Hillicon Valley: Marriott cuts breach estimates, but says millions of passports exposed | Los Angeles sues Weather Channel app over data collection | Bill would create office to fight Chinese threats to US tech | German politicians hit by major breach

View in Browser     Welcome to Hillicon Valley, The Hill's newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. Welcome! Follow the cyber team, Olivia Beavers (@olivia_beavers) and Jacqueline Thomsen (@jacq_thomsen), and the tech team, Harper Neidig (@hneidig). And CLICK HERE to subscribe to our newsletter.   WE'VE GOT SOME GOOD NEWS, WE'VE GOT SOME BAD NEWS: Marriott International announced Friday that fewer guests were impacted by a breach of its Starwood reservations database than originally announced, but that millions of unencrypted passport numbers were accessed. The chain said in a release that it now believes as many as 383 million records were accessed in the hack but noted that some of those records were repeats impacting the same guests. That's down from the 500 million guests originally believed to be impacted by the hack. However, Marriott said that roughly 5.25 million unencrypted passport numbers were obtained by hackers, as well as 20.3 million encrypted passport numbers. And about 8.6 million encrypted debit and credit cards were accessed by a third party, with about 354,000 of those cards not having expired by September of last year. Marriott noted that there is no evidence that the hackers were able to decrypt the encrypted passport and payment card numbers. Organizations will often lower the number of the parties impacted in a breach after investigating the hack further. Read more here.   DELETE ALL THE APPS: The city of Los Angeles is accusing The Weather Channel app of improperly mining detailed data from users about their daily habits and handing the information over to advertisers and hedge funds. In a lawsuit filed Friday, L.A. City Attorney Mike Feuer accused the company that operates the app -- TWC Product and Technology, a subsidiary of IBM -- of misleading users about what it does with their precise geolocation data. "For years, TWC has deceptively used its Weather Channel App to amass its users' private, personal geolocation data -- tracking minute details about its users' locations throughout the day and night, all the while leading users to believe that their data will only be used to provide them with 'personalized local weather data, alerts and forecasts,'" Feuer writes in the lawsuit. "TWC has then profited from that data, using it and monetizing it for purposes entirely unrelated to weather or the Weather Channel App," the complaint continues. The lawsuit was first reported by The New York Times. "The Weather Company has always been transparent with use of location data; the disclosures are fully appropriate, and we will defend them vigorously," an IBM spokesperson said in a statement to The Hill. Read more here, and revisit The New York Times investigation into location tracking.   NEW YEAR, NEW BILLS: A pair of senators on Friday introduced bipartisan legislation that would establish a new federal office focused on combating Chinese and other foreign threats to U.S. technology, including supply chain risks and technology theft.   Sen. Mark Warner (D-Va.), vice chairman of the Senate Intelligence Committee, and Sen. Marco Rubio (R-Fla.), also a member of the panel, said that creating the Office of Critical Technology and Security at the White House would help coordinate efforts to protect technology across the federal government. The office would also coordinate with the private sector, federal and state tech and telecom regulators, international partners and allies, and other relevant organizations. "It is clear that China is determined to use every tool in its arsenal to surpass the United States technologically and dominate us economically," Warner, a former telecommunications executive, said in a statement. "We need a whole-of-government technology strategy to protect U.S. competitiveness in emerging and dual-use technologies and address the Chinese threat by combating technology transfer from the United States." More on their proposal here.   MAYBE THIS TIME: House Democrats on Friday unveiled several election security measures as part of their first sweeping bill of the session. The legislation, H.R. 1, or the For the People Act, mandates that states use paper ballots in elections, which must also be hand-counted, or by "optical character recognition device," the bill states. Rep. John Sarbanes (D-Md.) introduced the legislation, which he and other Democrats have described as a comprehensive anti-corruption package that will set the tone for their time in control of the House. The bill will also allow the Election Assistance Commission (EAC) -- the small federal agency tasked with helping officials carry out elections -- to hand out funding to states for the improvement of their elections systems. The Department of Homeland Security would also be required to conduct a threat assessment ahead of elections and that voting systems be tested nine months before any national election. More on that here.   MERKEL, GERMAN LAWMAKERS BREACHED: German authorities are reportedly investigating the leak of personal data belonging to hundreds of German politicians including German Chancellor Angela Merkel. The leak impacted individuals tied to left and centrist political parties, but not Germany's populist right-wing party, the AfD, according to multiple German news outlets. While the hack affected Merkel, a government spokesperson told multiple news outlets that no sensitive data tied to Merkel or the government was leaked. The cybercriminals uploaded the personal details of these politicians -- including names, home addresses, phone numbers, photo IDs, chat histories, personal photos, and others -- and then pushed the leaked information out on Twitter. The social media giant later removed the posts. Read more here.   A SECOND SHOT: A bipartisan duo of lawmakers on Friday reintroduced legislation that would elevate the post of the federal government's chief information officer, as well as establish a new line for reporting about information technology across the administration. Reps. Robin Kelly (D-Ill.) and Will Hurd (R-Texas), the chair and ranking member, respectively, of the House Committee on Oversight and Reform's subcommittee on information technology, reintroduced the bill after it failed to pass Congress during the last legislative session. The House passed the legislation in November, but it did not advance out of Senate committee in time for it to be taken up by the end of the 115th Congress. Under the measure, the federal chief information office (CIO), who oversees all IT for the federal government and currently reports to the Office of Management and Budget's (OMB) deputy director, would start reporting directly to the head of OMB. Read more here.   A LIGHTER CLICK: I too have discovered early 2000s memes.   NOTABLE LINKS FROM AROUND THE WEB: Will 5G end up leaving some people behind? (NBC News) Corsi's lawsuit against Mueller hits hurdle in first hearing. (The Hill) Facebook is mad at The New York Times for its investigative reporting on the company. (NBC News) Amazon debuts 'Showroom' to help users visualize which furniture to buy for their space. (TechCrunch)         Did a friend forward you this email? Sign up for Technology Newsletters     Forward Technology Newsletters       Privacy Policy  |  Manage Subscriptions  |  Unsubscribe  |  Email to a friend  |  Sign Up for Other Newsletters   The Hill 1625 K Street, NW 9th Floor, Washington DC 20006 ©2019 Capitol Hill Publishing Corp., a subsidiary of News Communications, Inc.