2022 was a hard year for me but I still produced some reporting I'm damn proud of so here's a little thread:
Pinned Tweet
Show this thread
Follow
Click to Follow TonyaJoRiley
Tonya Riley
@TonyaJoRiley
Privacy + data security Previously
Tips: tonya.riley@cyberscoop.com. No DM pitches.
Reggie the cat's alt.
Tonya Riley’s Tweets
Is there anyone more booked and busy than Murray Bartlett??? We love to see it!
1
SCOOP: met two top Biden administration officials on Friday in Washington to discuss electrification goals and EV production. Musk met John Podesta and Mitch Landrieu, the WH confirms. Story with
5
18
26
FTC settled its complaint w/ Chegg that accused the edtech company of exposing student data because of weak security practices. Like many recent FTC orders, it requires the company to limit what data it can collect and retain (data minimization.) 4-0 vote
ftc.gov/system/files/f
1
Since today is my last day at , here's a thread of some of the work I've done there that I'm the proudest of (and... hi editors... what you can commission me to do for you!)
3
12
41
Show this thread
I have a lot of love and respect for my former Washington Post colleagues and know how dedicated they are to doing outstanding journalism and creating a safe and fair workplace. They deserve better.
Show this thread
There are so many outlets that frankly haven't figured out how to recover from losing the "Trump bump" and if they're not trusting, respecting and listening to their staff they're going to keep failing
1
1
5
Show this thread
This 🔥story by about Fred Ryan and the state of the Washington Post is a must-read.
This line in particular sums up a pretty widespread worry many reporters in D.C have right now.
1
8
Show this thread
Good morning! I was on BBC Newsday discussing the Hive ransomware takedown. Around the 27 min mark if you want to listen:
1
2
3
Show this thread
FBI Director Wray says that agents observed only about 20 percent of Hive victims sought law enforcement help but the FBI was able to help victims who didn't report through observing the network.
4
3
Show this thread
Since infiltrating the network the FBI in July it was able to help 1,300 victims with decryption keys, preventing what the FBI describes as a potential $130 million in ransomware payments.
The FBI also provided support to victims to kick Hive off their networks before attacks.
1
2
Show this thread
"Simply put, using lawful means we hacked the hackers," says DOJ's Lisa Monaco. The FBI hid in Hive's network for months, swiping decryption keys to pass to victims.
1
1
1
Show this thread
Investigators found two backend computer servers in Los Angeles. Last night FBI seized that infrastructure w/ court orders
1
2
Show this thread
Hive's most recent victim in the Central District of California was attacked on or about December 30 of last year. Its most recent victim in the Central District of Florida was attacked around 15 days ago, says Merrick Garland
1
1
3
Show this thread
A government source familiar w/ the matter confirmed to that the FBI worked w/ international partners to take down Hive ransomware infrastructure last night. Justice Department is holding a briefing shortly w/ more detail which I'll share here.
1
8
10
Show this thread
I woke up so excited for a slow Thursday but the Justice Department is keeping the cybersecurity world on its toes lately!
3
4
my book chapter on optimism and pessimism has finally been published!!! if you are at all interested in understanding depression treatment, please read this book
Quote Tweet
Delighted to announce that our new book (Treatment of Psychosocial Risk Factors in Depression @APA_Books ; Dozois & Dobson, Eds.) has just been published. apa.org/pubs/books/tre
Show this thread
3
1
11
Show this thread
Stettner emphasized the importance of non-digital off-ramps for digital identity verification, including good old fashioned USPS mail
Show this thread
Stettner says DOL is continuing to pursue Login.gov as an alternative to private vendors dominating the verification space and that Login has "advantages of a set of legal protections and data requirements for looking at equitable bias and economic impacts."
1
Show this thread
Moving on to a panel issues of equity and bias concerns in identity proofing w/ perspectives from Andrew Stettner, deputy director for policy at office of Unemployment Insurance Modernization at Department of Labor
1
1
Show this thread
. just walked the audience
through her nightmare identity theft story, which in true journalist fashion she reported on in a blockbuster LA Times piece this fall. A must-read.
2
2
2
Show this thread
The study found that 80 percent of participants reported having their identity stolen by someone they know. That can make it hard for victims to report to law enforcement + requires new strategies to help victims
1
1
1
Show this thread
ITRC has been working w on a three-year study on identity crime victimization across Black communities in the United States, which suffer a higher rate of identity theft victimization. The goal is to come up with culturally sensitive solutions to help victims.
1
1
2
Show this thread
PSA for fellow journalists: deadline for the next LinkedIn for Journalists training is Feb. 28. If you want your free Premium don't forget to sign up!
business.linkedin.com/cx/linkedin-fo
1
1
4
center notes a trend away from exploitations of zero days to APIs. Good WSJ article on API risks recently (h/t )
2
1
2
Show this thread
"It's a willful decision to not report what happened that led to the breach," says James Lee
66 percent of companies made that choice in 2022. Only 34 percent included victim details (which only some state laws require)
1
1
1
Show this thread
If you’re a young millennial like me you might want to make sure the Neopets hackers didn’t also get your AIM login!
1
1
1
Show this thread
Overall numbers would have been lower from last year if not for the two Twitter data breaches this year (which Twitter has denied)
Second after Twitter? Neopets!
1
Show this thread
For the first time more than half of the publicly debated data breaches did not provide the cause -- two years ago 100 percent did
-for those reported supply chain attacks have surpassed malware as root cause
1
1
Show this thread
When you combine the 400 million+ people affected w/ "the fact that notifications are becoming more and more opaque...that's hundreds of millions of people who are left in the dark about what's happened to them, and more importantly, what they can actually do about it."
1
1
1
Show this thread
First up is acting FinCen deputy director Jimmy Kirby. He says the majority of the over 3 million SARs filed in 2021 involve ID-related exploitation, and the majority of those involve insufficient ID verification process
1
2
5
Show this thread
Spending today at and @IDTheftCenterb Cybersecurity Policy Forum: Identity, Authentication & the Road Ahead and will be live tweeting.
"Identity is critical infrastructure and needs to be treated as such," says BIC director
2
2
7
Show this thread
I grew up reading KidsPost. My grandfather would give it (and the comics) to and me every Sunday we were with him. It's one of my favorite memories of him and reading it made me want to be a journalist. I'm sad future generations won't have that.
Quote Tweet
KidsPost, which debuted in 2000, as a section of the @washingtonpost for young readers, will stop publication in the coming weeks. I’ve been part of the section since 2012, and I have immensely enjoyed talking to kids, writing for kids and putting together the section.
1
1
5
Grateful that today's Ticketmaster hearing gave me an excuse to excitedly explain the masters situation and "All Too Well" Taylor's version to a coworker
GIF
read image description
ALT
2
What makes this news so hard is that Launcher was doing well! In ‘22, Launcher’s traffic was up year over year, even as recovered from cancer. We were succeeding in our mission. I’m stunned. But mostly just sad to lose such wonderful, dedicated, caring colleagues.
3
44
175
Show this thread