VTech hired FireEye’s Mandiant cyber forensic team to help investigate the recent cyberattack that resulted in the theft of more than 11 million parent and children's records (see 1512010041). VTech said in a Thursday news release that Mandiant will review how the toy company "handles customer information and clearly define ways in which the group can further strengthen the security of its user data."

It wasn’t just Cyber Monday that broke sales records this holiday season (see 1512020033), comScore said. The day leading into Cyber Monday was the first billion-dollar online shopping Sunday, while Saturday e-commerce sales topped $1 billion for the second consecutive year. Some 107.8 million U.S. online shoppers visited e-commerce sites Cyber Monday using a desktop computer, smartphone or tablet, a 23 percent increase from 2014, comScore said. Amazon had the most visitors, followed by Walmart, eBay, Target and Best Buy, comScore said in a news release Wednesday. "Some web sites experienced unfortunate server problems on Cyber Monday that appear to have been caused by heavy mobile traffic,” comScore Chairman Emeritus Gian Fulgoni said. Shutterfly and Target were two of the retailers suffering setbacks and outages Monday. Target attributed “delayed access” to traffic overload. And Discover said 73 percent of millennials plan to shop on a mobile device this holiday season, vs. 32 percent of nonmillennials. Thirty-six percent of millennials surveyed use mobile wallet technology, and 80 percent of those plan to use it for holiday shopping, compared with 69 percent of nonmillennial mobile wallet users, it said. The survey was conducted among 1,508 U.S. adults Oct. 30-Nov. 2.

As the winter holidays draw nearer, online and mobile shopping continues to rise (see 1511300029) from a year ago, various companies reported this week. Cyber Monday receipts were $3.07 billion, Adobe said. Of the 16 percent year-over-year sales increase, 26 percent ($799 million) came from mobile devices, it said. Apple devices generated $575 million of mobile purchases, and $219 million came from Android smartphones and tablets, it said. Display ads drove 57 percent more sales than in 2014, Adobe said. Social media-driven sales grew 33 percent, with a “major spike” at 6 p.m. Eastern corresponding to the time when many consumers got home from work and logged in to social networking sites, it said. Amazon edged eBay for the most retailer social mentions. At Walmart, nearly half of orders placed on Walmart.com since Thanksgiving were via mobile devices, double the number in 2014, Walmart CEO Fernando Madeira said. Mobile established itself as the “dominant shopping trend” for traffic and sales, Madeira said, with mobile traffic up 70 percent over last year. Madeira noted a shift this year from customers using mobile devices primarily just for searching and browsing to making purchases “at a much higher rate.” Amazon reported a record weekend for its devices that outsold by three times the devices sold last year during Black Friday weekend, it said.

ICANN CEO Fadi Chehadé urged stakeholders to press on with work on the planned Internet Assigned Numbers Authority transition, citing the Cross Community Working Group on Enhancing ICANN Accountability’s posting Monday of the latest draft of its proposed set of changes to ICANN’s accountability mechanisms. The CCWG-Accountability draft proposal included expected consensus language (see 1511270048) on handling advice from the Governmental Advisory Committee after the IANA transition that will allow the ICANN board to reject any GAC consensus advice via a two-thirds majority board vote, provided the board then works with GAC to find a mutually agreeable solution. Final submission of ICANN’s IANA transition plan to NTIA is still months away but the time before then “will be critical to the success of the multistakeholder proposals,” Chehadé said in a Monday blog post. “Once again, I ask you to finish out the last few steps of this journey with as much passion, dedication and hard work as you've put in to it.”

Google has been collecting and data mining the personal information of school children, alleged the Electronic Frontier Foundation in a complaint filed Tuesday with the FTC. EFF said in a news release that it discovered Google's practice while researching for a newly launched campaign about the privacy risks of electronic devices and software supplied to schools. In examining Google's Chromebook and a suite of educational cloud-based software programs called Google Apps for Education, EFF said the company's "sync" feature for the Chrome browser is enabled by default, allowing the company "to track, store on its servers, and data mine for non-advertising purposes, records of every Internet site students visit, every search term they use, the results they click on, videos they look for and watch on YouTube, and their saved passwords." EFF said the company didn't get permission from students or parents to track such data. It said Google isn't living up to the "Student Privacy Pledge," which the company signed and EFF said is "legally enforceable." The privacy group said Google indicated it would "soon disable" the setting that allows sync data to be shared with the company's other services. But EFF said the company needs to do more. A Google spokeswoman said in an email to us: “Our services enable students everywhere to learn and keep their information private and secure. While we appreciate EFF's focus on student privacy, we are confident that these tools comply with both the law and our promises, including the Student Privacy Pledge."

VTech emailed all affected account holders that their information may have been compromised in a Nov. 14 data breach, the supplier of electronic learning toys said in a Monday news release. "As an additional precautionary measure," the company said, it temporarily suspended the Learning Lodge app store that was compromised and 13 other websites for "thorough security assessment and fortification." The company, which on Friday announced the breach, didn't say how many customers were affected, but media reports said they numbered about 5 million. VTech didn't comment Monday. The company said it immediately launched an investigation and also has implemented security measures against further attacks. Learning Lodge, the company said, permits customers to download apps, learning games, e-books and other educational content to VTech products. The company noticed the breach Nov. 24 after a Canadian journalist emailed VTech the prior day, asking about the incident, according to the company's FAQ section on the data breach. While VTech's customer database contains names, email, IP and mailing addresses, encrypted passwords, secret questions and answers for password retrievals, and download history, the company said the database neither contains credit card information nor personal identification data such as Social Security and drivers' license numbers.

The Center for Data Innovation, affiliated with the Information and Technology Innovation Foundation (ITIF), submitted comments to the Office of Management and Budget in response to OMB's request for public comments on proposed revisions to an order governing how the federal government manages information resources. The comments praised the OMB decision as a "welcome and necessary step towards creating a more responsive, transparent, efficient, and accountable government." The revision to the existing rule "provides a valuable opportunity" to better secure the benefits of open government data to the public and private sectors, said the comments.

Smart TVs will be “big-ticket items for hackers” this holiday season, said Symantec threat researcher Candid Wueest in a blog post. The firm researched the various ways a smart TV can be the target of cyberattacks and found that within a short time, a brand new set can be so infected with ransomware as to make it “ultimately unusable,” Wueest said. It found that hackers can easily install malware on the TV because not all its Internet connections make proper use of secure sockets layer encryption, and some that do don’t verify SSL certificates “thoroughly enough,” he said. For example, some TVs accept “self-signed” SSL certificates, “which are easy for attackers to create,” he said. When a user downloads an app to a smart TV, “the attacker could intercept the request and redirect it to another server,” he said. “So instead of the TV downloading the real app from the legitimate server, the request is redirected to a different server, which instead sends down a malicious app to the TV. Once downloaded, the user still has to accept the permissions requested by the malicious app and open it, but since the user doesn’t know the app is not the real one, they will likely accept and install the app anyway.” Though firms like Symantec have “yet to see any widespread malware attacks targeting smart TVs,” that doesn’t mean attackers “won’t target these devices in the future,” he said. To mitigate the threats, smart TV owners need to review privacy policies carefully and “understand the data you are agreeing to share,” he said. Users also should be careful “when installing unverified applications from unknown sources,” and to enable “app verification” in the TV’s settings whenever possible, he said.

The Blu-ray Disc Association is supporting the expected early-2016 introduction of Ultra HD Blu-ray players and movies with the launch of an “interactive website demonstrating the features of the new format,” BDA said Wednesday. Ultra HD Blu-ray “will set a new standard in picture and audio quality, bringing a major upgrade in resolution, color, contrast and motion,” BDA said. The website, UHDBDinnumbers.com, simulates the differences that 4K resolution, high dynamic range and higher frame rates “will make to your favorite movies,” it said. Two sections of the website, one for higher resolution, the other for HDR, are headlined, “See the difference for yourself.” One invites the viewer to use a “slider” to view the differences in standard-definition resolution, HD and Ultra HD. The other enables comparisons between standard dynamic range and HDR. Both sections have the “disclaimer” that the comparative images are only “representative” of the enhancements available with Ultra HD Blu-ray. On wide color gamut, the website touts Ultra HD Blu-ray as capable of displaying 76 percent of the “visible color spectrum” available for viewing by the human eye, vs. 35 percent for the current HD system. Ultra HD Blu-ray movies will be available on 66-GB dual-layer and 100-GB triple-layer discs and can stream video at data transfer rates as high as 128 Mbps, it said, without making advantageous comparisons with less robust data rates available through over-the-top streaming.

The Digital Economy Board of Advisors is being formed to provide recommendations to the NTIA administrator and the secretary of commerce on “a broad range of issues related to the digital economy and Internet policy,” NTIA said Tuesday in a notice. The board is forming as part of the Department of Commerce’s new Digital Economy Agenda, which Secretary Penny Pritzker announced in early November. The agenda seeks to promote a “free and open Internet,” promote trust online, ensure access for “workers, families and companies” and promote innovation, NTIA said. The board’s activities may include analyzing policies restricting cross-border data flows and other barriers to global Internet freedom, along with providing policy advice on cybersecurity and other issues that affect the digital economy, NTIA said. The board may also promote the development of new digital technologies and analyze the Internet’s impact on the U.S. economy. NTIA said it's seeking nominations for board members for two-year terms, with the board consisting of between five and 30 members. The secretary of commerce will appoint the board’s chairman. Board members will come from the private sector and civil society and should be “prominent experts in their fields and recognized for their professional achievements,” NTIA said. Nominations are due Dec. 23.