Author: rescue@crimefire.in

On March 15, the CFPB issued a Request for Information (RFI) about data broker business practices to inform planned rulemaking under the FCRA and provide the CFPB with insight into the full scope of the data broker industry. In particular, CFPB is seeking information about (i) new business models that sell consumer data and (ii) consumer harm and market abuses.
The RFI applies to first-party data brokers that interact directly with consumers as well as third-party data brokers with no direct relationship with consumers. This includes firms that prepare employment background screening reports and credit reports. The CFPB’s market-level inquiries include what types of data is collected, the sources of the data, methods of data collection, whether people can avoid having their data collected, and what controls are in place to protect peoples’ data and safeguard their privacy. The individual inquiries are related to consumer experience, including data brokering harms and benefits, data accuracy and privacy, and correcting inaccurate data.
According to the CFPB, government agencies, technology and privacy experts, financial institutions, consumer advocates, and others have identified numerous consumer harms and abuses related to the operation of data brokers, including significant privacy and security risks, the facilitation of harassment and fraud, the lack of consumer knowledge and consent, and the spread of inaccurate information.
Comments on the RFI are due by June 13.
Putting It Into Practice: This latest inquiry should come as no surprise given the CFPB’s focus on consumer reporting companies that collect and sell access to consumer data (see our previous blog post regarding this focus here). The CFPB has previously highlighted problems that consumers have reported about the three nationwide reporting companies not adequately responding to consumer complaints about errors. The CFPB also issued an advisory opinion in November 2021 affirming that all consumer reporting companies, including tenant and employment screening companies, have an obligation to use reasonable procedures to assure maximum possible accuracy. 
This RFI comes as the CFPB also issued its January 2023 market monitoring orders to data aggregators, which relates to the Section 1033 rulemaking requiring consumer financial services providers to give consumers access to certain financial information. Companies that collect and share consumer data should follow developments related to the CFPB’s Section 1033 rulemaking and this most recent RFI.
About this Author
Moorari Shah is a partner in the Finance and Bankruptcy Practice Group in the firm’s Los Angeles and San Francisco offices. 
Moorari combines deep in-house and law firm experience to deliver practical, business-minded legal advice. He represents banks, fintechs, mortgage companies, auto lenders, and other nonbank institutions in transactional, licensing, regulatory compliance, and government enforcement matters covering mergers and acquisitions, consumer and commercial lending, equipment finance and leasing, and supervisory examinations,…
A.J. is an associate in the Finance and Bankruptcy Practice Group in the firm’s Washington, D.C. office. 
A.J. has over a decade of experience helping banks, non-bank financial institutions, and other companies providing financial products and services in a wide range of matters including government enforcement actions, civil litigation, regulatory examinations, and internal investigations.
With a diversified regulatory, compliance, and enforcement background, A.J. counsels financial institutions in matters involving…
 

You are responsible for reading, understanding and agreeing to the National Law Review’s (NLR’s) and the National Law Forum LLC’s  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  
Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be  a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 
Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.
The National Law Review – National Law Forum LLC 3 Grant Square #141 Hinsdale, IL 60521  Telephone  (708) 357-3317 or toll free (877) 357-3317.  If you would ike to contact us via email please click here.

source

Despite many companies investing more money than ever in advanced cybersecurity tools and technology, experts believe cyber-attack costs for US businesses will rise dramatically in 2023.
Professional cyber-criminals and nation-state threat actors carrying out highly sophisticated attacks continue to make the biggest headlines. However, based on trends, it’s safe to assume many incidents will still result from incredibly effective and hard-to-spot threats such as phishing and social engineering attacks.
Attacks such as these – despite requiring less technical ability – are still effective at getting past even the most advanced cybersecurity technology today because they prey on human error, which, according to a study by IBM, is responsible for 95% of all cybersecurity breaches.
To combat these threats and reduce the likelihood of human error leading to an incident, companies supplement their cybersecurity technology with employee training programs. When implemented effectively, these programs can improve employee cyber knowledge and reduce the risk of an employee falling victim to an attack. At a time when the average breach costs millions, this training is more important than ever.
Here are three tips to consider to help improve your company’s cybersecurity training program:
The old adage ‘practice makes perfect’ rings true, especially when it comes to cybersecurity training. 
But how can companies practice spotting and preventing various types of cyberattacks? Through simulations! 
There are few better ways to teach employees how to recognize, avoid and report potential threats than simulating the attacks they may encounter in the real world. 
Thankfully, several companies and programs, many delivered in an easy-to-use software as a service (SaaS) model – exist today to help organizations strengthen their security by generating phishing, malware and other common cyber-attacks employees may face. These test campaigns are then carried out against staff members, who are required to spot and prevent these hacking attempts.
These simulations of real-world, relevant scenarios can help increase employee vigilance and better prepare staff for threats they may face in a no-stakes environment. An environment of positive reinforcement means employees are more likely to report suspected phishing/smishing attempts ⎯ even when it turns out their suspicions were unwarranted. This may mean more reports to check, but more aware – and wary employees.
It seems like every week a new cyber-attack makes headlines. This inundation of news has led to a dangerous phenomenon known as ‘fear fatigue,’ defined as the “desensitization from repeated exposure to the same message over time.”
According to a survey conducted by Malwarebytes, 80% of the respondents reported some level of fear fatigue related to cybersecurity. This fear fatigue is dangerous and can result in careless behavior capable of leading to significant cybersecurity vulnerabilities and risks. 
To combat fear fatigue and remind employees that their actions are critical to the overall security of the company, organizations can begin by taking small steps. Companies should consider starting by implementing company-wide password protocols. Mandating employees change their passwords every several months and implementing two-factor authentication are simple but powerful reminders for employees to be active participants in their company’s overall cybersecurity posture.
Companies could also consider adding context to communications around cybersecurity to help employees understand the real-world consequences of a potential incident. One example is noting the potential monetary impact a cyber-incident may have on employee bonuses and salaries, among other things. 
Despite every company’s best efforts, relying on employees to prevent cyber-attacks will never be a completely foolproof plan. Therefore, every organization should also implement zero trust cybersecurity and an environment of least privileges. 
At its core, the zero trust cybersecurity security model closely guards company resources while operating under the ‘assume breach’ mentality. This means every request to access company information or services is verified to help prevent any unauthorized network access. 
Similarly, an environment of least privileges can safeguard against unwanted access to software, services, servers, hardware, etc. from accounts that don’t need that access. Ensuring proper access controls with regular assessments and updates helps restrict the attack surface significantly.
At a time when more companies are embracing long-term hybrid workplaces, zero trust and least privilege are powerful tools to help prevent and mitigate vulnerabilities. 
Moving forward, organizations should create products and software that are Secure by Design, with safety features built in. Taking a Secure by Design approach means focusing on people, infrastructure and software development to enhance the company’s security infrastructure. If organizations follow this new model, it can help prevent and mitigate future cyber-attacks. 

source

Doha: The National Cyber Security Agency (NCSA) organised a mandatory specialised training course in cyber security ‘level 1’, that lasted for 5 days, with the participation of more than 60 trainees from many governmental and non-governmental entities.
Several entities participated in the training course, such as the Supreme Judiciary Council, the Government Communications Office, Qatar National Bank, The Amiri Diwan, the Public Prosecution, and the Public Works Authority ‘Ashghal’.
The training course includes a series of training programs throughout the year with several levels and aims to enhance the concepts of cyber security in different entities, as well as introducing the definitions of confidentiality and enhancing the capabilities of individual in cybersecurity.
On this subject, Abdulrahman AlYafiee, a trainee from the National Cyber Security, said that the training course allows trainees to identify the principles of cybersecurity. Furthermore, he expressed his appreciation towards the Agency for supporting the employees to improve their capabilities.
In this regard, Abdullah AlBader, a trainee from the National Cyber Security, stated the significant role of this course in supporting capabilities of employees working in the cyber filed. As well as improving the employees’ skills in various aspects especially the cybersecurity. Furthermore, Sara AlHumaidi, a trainee from the Government Communications Office, emphasized on the importance of this course for understanding and applying a number of important aspects in cyber security and securing data and information.
For her part, Rawan AlKuwari, a trainee from the Government Communications Office, explained that she participated in this course because of her eagerness to learn more about cyber security due to its importance.
The National Cyber Security Agency seeks to enhance the cybersecurity competencies on a national level through training and development to combat cyber-attacks, as it is a shared responsibility between individuals and institutions to keep the nation’s cyber space secured.

Check all issues & supplements

source

Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox.

The company, a supplier to the semiconductor industry, has begun to recover its production capabilities and is working to upgrade its cyber defenses.
MKS Instruments is facing a class action lawsuit in California in connection with a February ransomware attack that forced the company to suspend part of its manufacturing capacity, according to the company’s annual 10-K filed Tuesday with the Securities and Exchange Commission. 
The lawsuit was filed March 3 in the Orange County Superior Court in California seeking unspecified damages. The company said it plans a vigorous defense. 
MKS late last month warned the attack, which disrupted its photonics and vacuum solutions divisions, would result in more than a $200 million hit to quarterly revenue during the first quarter. The company was previously expecting to reach $1 billion in revenue for the period. 
A Moody’s analyst said the ransomware attack is credit negative for the company, which is a key supplier to the semiconductor industry. 
“The financial ramifications, temporary manufacturing delays and the class-action lawsuit underscore the potential cascading impacts of any cyber incident and the need to bolster cybersecurity across the industry,” Terry Dennehy, VP and senior credit officer at Moody’s, said in a statement. 
Moody’s officials said the comment should not be considered an official ratings downgrade of the company, but more of an assessment of the financial impact.
MKS said an investigation shows ransomware actors encrypted some of its systems by deploying malware, according to the regulatory filing. The company has since restored many of its IT systems and reopened certain manufacturing and service operations.
The company retained security specialists to help assess and remediate the company’s IT controls, and is strengthening access requirements and threat detection capabilities.  
MKS is also implementing procedures to facilitate a more timely restoration of its financial reporting capabilities. The company delayed release of its quarterly earnings report following the attack. 
MKS has cybersecurity risk insurance coverage, but the coverage may not cover all of the costs related to the attack, the company said. 
Get the free daily newsletter read by industry experts
The retail behemoth invited a handful of journalists to its tech offices in Bentonville, Arkansas. The scope of Walmart’s operations speaks to the lengths enterprises must go to remain secure. 
The password manager warned customers to lookout for brute force attacks, phishing or credential stuffing.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
The retail behemoth invited a handful of journalists to its tech offices in Bentonville, Arkansas. The scope of Walmart’s operations speaks to the lengths enterprises must go to remain secure. 
The password manager warned customers to lookout for brute force attacks, phishing or credential stuffing.
The free newsletter covering the top industry headlines

source

source

Hyderabad: Telangana State Council of Higher Education (TSCHE) has announced that all the universities in the state offering undergraduate courses will also be incorporating cyber security courses from the next academic year.
Designed and developed by experts from Osmania University and NALSAR University of Law, the course will be availed by the students while they pursue BSc or BA.
TSCHE chairman Prof. R Limbadri chaired a meeting with the revenue principal, commissioner of technical and collegiate education Navin Mittal and vice chancellors of six conventional universities on Thursday.
Convening the meeting, Prof. Limbadri said, “Not just creating awareness on the cybercrimes, the new cyber security course will help students with employability opportunities.”
Apart from cyber security, the university will also be offering BSc (Honours) in Computer Science as a major and artificial intelligence and machine learning as minor subjects from the next academic year.
Another decision was that private affiliated degree colleges will be granted generic affiliation instead of course-wise affiliation from the next academic year.
This meant all the BSc Life Sciences or Physical Sciences will be given a single affiliation instead of course-wise as is being done now. The affiliation process will be through the university management system.
During the meeting, officials reviewed the bucket system that enables students to choose their subject as per their interest.
TSCHE on Thursday further decided to encourage all higher educational institutions to go for National Assessment and Accreditation Council (NAAC) grading.
A seed fund of Rs 1 lakh to the college desirous, will be provided by the council to go for the grading.
To implement the new initiative, the council will reportedly hold workshops and seminars with resource persons from the NAAC Bangalore on creating awareness of the grading system.
Get the news updates on WhatsApp & Telegram by subscribing to our channels. For all the latest Hyderabad updates, download our app Android and iOS.

source

Not enough people are educated about cybersecurity and that leaves everyone vulnerable. Here’s why and how we can address this issue.
Our reliance on the internet and associated devices takes work, leisure, and convenience to a whole new level. But it comes with the downside of creating more opportunities for cyberattacks.
And with the rising cybersecurity skills gap in society, cyberattackers can do more damage by escalating cyber threats and vulnerabilities. How can we stop them?
Cyber threat actors are committed to discovering ways to exploit the new security problems technology presents. Such a high level of dedication is missing on our part to secure our digital environment as a society.
Let’s look at some factors responsible for the cybersecurity skills gap.
Cybersecurity isn’t a common topic of discussion among everyday people. Those who often talk about it either have a vested interest or are affiliated in one way or the other. Yet cybersecurity affects everyone.
Many people learn the hard way, notably when they fall victim to cyberattacks. The lack of interest in cybersecurity stems from a perception that it’s complex, that it's rocket science. This misunderstanding reduces the number of people who want to build a career in cybersecurity. In the long run, there are fewer professionals to manage the rising cyber threats.
Threat actors focus on specific areas to hone their skills. They deploy their expertise to launch attacks based on the uniqueness of a vulnerability or attack.
Cyber experts, on the other hand, lack the resources and training to specialize in specific areas of cybersecurity. No security team can have one expert in every single vector. As a result of this, they don’t always have the specialized skills and technical know-how to match the attackers.
Social biases among cybersecurity executives and gatekeepers contribute to the cybersecurity skills gap too. When you mention a cybersecurity worker, people might assume that you are referring to a middle-class man. Even in movies, the tech gurus that work around the clock to stop the bad guys from compromising networks are mostly men.
This narrative discourages women and other people of different societal backgrounds from joining the workforce because they feel like they don’t belong there.
There’s an exaggerated sense of importance among cybersecurity leaders. Driving a narrative of complexity about the profession, they set overly high requirements for prospective workers, thereby narrowing the entry path.
In addition to having a college degree in a security-related course, cybersecurity employers demand that users must have a series of certifications and ample experience (a catch-22 situation) to qualify for jobs in the industry. These requirements discourage prospects who want to secure a job in cybersecurity and force them to seek other career opportunities.
Cybersecurity affects all of us either directly or indirectly so resolving its skills gap is in all of our best interests.
The ways to resolve the cybersecurity skills gap in society include improving accessibility, training, and opportunities.
Younger people have more affinity for technology. Typically, the digital-age generations have a grasp of how technology works and how to use it a lot more than their older counterparts, but fall short in terms of cybersecurity knowledge.
Stakeholders seem to believe that cybersecurity is a serious business meant for older minds by not exposing children to cybersecurity at an early age. But if young people can use digital technology with ease, they can also master the skills needed to know how to stay secure while using it.
The relevant authorities must take up the responsibility to provide cybersecurity classes at lower education levels. Introducing young people to cybersecurity only at higher education isn't the best approach because they may have already developed other career interests or developed sloppy habits.
You frequently hear about data breaches and leaks in the news. So you would think that cybersecurity training would be readily available and accessible, but that’s not the case. There aren’t that many training platforms and the few ones are expensive, i.e. inaccessible to people without high financial means.
Incessant attacks make society less habitable—an indication that the government has failed in its responsibility to secure its citizens. To correct this, government agencies need to collaborate with cybersecurity institutions and professionals to offer training to interested parties at subsidized rates.
There are fewer people from minority groups working in cybersecurity. Misconceptions over gender, age, and ablities will continue to prevail until the relevant institutions create opportunities for more demographics to come into the field.
Cybersecurity opportunities must extend to creating a conducive work environment for everyone to thrive. Part of this is to establish standard compensations for workers regardless of societal biases. For instance, in racially diverse societies, people of color should have the same cybersecurity training and job opportunities their white counterparts have.
Financial gains and benefits naturally play a huge role in making a job attractive. Most people would gravitate towards jobs with high financial rewards. Closing the cybersecurity skills gap doesn’t end with training people in cybersecurity and creating job opportunities. If the salaries and remunerations aren’t high, people would look elsewhere.
There must be clearly defined career paths. Instead of putting everybody under one umbrella, there should be outlined fields in which practitioners can specialize, grow, and explore.
There's a high reliance on academic performance in cybersecurity employment. But the job is more practical-based than theory. The essential skills one needs to excel on the job are not exclusive to formal learning.
Employers need to review their academic job requirements and adopt more flexible methods. If the job requirements include a college cybersecurity degree, several cybersecurity certifications, and years of experience, many young people don’t stand a chance.
We might argue that hackers are winning the cybersecurity battle. They focus on getting the job done and avoid trivial distractions. As a society, we can only be a match for them when we work together.
Closing the cybersecurity skills gap will give us a more secure digital environment where we can go about our interactions and business without the fear of losing our valuable and sensitive data.
Chris Odogwu is committed to imparting knowledge through his writing. With more than a decade of experience as a writer, he has mastered the art of simplifying the most complex subjects for easy comprehension. He loves to read, dance and watch interesting movies. 

source

Sivan Tehila, director of the Katz School’s master’s program in cybersecurity, at its newly opened Security Operations Center
Yeshiva University Katz School of Science and Health has unveiled New York’s first security operations center to help students gain experience and allow businesses to practice for potential events.
The center is a response to the increasing number of cybersecurity threats to businesses.
 
“The idea is to have them see what it feels like to respond immediately to security incidents,” said Sivan Tehila, director of the Katz School’s master’s program in cybersecurity.
The center provides hands-on experience for students, including immersive simulations where they actually feel as though their company is under attack in real time. The facility is not just for students. All around the city, small- and midsize businesses without dedicated security teams are encountering hacks and security threats. They will be able to access the center to get help when facing security threats.
 
The launch of the center comes at a time when cybersecurity is in the news as a business and consumer threat—but also an economic development opportunity because of the increasing number of jobs in the sector. This week, the New York City Economic Development Corp. also made headway in cybersecurity plans, launching a pilot program to facilitate paid internships in cybersecurity positions. Companies can request to be a part of the program here.
 
Last year Mayor Eric Adams’ Blueprint for Economic Recovery noted that cybersecurity was, along with life sciences, an increasingly important area of growth for the city. There are about 60,000 people working at more than 300 companies in the industry, according to the economic development corporation.
 
About two years ago, Yeshiva began thinking about adding a security center so that program graduates would have real-world experience monitoring, said Paul Russo, the university’s vice provost and dean of its Katz School.
 
“They can understand the hacker viewpoint, to understand the company and assess vulnerabilities,” he said.
 
In the meantime the cyber program at Katz continues to grow. Its online program is ranked second in the nation, and enrollment is expected to grow in the coming years.
In four years enrollment in the cybersecurity master’s program has increased from eight students to 70, Tehila said, and the school expects to double that within a few years. She said graduates work at JPMorgan, Deloitte and EY, among others.
“Our real work is building the workforce that powers New York City,” Russo said.
 
View the discussion thread.
Staying current is easy with Crain's news delivered straight to your inbox, free of charge. Click below to see everything we have to offer.
Don't miss the chance to get the biggest news first! Stay connected to New York business news in print and online
Our Mission
Crain’s New York Business is the trusted voice of the New York business community—connecting businesses across the five boroughs by providing analysis and opinion on how to navigate New York’s complex business and political landscape.
685 Third Avenue
New York, NY 10017
(212) 210-0100
Contact us/ Help Center
Staff directory
Crain jobs

source

DUBLIN–(BUSINESS WIRE)–The “Deep Tech Leadership Certificate (DTLC)” training has been added to ResearchAndMarkets.com’s offering.
Enjoy being involved in the cutting edge of business development
The Deep Tech Leadership Certificate is designed to bring Board Directors and C-Suite Executives up to date in the key Deep Tech competencies of our time.
This will enable them to:
This is the technology decade (Techade) and those that do not engage will be left behind and become commercially redundant. Understanding Deep Tech in the boardroom is of equal importance to profit and loss.
The key areas to master are covered by the below four masterclasses:
For more information about this training visit https://www.researchandmarkets.com/r/i1ywq1
About ResearchAndMarkets.com
ResearchAndMarkets.com is the world’s leading source for international market research reports and market data. We provide you with the latest data on international and regional markets, key industries, the top companies, new products and the latest trends.
ResearchAndMarkets.com
Laura Wood, Senior Press Manager
press@researchandmarkets.com
For E.S.T Office Hours Call 1-917-300-0470
For U.S./ CAN Toll Free Call 1-800-526-8630
For GMT Office Hours Call +353-1-416-8900
ResearchAndMarkets.com
Laura Wood, Senior Press Manager
press@researchandmarkets.com
For E.S.T Office Hours Call 1-917-300-0470
For U.S./ CAN Toll Free Call 1-800-526-8630
For GMT Office Hours Call +353-1-416-8900

source

The third party vendor AudienceView, which Middleury uses for event ticketing, experienced a nation-wide data breach and notified the school about it on Feb. 23, the college told the community on Sunday. Though administrators were initially told the breach had not impacted anyone affiliated with the college, they later began to receive reports from students that their credit card information appeared to have been stolen.
Ticket sales through middlebury.universitytickets.com have been suspended until further notice, Interim Assistant Vice President for Information Technology Services (ITS) Chris Norris wrote in an email to the Middlebury community. Since then, Audience View has suspended all online sales for all schools, noting new security breach concerns.
On Feb. 28, AudienceView sent an email to some Middlebury community members it believed might have been impacted by the breach, providing additional information about the incident and what users could do. In an email to The Campus, Norris advised anyone who received this letter from AudienceView to assume they were exposed, whether or not they have noticed fraud on their account, and to cancel and replace their card as soon as possible.
AudienceViews, formerly called University Ticket, noticed suspicious activity within their product on Feb. 21 and began investigating, according to the email they sent to potentially exposed individuals.
“The investigation determined that between February 17, 2023, and February 21, 2023, certain individuals’ information may have been subject to unauthorized access and acquisition,” the email said.
The college is working to independently verify the relevant dates, and Norris told The Campus in his Wednesday statement that the vendor is now extending the date range of the investigation. Norris’ email to Middlebury community members encouraged anyone who had purchased tickets at any point last month to check their accounts for fraudulent activity.
For the Feb. 17 to 21 timeframe, AudienceView identified 665 individuals whose information might have been exposed in the breach — 594 college community members and 71 from the surrounding community — according to Norris.
The data breach includes personal information such as names, billing addresses, email addresses, phone numbers and payment information, according Norris’ all-school email. The breach did not impact in-person Box Office sales or other Middlebury systems, the college clarified.
AudienceView informed users of the data breach, which has impacted many higher education institutions. These include Worcester Polytechnic Institute, which addressed the issue on their web page. A number of students at Virginia Tech also recently reported credit card theft, and university police are investigating the matter in relation to the AudienceView breach, according to WDBJ7.
Some Middlebury students spoke to The Campus about credit or debit card fraud on their accounts following the AudienceView security breach.
Bailey Walker ’24.5 got an alert from his bank on Feb. 21 that there was fraud detected on his debit card. There was a $300 charge for online fast fashion retailer Shein, and the fraudster attempted another $1,000 charge at Best Buy after Walker froze his card. 
“I get that these things happen, and I'm grateful that my situation resolved itself, but I’m annoyed that this happened because I was participating in school events like the Winter Ball,” Walker said, referring to the Winter Carnival Ball, which took place on Feb. 18. More than 600 students bought tickets for the ball, with many using the college Box Office website, which uses AudienceView, to make their purchases.
“I initially thought it was from a bad purchase I made online, but I already think it’s kind of ridiculous that we have to pay $5 for small things like the Ball or thesis productions and on top of that the service lost our data and may have cost people a lot of money,” Walker said.
Tiffany Li ’26 had $994 charged to her account when a fraudster tried to make a purchase at New Life Cardio Equipment. She is currently waiting for a new card to be shipped to her.
“I’m glad that for me it got caught and I didn’t actually lose money, but it’s been a little inconvenient when I need to use my card for purchases,” Li said. 
Halsey Smith ’23 is also getting a new card after her bank detected a fraudulent charge for $5,364 to California benefit overpayment services. Her bank is reimbursing her for the charge.
As the college has paused use of AudienceView, ticketing for many upcoming events will take place in person at the Box Office. For the “Choral Chameleon: Music for Chameleons” concert taking place on Feb. 3, the college said the Box Office will open at 6:30 p.m. so attendees can buy tickets in person at the door. Other upcoming events will also rely on in-person or phone ticket sales for the time being, according to Norris.

Abigail Chang ’23 (she/her) is the Editor in Chief.  
She previously served as a managing editor, Senior News Editor, News Editor and co-host of The Campus’ weekly news radio show.  
Chang is majoring in English and minoring in linguistics. She is a member of the Media Portrayals of Minorities Project, a Middlebury lab that uses computer-assisted and human coding techniques to analyze bulk newspaper data.  
Throughout last year, Chang worked on source diversity and content audits for different media properties as an intern for Impact Architects LLC. Chang spent summer 2021 in Vermont, working as a general assignment reporter for statewide digital newspaper VTDigger.  Chang is also a member of the Middlebury Paradiddles, an a cappella group.
Lily Jones ’23 is an online editor and senior writer.
She previously served as a Senior News Writer and SGA Correspondent.
Jones is double majoring in Philosophy and Political Science. She  also is an intern for the Rohatyn Center for Global Affairs and on the  ultimate frisbee team.
The Middlebury Campus is the student-run weekly newspaper of Middlebury College. Founded in 1905, our staff has published thousands of stories pertaining to the campus and surrounding community.

source