Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley.
Follow the cyber team, Olivia Beavers (@olivia_beavers) and Morgan Chalfant (@mchalfant16), and the tech team, Harper Neidig (@hneidig) and Ali Breland (@alibreland).
FORMER EQUIFAX MANAGER CHARGED WITH INSIDER TRADING: The Securities and Exchange Commission (SEC) on Thursday charged a former Equifax manager with insider trading, alleging that he profited from bets based on nonpublic information about the company’s 2017 data breach.
Sudhakar Reddy Bonthu, who was a software engineering manager with the firm, allegedly made $75,000 through bets against the company’s stock placed before the breach was made public.
{mosads}
“Bonthu, who was entrusted with confidential information by his employer, misused that information to conclude that his company had suffered a massive data breach and then sought to illegally profit,” said Richard Best, director of the SEC’s Atlanta regional office, in a statement. “Corporate insiders simply cannot abuse their access to sensitive information and illegally enrich themselves.”
Equifax announced on Sept. 7 that the personal information of more than 100 million people had been accessed by hackers in July. Several of the credit bureau’s executives stepped down, and the company’s stock plummeted when markets opened the following day.
Refresher: In the wake of the breach, Bloomberg reported that three executives had actually dumped large amounts of stock in between the company learning about the breach and that information becoming public knowledge.
Bonthu was not included in that initial batch though. Equifax Chief Financial Officer John Gamble and president of U.S. information solutions Joseph Loughran collectively sold shares and exercised stock options totaling approximately $1.5 million on Aug. 1. Rodolfo Ploder, president of workforce solutions, sold approximately $250,000 worth of stock on Aug. 2.
The Department of Justice had been probing those three, but it’s unclear where that investigation ended up. An internal investigation cleared the three of wrongdoing.
Don’t forget: Another executive not included in the initial batch reported, CIO Jun Yung, was charged by the SEC in March for insider trading.
And just when you thought we were done with data breaches…
MARKETING FIRM MAY HAVE EXPOSED DATA ON 320 MILLION: A massive trove of consumer data containing information on as many as 230 million consumers and 110 million businesses may have been exposed by U.S. marketing firm Exactis.
Vinny Troia, a cybersecurity researcher, told Wired that he discovered the database on a publicly accessible server earlier this month. He said the trove contained 340 million records that included names, addresses, phone numbers and email addresses.
The database did not appear to contain any financial information, Troia said, adding that he contacted the FBI about his discovery.
“It seems like this is a database with pretty much every U.S. citizen in it,” Troia told the magazine. “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen.”
Exactis is based in Palm Coast, Fla. The marketing company did not immediately respond to requests for comment.
HOUSE PANEL APPROVES ‘CYBER DETERRENCE’ BILL: The House Foreign Affairs Committee has approved a bill designed to call out and punish foreign actors for executing nation-state-sponsored cyberattacks that threaten U.S. national or economic security.
The legislation, offered by Rep. Ted Yoho (R-Fla.), would direct President Trump to sanction designated “critical cyber threat actors” who help carry out foreign-sponsored attacks, though it offers him the power to waive sanctions if doing so is in the best interest of the United States.
The committee passed an amended version of the bill in a voice vote Thursday morning, before lawmakers left town for the July Fourth recess, kicking it to the full House for a vote. The measure boasts a list of bipartisan co-sponsors.
The deets: Specifically, the legislation would require Trump to designate foreign individuals or entities who are “knowingly responsible for or complicit in, or have engaged in” state-sponsored cyberattacks that threaten U.S. national security, foreign policy, economic security or financial stability as critical cyber threat actors. The designation would also apply to foreign individuals or entities that have provided material support for malicious cyber activities targeting the U.S.
The bill would then direct the president to impose sanctions on these threat actors and lays out a variety of economic-related sanctions that could be used to punish these entities.
HOUSE PANEL APPROVES INTEL AUTHORIZATION BILL: The House Intelligence Committee on Thursday approved the intelligence authorization bill for fiscal years 2018 and 2019 in a unanimous vote, sending it to the full House for consideration.
The bill, which was marked up behind closed doors, includes provisions designed to help protect U.S. elections from cyber threats; protect the energy grid from cyber sabotage; and improve the federal government’s ability to retain and recruit key cyber personnel, according to the committee. The Senate Intelligence Committee approved its own authorization bill earlier this week.
THE LATEST BREACH … ADIDAS ALERTS CUSTOMERS TO ‘POTENTIAL DATA SECURITY INCIDENT’: Athletic-wear maker Adidas is alerting some U.S. customers that hackers may have accessed their information, including usernames and encrypted passwords.
The statement did not specify the number of customers affected by the breach, though a spokesperson told Bloomberg that the company is alerting “a few million consumers” about the incident.
Adidas said it has “no reason” to suspect that hackers stole credit card or fitness information from the affected customers.
The company acknowledged the “potential data security incident” in a brief statement Thursday, saying that officials became aware Tuesday that “an unauthorized party claims to have acquired limited data associated with certain Adidas consumers.”
TODAY IN THE HOUSE… GOP-DOJ BATTLE: Deputy Attorney General Rod Rosenstein and FBI Director Christopher Wray faced an hours-long grilling by the House Judiciary Committee on Thursday on the department’s actions leading up to the 2016 presidential election. Topics covered ranged from Robert Mueller’s Russia investigation, FISA, personal email use, the San Bernardino iPhone, the FBI’s document production, and FBI agent Peter Strzok.
Catch all of our coverage here.
And click here for five highlights from the tense hearing.
MEANWHILE … HOUSE PASSES MEASURE DEMANDING DOJ DOCUMENTS: The House on Thursday passed a resolution demanding the Department of Justice (DOJ) hand over sensitive documents, in the process delivering a final warning shot to senior officials before conservatives move ahead with more aggressive action against the department. In a 226-183 vote, lawmakers approved the messaging measure, which calls on the DOJ to turn over all of the documents House Republicans have requested related to the FBI’s handling of investigations during the 2016 presidential election.
CALIFORNIA LAWMAKERS PASS PRIVACY BILL: The California state legislature on Thursday approved a landmark internet privacy bill that would give users more control over what internet companies can do with their data.
The California Consumer Privacy Act would require companies to give their users detailed information about what information they collect, what they do with that data and who they sell it to. Users would also be able to request that websites stop sharing their data with third parties.
The bill was introduced as a way to head off a ballot initiative that had gained traction among the state’s voters. Alastair Mactaggart, a California real estate developer who was championing the ballot proposal, agreed last week to pull the initiative if the privacy bill passed by Thursday, the deadline to remove ballot proposals.
It’s a state bill, but it’s a big deal: Facebook publicly supported the bill. Regardless of whether or not this is sincere or a clever political calculation, Facebook still realized it was important to weigh in on. Observers see it as a potential model for future privacy laws.
POLL FINDS AMERICANS THINK SILICON VALLEY IS CENSORING POLITICAL VIEWS: Most Americans say they think it’s likely that social media companies censor political views that they find objectionable, according to a new Pew Research Center poll.
Seventy-two percent of respondents said it is either somewhat likely or very likely that tech companies engage in censorship. That suspicion is strongest among Republicans, with 85 percent saying that it’s likely Silicon Valley is censoring certain political views. By comparison, 62 percent of Democrats had the same response.
Most Republicans, 64 percent, also say that tech companies favor liberals over conservatives. Forty-three percent of all respondents agree, while another 43 percent say that tech companies view conservatives and liberals equally.
DEMOCRATS WANT ANSWERS ON CAMBRIDGE ANALYTICA LINKED FIRM: House Democrats want the head of a firm founded by a former Cambridge Analytica employee to verify that the new company, Data Propria, isn’t engaged in improper data-harvesting practices.
“You have acknowledged in interviews with press that the work of Data Propria will be very similar to Cambridge Analytica,” the lawmakers wrote Thursday in a letter to Matt Oczkowski, the firm’s president who is also former head of product at Cambridge Analytica. “The admitted overlap between the personnel and work of Cambridge Analytica and Data Propria raises serious concerns about Data Propria’s practices regarding the collection and use of Americans’ personal information.”
The firm is reportedly working with the Trump 2020 campaign.
AMAZON BUYS A PHARMACY: Amazon announced Thursday that it is acquiring the online pharmacy PillPack, a sign of its long-rumored push into the pharmacy business.
Shares of CVS and Walgreens declined on the news of Amazon’s purchase.
“PillPack’s visionary team has a combination of deep pharmacy experience and a focus on technology,” said Jeff Wilke, the head of Amazon’s consumer branch. “PillPack is meaningfully improving its customers’ lives, and we want to help them continue making it easy for people to save time, simplify their lives, and feel healthier. We’re excited to see what we can do together on behalf of customers over time.”
MORE FACEBOOK TRANSPARENCY EFFORTS: Facebook will now allow users to see all of the ads bought by any account on the platform, a change that is part of its effort to improve transparency.
The changes announced Thursday would allow users to see what ads an account is running across Facebook even if the user is not actually targeted by any of those advertisements.
Facebook already allows users to see all of the ads run by a political page.
The company is also expanding those political ad transparency tools to Brazil. Users there will be able to see active and older ads in Facebook’s political ad archive.
NEW PUSH FROM GIRLS WHO CODE: Girls Who Code is offering new ideas to promote their efforts to close the gender gap in the tech workforce.
“Policymakers understand that the gender gap in tech is a real economic problem,” Corinne Roller, director of public policy at Girls Who Code told The Hill Thursday.
The new agenda includes recommendations for lawmakers and officials to help the national non-profit toward its goal of boosting the number of women in computer science and engineering fields.
The ideas target both schools, to encourage girls to take science classes at an earlier age, and the workforce, to better provide support for women already in the tech workforce.
A LIGHTER CLICK: When you’re the first to break news of the latest deflategate scandal, but you can’t handle all the Twitter love you get in response.
NOTABLE LINKS FROM AROUND THE WEB:
All eyes are on California’s tough data privacy bill. (The Verge)
Just six non-federal groups share information on cyber threats with DHS. (NextGov)
Companies are still struggling with costs from ‘notPetya‘ one year after massive cyberattack. (The Wall Street Journal)
IBM makes face database public in effort to help reduce bias in facial recognition tech.
How Russian trolls exploited Philando Castile’s death. (CNN)
How the Internet of Things can become a tool for domestic abuse. (The New York Times)
Tracking how many questions Mark Zuckerberg actually answers of the amount he promised to Congress (The Washington Post)