CVS Photo was temporarily shut down after a hacker successfully infiltrated the network, the company’s website said Monday. “Customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised,” the site said. “Customer registrations related to online photo processing and CVSPhoto.com are completely separate from CVS.com, optical.cvs.com, cvs.com/MinuteClinic on line bill pay and our pharmacies.” Financial transactions on other CVS sites and in-store aren't affected, the site said.

PayPal modified terms of its user agreement, as promised to the FCC (see 1506290044), to make it clear that it primarily uses autodialed or prerecorded calls and text to help detect, investigate and protect customers from fraud; provide notices to customers about their accounts or account activity; or collect a debt, said in an email to customers last weekend. The new section also clarifies autodialed or prerecorded calls or texts won't be used to contact customers for marketing purposes without prior express written consent; customers can continue to use PayPal products and services without consenting to autodialed or prerecorded calls or texts; and customers can revoke consent to receiving these communications, the email said.

Sensitive and personal information for some 40 million people was stolen from Avid Life Media, a Toronto-based organization that owns the “world’s leading dating service” for those looking to have an affair, Ashley Madison, which has 37 million users, and hookup sites like Established Men and Cougar Life, KrebsOnSecurity reported Sunday. The company confirmed it had been hacked and was investigating the origin, nature and scope of the incident, in a statement Monday. The hackers identified themselves as the “Impact Team” and left a message instructing Avid Life Media to permanently shut down Ashley Madison and Established Men or the hackers would release the data taken from the company. “We have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails,” Impact Team’s message said. The message singled out Avid Life Media Chief Technology Officer Trevor Stokes, who had noted in an internal document that protecting personal information was his biggest “critical success factor” and that he would “hate to see our systems hacked and/or the leak of personal information.” Impact Team welcomed Stokes to his “worst fucking nightmare.” The hackers demanded Avid Life media permanently shut down Ashley Madison and Established Men, “or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.” Other Avid Life Media websites were allowed to stay online. Avid Life Media said it secured its sites and closed "the unauthorized access points,” and is working with law enforcement to hold any and all parties responsible.

UCLA Health was the victim of a criminal cyberattack last year that may have resulted in hackers obtaining personal information including names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information for patients, it said in a statement Friday. “While the attackers accessed parts of the computer network that contain personal and medical information, UCLA Health has no evidence at this time that the cyber attacker actually accessed or acquired any individual’s personal or medical information.” Data for 4.5 million individuals may have been involved in the attack that is believed to have occurred in September, it said. UCLA Health is working with the FBI and private computer forensic experts to “further secure information on network servers,” it said. Hospital System President James Atkinson said UCLA Health takes the attack “extremely seriously” and has “taken significant steps to further protect data and strengthen our network against another cyber attack.”

Ryan J. Vallee, 21, of Franklin, New Hampshire, was charged with two counts of computer hacking to steal information, seven counts of computer hacking to extort, 10 counts of making interstate threats, and seven counts of aggravated identity theft, after remotely hacking into the social media, email and online shopping accounts of about a dozen minor females and threatening to delete, deface and make purchases from the accounts unless the victims sent him sexually explicit photographs of themselves, a Justice Department news release said Thursday. Vallee allegedly distributed sexually explicit photographs of the girls and their friends, DOJ said.

MPAA said Friday that it wants to “set the record straight” on its positions on the ICANN Privacy & Proxy Services Accreditation Issues Working Group's work on proposed revisions to ICANN's proxy services registration policies. The association said in an email that groups opposed to aspects of PPSAI's initial report on revision proposals have “distorted” MPAA's positions. Privacy advocates and some industry groups have opposed aspects of PPSAI's initial report, particularly a proposal to bar owners of domain names associated with websites engaged in commercial activity from using proxy services to mask ownership information on WHOIS registration (see 1507010065). MPAA said that ICANN hasn't adopted any final changes to its proxy service rules and noted that “while we are working to develop a framework to help creators protect their content when clear and verifiable abuse is occurring, we’ve made it very clear that we also support the legitimate use of privacy and proxy services.” MPAA said it disagrees with claims that its role on PPSAI means it supports policies that will chill free speech and expose marginalized groups to possible harassment. “Not only do we tell stories that advance challenging societal conversations, we also consistently resist government calls for censorship,” MPAA said. “In this case, we are engaged with ICANN to help creators reach out directly to the bad actors that are abusing the Internet to distribute infringing content and profit from others’ hard work.”

General Electric installed new fiber optic lines to support its industrial Internet initiative, the company said in a news release Thursday. The cables installed at GE's Global Research Center in Niskayuna, N.Y. deliver speeds of 100 Gbps, it said. GE said Cisco contributed to the infrastructure project, which will be featured during demonstrations Thursday at the Industrial Internet Consortium's Summer Conference at the research center.

Netflix is “really optimistic” about Ultra HD as a subscription and revenue “driver,” CEO Reed Hastings said on a quarterly earnings interview Wednesday. “So as more and more Ultra HD TVs get sold at major electronics outlets over the next five years, more and more people will want Ultra HD” from Netflix, he said. Each Ultra HD stream is about 15 Mbps, “so it takes a good-quality Internet connection,” he said. “Of course, that's getting more and more reliable. So when we see those coming together, we see over time a significant percentage of our membership upgrading to get the Ultra HD service, again, over the next couple of years.” Netflix is confident about its long-term success in Japan after launching there this fall, Hastings said. It plans to launch in Japan with “aggressive” pricing and local content, including “some local originals,” he said. “We're really focused on doing a great job.” Japan is “unique” among other markets “because it's very brand-sensitive,” Hastings said. “So Japan will probably be our slowest market to get to a certain penetration threshold, but it may be one of our best markets in the long term because when the Japanese society embraces a brand, it's a very deep connection, very long-term. So we're willing to make that investment, knowing that it's not the quick route to success that it might be in other countries.”

The World Wide Web Consortium (W3C) released a Last Call Working Draft of Tracking Compliance and Scope, a blog post on the W3C site said Tuesday. “This specification defines a set of practices for compliance with a user’s Do Not Track (DNT) tracking preference to which a server may claim adherence.” Comments are accepted through Oct. 7, it said.

“Recently disclosed vulnerabilities in Adobe Flash and Microsoft Windows may allow a remote attacker to execute arbitrary code with system privileges” by “convincing a user to visit a website or open a file” that could allow an attacker to combine Flash and Windows vulnerability to take “full control of an affected system,” said the U.S. Computer Emergency Readiness Team in an alert Wednesday. US-CERT said that “since attackers continue to target and find new vulnerabilities in popular, Internet-facing software, updating is not sufficient, and it is important to use exploit mitigation and other defensive techniques.” Don't "run untrusted Flash content,” and “review the Bulletin and apply the necessary updates,” US-CERT said.