Harvard University “discovered an intrusion on the Faculty of Arts and Sciences and Central Administration information technology networks” June 19, said Provost Alan Garber and Executive Vice President Katie Lapp in a joint statement Wednesday. “Since discovering this intrusion, Harvard has been working with external information security experts and federal law enforcement to investigate the incident, protect the information stored on our systems, and strengthen IT environments across the University,” the statement said. Garber and Lapp said there's no indication now that personal data, research data or PIN system credentials were compromised but said Harvard login credentials may have been used to access individual computers, and university email accounts “have been exposed.” To further secure data, the university is requiring those who are part of the Faculty of Arts and Science, Harvard Divinity School, Radcliffe Institute for Advanced Study or Central Administration to change the password associated with their Harvard account. Those part of the Graduate School of Design, Graduate School of Education, School of Engineering and Applied Sciences, or School of Public Health are required to change their email password. “Password changes will be required again at a later time,” the statement said. Those who are part of the business, Kennedy, law, medical or dental schools “do not need to take any action at this time,” the statement said.

Ten of the top 20 fastest broadband regions in the world are in the U.S., said a recent report from Akamai, according to an analysis of the data from NCTA. Delaware, Washington, D.C., and Virginia come in at three, four and five on the list with average peak connection speeds of 85.6, 79.2 and 79 Mbps respectively. Singapore is No. 1 with 98.5 Mbps. Maryland and California are 19 and 20 on the list with average peak connection speeds of 64.4 and 64.3 Mbps, NCTA said. The rankings are reflective of infrastructure and technology, as well as basic geography, it said. Each of the nations at the top of the list is small and densely populated while many of the U.S. states on the list share similar geography, the analysis from NCTA said.

U.N. member states began meetings Wednesday in New York on preparations for the U.N.’s Dec. 15-16 meeting on outcomes of the past 10 years of implementation of the World Summit on the Information Society. The December meeting “will take stock of the progress made in the implementation of WSIS outcomes and to address potential information and communications technology gaps and areas for continued focus, as well as challenges, including bridging the digital divide and harnessing ICTs for development,” the U.N. said in a news release. Preparatory meetings Wednesday and Thursday were meant to consult with “relevant” WSIS stakeholders and determine areas where further focus is needed, the U.N. said.

ICANN Vice President-Domain Names Services & Industry Cyrus Namazi acknowledged the presence of ongoing campaigns against controversial portions of an initial report by the Generic Names Supporting Organization’s Policy Development Process Working Group on Privacy & Proxy Services Accreditation Issues (PPSAI). Privacy advocates are urging Internet users to file comments opposing a portion of the PPSAI report that explores whether to recommend that ICANN bar owners of domain names that point to commercial websites from using privacy and proxy services’ information on the WHOIS registration database. Privacy advocates are also opposing a portion of the PPSAI report that explores whether to require registrars to release domain name owners’ information for websites without a court order when a website violates IP rights, distributes malware or engages in illegal activities (see 1507010065). “The debate will continue until the report is final, and we encourage any and all to voice their opinion,” Namazi said in a statement Wednesday. “This type of discourse is a critical element of the multistakeholder model.”

Cybersecurity firm Kaspersky Lab coined the term “digital amnesia” to describe the phenomenon of forgetting information that Americans trust a digital device to store and remember for them, the company said Wednesday in a report. That the phenomenon is so prevalent points up the need for Americans to adequately protect their devices with “readily available IT security products,” but protection of the sort that Kaspersky and others sell is lacking, the report said. Kaspersky canvassed 1,000 U.S. consumers aged 16 to 55 online in May and found that 91 percent “can easily admit their dependency on the Internet and devices as a tool for remembering and an extension of their brain,” it said. And 44 percent said their smartphone holds almost everything they need to know or recall. “Not surprisingly, the study also found that the loss or compromise of data stored on digital devices, and smartphones in particular, would leave many users devastated,” the company said. But in the study, 28 percent admitted they don’t protect any of their devices with “additional security,” it said. The firm said it found just one in three installs extra IT security on a smartphone, one in five on a tablet.

Email phishing campaigns appearing to be from the Office of Personnel Management and the identity protection firm CSID increased after last month's announcement that OPM suffered breaches, said the U.S. Computer Emergency Readiness Team (U.S.-CERT) in an alert Tuesday. “For those affected by the recent data breach, the legitimate domain used for accessing identity protection services is https://opm.csid.com.” Users should visit the OPM website for more information and report suspicious emails to U.S.-CERT, it said.

After reports the intelligence community was resistant to integrate its systems with those operated by the Office of Personnel Management’s (OPM) due to security concerns before recent breaches at OPM occurred, Brookings Institution Senior Fellow in Government Studies Benjamin Wittes questioned in a blog post Tuesday why “nobody in the intelligence community bothered, it seems, to help secure OPM’s systems.” If the Director of National Intelligence’s office thought the data OPM managed wasn't secure, why not secure those systems, Wittes asked. Though he says OPM isn’t without fault, “identifying intelligence targets in the federal government and securing them against professional intelligence adversaries is really the job of others in the federal government, and at least some of those others had their eyes on this problem,” he said. “The more I think about it, the less I think it makes sense to blame OPM for the failure here, and the more I think the intelligence community itself must take responsibility for it -- particularly for any portions of the breach or breaches that involve data for security clearance background checks,” Wittes said. The Office of the DNI didn't comment.

“Don’t send verification codes to anyone via text or email,” wrote Kristin Cohen, chief of the FTC's Office of Technology Research and Investigation, in a blog post Wednesday. Verification codes should be used only on the login page, Cohen said. Individuals who get a verification code they didn’t request should tell the provider, she said, because it could be a sign someone is tampering with the account. It’s possible a hacker with an individual’s email address and mobile number can pretend to be an individual’s email provider and send a text asking for a verification code to unlock the email account, Cohen said. The hacker can learn a lot of information looking through an email account or change email settings so emails are forwarded directly to the hacker, she said.

The FTC is expanding its efforts to help businesses protect consumers’ information through an initiative to give firms more information on data security, the agency said in a news release Tuesday. The Start with Security initiative includes new guidance for businesses based on the more than 50 data security cases the FTC has brought throughout the years, it said. The guidance laid out 10 key steps to effective data security and is “designed to provide an easy way for companies to understand the lessons learned from those previous cases,” said the commission. A series of conferences will be held across the country for small- and medium-sized businesses, starting with one at the University of California Hastings College of the Law in San Francisco Sept. 9. A second event will be at the University of Texas Strauss Center for International Security and Law in Austin Nov. 5, it said. The FTC also created a website dedicated to data security information for businesses.

Brazil and the U.S. said they will resume their joint Working Group on Internet and Information and Communication Technologies, with the group set to hold its second-ever meeting this fall in Brasilia. The group held its first meeting in July 2012 and disbanded after the start of former NSA contractor Edward Snowden’s leaks about controversial NSA surveillance programs, an industry lawyer told us. Brazil later enacted a law strengthening Internet privacy policies due to the “anger and repudiation” of the NSA surveillance programs (see report in the April 24, 2014, issue). The restart of the U.S.-Brazil working group “will offer the opportunity of exchanging experiences and exploring possibilities for cooperation in a number of key areas, including e-government, the digital economy, cybersecurity, cybercrime prevention, capacity building activities, international security in cyberspace, and research, development, and innovation,” said President Barack Obama and Brazilian President Dilma Rousseff in a joint statement Tuesday. Rousseff has been in Washington this week to meet on U.S.-Brazil relations. The countries reaffirmed their commitment to “cooperate for the success” of the next Internet Governance Forum Nov. 10-13 in João Pessoa, Brazil, and said they will participate actively in the U.N. General Assembly’s high-level meeting on the 10-year review of the World Summit on the Information Society outcomes in December.