CVS Photo was temporarily shut down after a hacker successfully infiltrated the network, the company’s website said Monday. “Customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised,” the site said. “Customer registrations related to online photo processing and CVSPhoto.com are completely separate from CVS.com, optical.cvs.com, cvs.com/MinuteClinic on line bill pay and our pharmacies.” Financial transactions on other CVS sites and in-store aren't affected, the site said.

Ryan J. Vallee, 21, of Franklin, New Hampshire, was charged with two counts of computer hacking to steal information, seven counts of computer hacking to extort, 10 counts of making interstate threats, and seven counts of aggravated identity theft, after remotely hacking into the social media, email and online shopping accounts of about a dozen minor females and threatening to delete, deface and make purchases from the accounts unless the victims sent him sexually explicit photographs of themselves, a Justice Department news release said Thursday. Vallee allegedly distributed sexually explicit photographs of the girls and their friends, DOJ said.

MPAA said Friday that it wants to “set the record straight” on its positions on the ICANN Privacy & Proxy Services Accreditation Issues Working Group's work on proposed revisions to ICANN's proxy services registration policies. The association said in an email that groups opposed to aspects of PPSAI's initial report on revision proposals have “distorted” MPAA's positions. Privacy advocates and some industry groups have opposed aspects of PPSAI's initial report, particularly a proposal to bar owners of domain names associated with websites engaged in commercial activity from using proxy services to mask ownership information on WHOIS registration (see 1507010065). MPAA said that ICANN hasn't adopted any final changes to its proxy service rules and noted that “while we are working to develop a framework to help creators protect their content when clear and verifiable abuse is occurring, we’ve made it very clear that we also support the legitimate use of privacy and proxy services.” MPAA said it disagrees with claims that its role on PPSAI means it supports policies that will chill free speech and expose marginalized groups to possible harassment. “Not only do we tell stories that advance challenging societal conversations, we also consistently resist government calls for censorship,” MPAA said. “In this case, we are engaged with ICANN to help creators reach out directly to the bad actors that are abusing the Internet to distribute infringing content and profit from others’ hard work.”

UCLA Health was the victim of a criminal cyberattack last year that may have resulted in hackers obtaining personal information including names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information for patients, it said in a statement Friday. “While the attackers accessed parts of the computer network that contain personal and medical information, UCLA Health has no evidence at this time that the cyber attacker actually accessed or acquired any individual’s personal or medical information.” Data for 4.5 million individuals may have been involved in the attack that is believed to have occurred in September, it said. UCLA Health is working with the FBI and private computer forensic experts to “further secure information on network servers,” it said. Hospital System President James Atkinson said UCLA Health takes the attack “extremely seriously” and has “taken significant steps to further protect data and strengthen our network against another cyber attack.”

Netflix is “really optimistic” about Ultra HD as a subscription and revenue “driver,” CEO Reed Hastings said on a quarterly earnings interview Wednesday. “So as more and more Ultra HD TVs get sold at major electronics outlets over the next five years, more and more people will want Ultra HD” from Netflix, he said. Each Ultra HD stream is about 15 Mbps, “so it takes a good-quality Internet connection,” he said. “Of course, that's getting more and more reliable. So when we see those coming together, we see over time a significant percentage of our membership upgrading to get the Ultra HD service, again, over the next couple of years.” Netflix is confident about its long-term success in Japan after launching there this fall, Hastings said. It plans to launch in Japan with “aggressive” pricing and local content, including “some local originals,” he said. “We're really focused on doing a great job.” Japan is “unique” among other markets “because it's very brand-sensitive,” Hastings said. “So Japan will probably be our slowest market to get to a certain penetration threshold, but it may be one of our best markets in the long term because when the Japanese society embraces a brand, it's a very deep connection, very long-term. So we're willing to make that investment, knowing that it's not the quick route to success that it might be in other countries.”

General Electric installed new fiber optic lines to support its industrial Internet initiative, the company said in a news release Thursday. The cables installed at GE's Global Research Center in Niskayuna, N.Y. deliver speeds of 100 Gbps, it said. GE said Cisco contributed to the infrastructure project, which will be featured during demonstrations Thursday at the Industrial Internet Consortium's Summer Conference at the research center.

The World Wide Web Consortium (W3C) released a Last Call Working Draft of Tracking Compliance and Scope, a blog post on the W3C site said Tuesday. “This specification defines a set of practices for compliance with a user’s Do Not Track (DNT) tracking preference to which a server may claim adherence.” Comments are accepted through Oct. 7, it said.

“Recently disclosed vulnerabilities in Adobe Flash and Microsoft Windows may allow a remote attacker to execute arbitrary code with system privileges” by “convincing a user to visit a website or open a file” that could allow an attacker to combine Flash and Windows vulnerability to take “full control of an affected system,” said the U.S. Computer Emergency Readiness Team in an alert Wednesday. US-CERT said that “since attackers continue to target and find new vulnerabilities in popular, Internet-facing software, updating is not sufficient, and it is important to use exploit mitigation and other defensive techniques.” Don't "run untrusted Flash content,” and “review the Bulletin and apply the necessary updates,” US-CERT said.

The Software and Information Industry Association is hosting an event July 23 that will focus on rethinking the meaning of data privacy and consider whether the current policymaking is working to advance individual privacy, an SIIA news release said Wednesday. “The issues of data privacy and security are too often over-simplified -- more data equals less privacy, which demands more regulation,” the release said. FTC Commissioner Maureen Ohlhausen will deliver opening remarks. A panel discussion on how big data and the IoT have spurred valuable privacy debates and whether current and proposed regulations could inhibit innovation and economic progress will follow. The event is 12-1 p.m. at the Capitol Visitor’s Center SVC 201-00.

Whenever Christos Catsouras searches his last name on Google, photos of his deceased daughter Nikki’s body and the wrecked car she was in during a fatal accident in 2006 surface, Catsouras said during a Consumer Watchdog-hosted news conference in Santa Monica, California, Wednesday. Having "the right to be forgotten" apply in the U.S. would be “the most amazing thing for our family and many other families out there,” Catsouras said. Photos of Nikki’s body were leaked by the California Highway Patrol and Catsouras said some individuals attach the photos and send them to him in emails. There is “absolutely no justification for these links to continue to exist,” said Consumer Watchdog Privacy Project Director John Simpson. Removing photos or links from search engine results isn't censorship because the content still exists and such removal is possible for a company to do because Google is honoring removal requests in Europe, Simpson said. In June, Google announced it would remove revenge porn from its search results, Simpson said. “To me, some of the photos that are haunting the Catsouras family are just as abusive and harmful [as revenge porn] and I don’t understand why Google won’t remove those links,” Simpson said. Consumer Watchdog initially contacted Google asking the company to honor right to be forgotten requests in the U.S., but Simpson said Google never responded. Bing and Yahoo should also honor removal requests, Simpson said, explaining Consumer Watchdog has focused on Google because “they are the big dog” and Google more than any other search engine or company describes itself as privacy friendly. Consumer Watchdog filed a complaint with the FTC against Google last week alleging that Google’s refusal to offer Americans the right to be forgotten privacy tool that Europeans have is an unfair and deceptive practice -- a violation of Section 5 of the FTC Act (see 1507070023). Simpson said the FTC has confirmed receipt of the complaint and is considering it, which Simpson said he took to be a positive sign. Simpson added that Consumer Watchdog would drop the complaint if Google did what was right and honored removal requests. Simpson said search engines are the first step, but as society figures out what are appropriate privacy protections in the digital age, additional policy changes may be necessary. Google had no immediate comment.