The Trustworthy Accountability Group, an advertising initiative fighting criminal activity in the digital advertising supply chain, announced a new program to block illegitimate and nonhuman ad traffic originating from data centers, said a TAG news release Tuesday. “Data center traffic is one of many types of nonhuman or illegitimate ad traffic, and this new program will complement TAG’s recently-announced Fraud Threat List, through which companies share web domains that are sources of fraudulent traffic.” Initially, TAG will use Google’s database of data center IP addresses and “enhance it based upon broader industry intelligence,” the group said. Companies joining TAG in this phase of the project include Dstillery, Facebook, MediaMath, Quantcast, Rubicon Project, The Trade Desk, TubeMogul and Yahoo, it said. “Industry leaders like Google are stepping up to the plate to provide the information and tools we need to block fraudulent and illegitimate ad traffic at its source,” said TAG CEO Mike Zaneis. “Tackling ad fraud will require everyone in the industry to take an active role,” said Google Vice President-Video and Display Advertising Products Neal Mohan.

The FTC filed documents with the U.S. District Court for the District of Arizona Tuesday alleging LifeLock violated a 2010 settlement with the agency and 35 state attorneys general by “continuing to make deceptive claims about its identity theft protection services, and by failing to take steps required to protect its users’ data,” an FTC news release said. The commission asked the court to impose an order requiring LifeLock to provide full redress to all consumers affected by the company’s order violations, it said. “We disagree with the substance of the FTC’s contentions and are prepared to take our case to court,” LifeLock said in an emailed statement. “Security of our systems has always been, and will remain, of primary importance to us.” The 2010 settlement came after the FTC alleged LifeLock used “false claims to promote its identity theft protection services,” the agency release said. Under the settlement, LifeLock was barred from making any further deceptive claims, was required to take more stringent measures to safeguard the personal information it collects from consumers, and LifeLock was required to pay $12 million in consumer refunds, it said. The FTC alleges LifeLock violated the 2010 settlement by failing to establish and maintain a comprehensive information security program to protect users’ sensitive personal data, including credit card, Social Security numbers and bank account numbers; falsely advertised it protected consumers’ sensitive data with the same high-level safeguards as financial institutions; and failed to meet the 2010 order’s record-keeping requirements, it said. Details of the agency’s action against LifeLock were filed under seal, the release said. The court could decide to unseal portions of the case, the FTC said. The vote to file the application for a show cause order was 4-1, with Commissioner Maureen Ohlhausen voting no. Commissioner Ohlhausen declined to comment further on this case at this time, her office said. “Based on the evidence, we do not believe that anything the FTC is alleging has resulted in any member’s data being taken,” LifeLock said. “The FTC is not seeking any relief that would change LifeLock services and products going forward,” but is "raising claims related to past, not current business practices.”

The application deadline for candidates to be ICANN’s next CEO is Sept. 20, ICANN’s CEO Search Committee said Monday. The committee formed to find a replacement for outgoing ICANN CEO Fadi Chehadé, who's leaving the nonprofit after its March 5-10 meeting. ICANN needs “a public interest-minded leader with a combination of business, diplomatic and organizational skills to assume the leadership of a successful multi-stakeholder organization,” the committee said. The ICANN committee said it’s seeking candidates with successful records at “respected” public, corporate, academic service, nongovernmental organizations, foundations and other public service institutions.

CVS Photo was temporarily shut down after a hacker successfully infiltrated the network, the company’s website said Monday. “Customer credit card information collected by the independent vendor who manages and hosts CVSPhoto.com may have been compromised,” the site said. “Customer registrations related to online photo processing and CVSPhoto.com are completely separate from CVS.com, optical.cvs.com, cvs.com/MinuteClinic on line bill pay and our pharmacies.” Financial transactions on other CVS sites and in-store aren't affected, the site said.

PayPal modified terms of its user agreement, as promised to the FCC (see 1506290044), to make it clear that it primarily uses autodialed or prerecorded calls and text to help detect, investigate and protect customers from fraud; provide notices to customers about their accounts or account activity; or collect a debt, said in an email to customers last weekend. The new section also clarifies autodialed or prerecorded calls or texts won't be used to contact customers for marketing purposes without prior express written consent; customers can continue to use PayPal products and services without consenting to autodialed or prerecorded calls or texts; and customers can revoke consent to receiving these communications, the email said.

Sensitive and personal information for some 40 million people was stolen from Avid Life Media, a Toronto-based organization that owns the “world’s leading dating service” for those looking to have an affair, Ashley Madison, which has 37 million users, and hookup sites like Established Men and Cougar Life, KrebsOnSecurity reported Sunday. The company confirmed it had been hacked and was investigating the origin, nature and scope of the incident, in a statement Monday. The hackers identified themselves as the “Impact Team” and left a message instructing Avid Life Media to permanently shut down Ashley Madison and Established Men or the hackers would release the data taken from the company. “We have taken over all systems in your entire office and production domains, all customer information databases, source code repositories, financial records, emails,” Impact Team’s message said. The message singled out Avid Life Media Chief Technology Officer Trevor Stokes, who had noted in an internal document that protecting personal information was his biggest “critical success factor” and that he would “hate to see our systems hacked and/or the leak of personal information.” Impact Team welcomed Stokes to his “worst fucking nightmare.” The hackers demanded Avid Life media permanently shut down Ashley Madison and Established Men, “or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails.” Other Avid Life Media websites were allowed to stay online. Avid Life Media said it secured its sites and closed "the unauthorized access points,” and is working with law enforcement to hold any and all parties responsible.

UCLA Health was the victim of a criminal cyberattack last year that may have resulted in hackers obtaining personal information including names, addresses, dates of birth, Social Security numbers, medical record numbers, Medicare or health plan ID numbers and some medical information for patients, it said in a statement Friday. “While the attackers accessed parts of the computer network that contain personal and medical information, UCLA Health has no evidence at this time that the cyber attacker actually accessed or acquired any individual’s personal or medical information.” Data for 4.5 million individuals may have been involved in the attack that is believed to have occurred in September, it said. UCLA Health is working with the FBI and private computer forensic experts to “further secure information on network servers,” it said. Hospital System President James Atkinson said UCLA Health takes the attack “extremely seriously” and has “taken significant steps to further protect data and strengthen our network against another cyber attack.”

Ryan J. Vallee, 21, of Franklin, New Hampshire, was charged with two counts of computer hacking to steal information, seven counts of computer hacking to extort, 10 counts of making interstate threats, and seven counts of aggravated identity theft, after remotely hacking into the social media, email and online shopping accounts of about a dozen minor females and threatening to delete, deface and make purchases from the accounts unless the victims sent him sexually explicit photographs of themselves, a Justice Department news release said Thursday. Vallee allegedly distributed sexually explicit photographs of the girls and their friends, DOJ said.

MPAA said Friday that it wants to “set the record straight” on its positions on the ICANN Privacy & Proxy Services Accreditation Issues Working Group's work on proposed revisions to ICANN's proxy services registration policies. The association said in an email that groups opposed to aspects of PPSAI's initial report on revision proposals have “distorted” MPAA's positions. Privacy advocates and some industry groups have opposed aspects of PPSAI's initial report, particularly a proposal to bar owners of domain names associated with websites engaged in commercial activity from using proxy services to mask ownership information on WHOIS registration (see 1507010065). MPAA said that ICANN hasn't adopted any final changes to its proxy service rules and noted that “while we are working to develop a framework to help creators protect their content when clear and verifiable abuse is occurring, we’ve made it very clear that we also support the legitimate use of privacy and proxy services.” MPAA said it disagrees with claims that its role on PPSAI means it supports policies that will chill free speech and expose marginalized groups to possible harassment. “Not only do we tell stories that advance challenging societal conversations, we also consistently resist government calls for censorship,” MPAA said. “In this case, we are engaged with ICANN to help creators reach out directly to the bad actors that are abusing the Internet to distribute infringing content and profit from others’ hard work.”

General Electric installed new fiber optic lines to support its industrial Internet initiative, the company said in a news release Thursday. The cables installed at GE's Global Research Center in Niskayuna, N.Y. deliver speeds of 100 Gbps, it said. GE said Cisco contributed to the infrastructure project, which will be featured during demonstrations Thursday at the Industrial Internet Consortium's Summer Conference at the research center.