newsletter, receive photograph           5 points per event documented
                                   credit
 News letter Submissions           Submit an article, survey, for the newsletter                        5 points per item submitted

 Promote Shred Day                 Promoting the Shred Day events on social media or by email (tag      1 point per promotion
                                   Austin ARMA or cc: chapter Gmail)
 Presenter                         Present at any ARMA event within the Southwest Region (self          5 points per presentation
                                   identified)
 Shred Day Volunteer               Volunteer for any Shred Day shift (win equal points for bringing a   2 points per shift, or 5 for all day shift per
                                   non member volunteer)                                                volunteer
 Chapter Committee Participation   Chair or participate in a chapter committee or work group            10 points per committee

 CRM Mentorship                    Mentoring someone for any part of the test, grading part 6 (self     10 points per mentee
                                   identified)
 Attendance at a chapter meeting   Attend a monthly educational chapter meeting                         1 point per meeting

 Perfect attendance for chapter    Attend all chapter lunch meetings will grant you these extra         4 points for the fiscal year in addition to the
 meetings                          points                                                               points above
 Attendance at a chapter-          Attend a regularly scheduled chapter sponsored study group for       1 point per meeting
 sponsored study group             the CRM or IGP
 Attendance at a chapter educa-    Attend a chapter sponsored half day education workshop               2 points per meeting
 tion workshop
 Attendance at a chapter spon-     Attend a chapter sponsored full day seminar like the Annual Semi- 4 points per seminar
 sored full-day seminar            nar
 Bring a Friend of Austin ARMA     Bring any guest to a chapter event (self identified)                 5 point per guest per event

19
20
Fo

     21
Chapter Awards
                                              Luminary Award - 2017-2018
                     Chapter of the Year – 2007, 2009, 2010, 2012, 2015, 2016
                                       Honorable Mention - 2008, 2011, 2014
                             Chapter Membership Recruitment - 2014, 2015
                                  Chapter Participation Award - 2014, 2016
                                   Chapter Website of the Year - 2011, 2013
                                Chapter Newsletter of the Year - 2015, 2016
                                                Honorable Mention -2011
For The Record Issue 40 Volume 69 Date 06.2019

  Newsletter
  Have something to say about records and information management (factual or editorial)? Submit your original content to our newslet-
  ter editor for inclusion in an upcoming issue of For The Record!

  Look for the survey in each issue of For The Record and participate.

  Speakers
  Know someone knowledgeable in RIM or IG? Please let Azure Brown and Bryan Cooper know so we can broaden our knowledge
  through unique perspectives and emerging trends.

  Food
  Have a food connection? Restaurants may get advertising in For The Record and our website! Please let Alaric Robertson and Todd
  Brown know about your food connections.

  Volunteer
  Whether it be at a Shred Day or something else, we are always happy to have people volunteer their time! If you are interested, please
  let William Basinger know.

  22
And Last But Certainly Not Least…

            Shred Day!

23
24
25
26
Shred Day
                                              Totals

Paper in Pounds: 64,800         Total Cars: 970
Cardboard in Pounds: 1,500      Total Volunteers: 36
Total Recycled Items: 66,300    Trees Saved: 563.55
Total Funds Raised: $2,489.00   Gallons of Water Saved: 232,050

27
You can also read