Wij willen met u aan tafel zitten en in een openhartig gesprek uitvinden welke uitdagingen en vragen er bij u spelen om zo, gezamelijk, tot een beste oplossing te komen. Oftewel, hoe kan de techniek u ondersteunen in plaats van dat u de techniek moet ondersteunen.

Meal delivery service Home Chef has confirmed a data breach, two weeks after a data breach seller listed a database of 8 million customer records on a dark web marketplace.

The Chicago-based company said customer names, email addresses and phone numbers were taken in the breach, along with scrambled passwords. The hackers also took the last four digits of its customers’ credit card numbers and mailing addresses, the company said.

But the company said not all customers are affected, and that it would reach out to those whose information was taken.

News of the breach was first reported by Bleeping Computer.

It comes almost two weeks after a data breach seller, named Shiny Hunters, published marketplace listings of 11 companies — including Home Chef. The listings are purportedly selling customer databases for several other large companies, including 30 million records allegedly taken from dating site Zoosk.

Although most of the companies have yet to acknowledge a breach, the Chronicle of Higher Education at Chapman University said it was aware of the dark web postings. Printing service Chatbooks also confirmed it was hacked.

Last year, a hacker known as Gnosticplayers stole close to one billion records records from dozens of websites, including 151 million user records from MyFitnessPal and 57 million user records from Houzz.


TechCrunch

Among the many problems with the prison system are enormous fees for things like video calls, which a handful of companies provide at grossly inflated rates. Ameelio hopes to step in and provide free communication options to inmates; Its first product, sending paper letters, is being welcomed with open arms by those with incarcerated loved ones.

Born from the minds of Yale Law students, Ameelio is their attempt to make a difference in the short term while pushing for reform in the long term, said co-founder and CEO Uzoma Orchingwa.

“I was studying mass incarceration, and the policy solutions I was writing about were going to take a long time to happen,” Orchingwa said. “It’s going to be a long battle before we can make even little inroads. So I was thinking, what can I do in the interim while I work on the longer term project of prison reform?”

He saw reports that inmates with regular communication with loved ones have better outcomes when released, but also that in many prisons, that communication was increasingly expensive and restricted. Some prisons have banned in-person meetings altogether — not surprising during a pandemic — leaving video calling at extortionate rates the only option for speaking face to face with a loved one.

Sometimes costing a dollar a minute, these fees add up quickly and, naturally, this impacts already vulnerable populations the most. Former FCC Commissioner Mignon Clyburn, for whom this was an issue of particular interest during her term, called the prison communication system “the clearest, most glaring type of market failure I’ve ever seen as a regulator.”

It’s worth noting that these private, expensive calling services weren’t always the norm, but were born fairly recently as the private prison industry has expanded and multiplied the ways it makes money off inmates. Some states ban the practice, but others have established relationships with the companies that provide these services — and a healthy kickback to the state and prison, of course.

This billion-dollar industry is dominated by two companies: Securus and Global Tel Link. The service they provide is fairly rudimentary compared with those we on the outside take for granted. Video and audio calls are scheduled, recorded, skimmed for keywords, and kept available to authorities for a few months in case they’re needed.

At a time when video calls are being provided for free to billions around the world who have also been temporarily restricted from meeting in person, charging at all for it seems wrong — and charging a dollar a minute seems monstrous.

Ameelio’s crew of do-gooder law students and developers doesn’t think they can budge the private prison system overnight, so they’re starting with a different product, but one that also presents difficulties to families trying to communicate with inmates: letters.

Written mail is a common way to keep in contact with someone in prison, but there are a few obstacles that may prevent the less savvy from doing so. Ameelio facilitates this by providing an up-to-date list of correct addresses and conventions for writing to any of the thousands of criminal justice facilities around the country, as well as the correct way to look up and identify the inmate you’re trying to contact — rarely as simple as just putting their name at the top.

“The way prison addresses work, the inmate address is different from the physical address. So we scraped addresses and built a database for that, and built a way to find the different idiosyncrasies, like how many lines are necessary, what to put on each line, etc,” said co-founder Gabe Saruhashi.

Once that’s sorted, you write your letter, attach a photo if you want, and it’s printed out and sent (via direct-mail-as-a-service startup Lob). It’s easy to see how removing the friction and cost of printing, addressing and so on would lead to more frequent communication.

Since starting a couple months ago and spreading word of the service on Facebook groups and other informal means, they’ve already sent more than 4,000 letters. But while it’s nice for people to be able to send letters, Ameelio plans to cater to larger organizations that use mail at larger scales.

“The communications challenges that families have are the same challenges that criminal justice organizations and lawyers have when communicating with their clients,” explained Orchingwa. They have to manage the addresses, letter-writing and sending, and a network of people to check on recipients and other follow-up actions. “We’re talking to them, and a lot were very interested in the service we’re offering, so we’re going to roll out a version for organizations. We’re creating a business model in which these organizations, and some of them are well funded, can pay us back but also pay it forward and help keep it free for others.”

How an organization might use and track letter-writing campaigns.

Sending letters is just the opening play for Ameelio, though, but it’s also a way to make the contacts they need and research the market. Outcry against the private calling systems has been constant but the heterogeneous nature of prisons run under state policies means “we don’t have one system, we have 51 separate systems,” as Orchingwa put it. That and the fact that it makes a fair amount of money.

“There’s a lot of movement around getting Securus and Global Tel out,” he said, “But it would shift from families to the state paying, so they need to make back the money they were making from kickbacks.”

Some states have banned paid calls or never allowed them, but others are only changing their policies now in response to external pressure. It’s with these that Ameelio hopes to succeed first.

“We can start in states where there’s no strong relationship to these companies,” said Orchingwa. “You’re going to have state and county officials being asked by their constituents, ‘why are we using them when there’s a free alternative?’ ”

You may wonder whether it’s possible for a fresh young startup to build a video calling platform ready for deployment in such a short time. The team was quick to explain that the actual video call part of the product is something that, like sending letters, can be accomplished through a third party.

“The barrier right now is not at all the video infrastructure – enterprise and APIs will provide that. We already have an MVP of how that will look,” said Saruhashi. Even the hardware is pretty standard — just regular Android tablets stuck to the wall.

“The hard part is the dashboard for the [Department of Corrections],” Saruhashi continued. “They need a way to manage connections that are coming in, schedule conversations, get logs and review them when they’re done.”

But they’re also well into the development of that part, which ultimately is also only a medium-grade engineering challenge, already solved in many other contexts.

Currently the team is evaluating participation in a number of accelerators, and is already part of Mozilla’s Spring MVP Lab, the precursor to a larger incubator effort announced earlier today. “We love them,” said Mozilla’s Bart Decrem.

Right now the company is definitely early stage, with more plans than accomplishments, and they’re well aware that this is just the start — just as establishing better communications options is just the start for more comprehensive reform of the prison and justice system.


TechCrunch

African startups have another $ 100 million in VC to pitch for after Novastar Ventures’ latest raise.

The Nairobi and Lagos based investment group announced it has closed $ 108 million in new commitments to launch its Africa Fund II, which brings Novastar’s total capital to $ 200 million.

With the additional resources, the firm plans to make 12 to 14 investments across the continent, according to Managing Director Steve Beck. He spoke to TechCrunch on Novastar Ventures’ plans for the new fund.

A notable update to Novastar’s VC focus is geographic scope. The firm was originally co-founded in Kenya by Beck and British investor Andrew Carruthers and built its first portfolio largely around companies based in East Africa. Novastar Ventures made 15 investments with its first fund, including companies such as Uganda and Kenya focused energy startup SolarNow and agtech venture M-Farm.

“The second fund is basically the same strategy as the first, but…the biggest difference is that we opened up a second front in West Africa — more particularly to be in and around the entrepreneurial system in Lagos,” Beck told TechCrunch on a call.

Before closing its Africa Fund II, Novastar Ventures had already made several investments in West Africa, including leading a round in Nigerian on demand motorcycle transit startup Max.ng and backing Ghanaian health company, MPharma. Novastar opened an office Lagos in 2019.

On the types of startups Novastar will target with its new fund, the focus is more on mission than industry silos, according to co-founder Steve Beck. “We’re sector agnostic. I would describe us more as a segment fund than a sector fund,” he said.

“We really try to look for businesses called breakthrough businesses, [those] that are addressing the biggest problems in the largest markets.”

That has led Novastar Ventures to invest in digital companies in education, information access, agtech, mobility and off-grid energy.

“Essentially what we’re doing is looking for those businesses that are addressing the basic needs, basic goods and services across the true mass markets of the continent,” said Beck.

On whether the firm is a dedicated impact fund, Beck said, “The way we characterize ourselves is we’re a commercial venture fund with an impact screen.”

On investment amounts and types, Novastar Ventures is fairly flexible on ticket size, from seed to later stage.

“We’re gonna…have some portfolio companies where we put to work a million dollars or less or were going to have some where we put $ 8 or $ 9 million dollars in through capital rounds. That’s…the deployment strategy,” Beck said.

Novastar Ventures works closely with its portfolio companies, according to its co-founder.

“We’re very active investors and always take a board seat to be close to the entrepreneurs. We often are the first institutional investor that they have.”

Africa Top VC Markets 2019

Image Credits: TechCrunch

Startups who want to pitch to the company can reach out to the fund’s founders and directors via the website or LinkedIn, according to Beck. He added that Novastar Ventures is recruiting to add another member to its investor team in 2020.

The firm’s latest raise and $ 200 million capital amount creates another high value fund focused on African startups.

On the high end of estimates, the continent’s tech ecosystem reached $ 2 billion in VC to startups in 2019, compared to less than half a billion dollar five years ago.

Other large Africa focused VC shops include TLcom Capital — which closed a $ 71 million fund in February —  and Partech, which doubled its Africa fund to $ 143 million in 2019. The venture arms of major global companies have also become more active in African tech recently, including that of Goldman Sachs and Visa.


TechCrunch

Facebook has agreed to block access to certain anti-government content to users in Vietnam, following months of having its services throttled there, reportedly by state-owned telecoms.

Reuters, citing sources within the company, reported that Vietnam requested earlier in the year that Facebook restrict a variety of content it deemed illegal, such as posts critical of the government. When the social network balked, the country used its control over local internet providers to slow Facebook traffic to unusable levels.

An explanation at the time that the slowdown was owing to maintenance of undersea cables likely did not convince many, since it was specific to Facebook (and related properties Messenger and Instagram).

All things being equal, Facebook has shown in the past that it would prefer to keep discourse open. But all things are not equal and in this case millions of users were unable to access its services — and consequently, it must be said, unable to be advertised to.

The slowdown lasted some 7 weeks, from mid-February to early April, when Facebook conceded to the government’s demands.

One Reuters source said that “once we committed to restricting more content… the servers were turned back online by the telecommunications operators.”

Facebook offered the following statement confirming general, though not specific, aspects of the story reported by Reuters:

The Vietnamese government has instructed us to restrict access to content which it has deemed to be illegal in Vietnam. We believe freedom of expression is a fundamental human right, and work hard to protect and defend this important civil liberty around the world. However, we have taken this action to ensure our services remain available and usable for millions of people in Vietnam, who rely on them every day.

Facebook is no stranger to government requests both to restrict and to hand over data. Although the company inspects these requests and sometimes challenges them, it’s Facebook’s stated policy to comply with local law — even if that means (as it often does) complicity with government censorship practices.

The justification usually offered (as here) is that people in a country with such restrictions are better served with an incomplete set of Facebook’s communications tools rather than none at all.


TechCrunch

In its first half-decade of existence, PopSocket has grown into one of the most popular — and imitated — smartphone accessories on the market. In 2018 alone, the company generated $ 90 million in profit. Not to bad for a little Colorado-based upstart.

So, where does an utterly dominated accessory maker go from here? Beverages, naturally. Delish was the first to report the existence of the PopThirst line. You may well have missed it in the wake of this week’s iPhone news. I was on a plane with limited WiFi access, I swear. Whatever the case, the weird little retractable phone holder that has captured the world’s imagination $ 15 at a time is now headed for the lucrative field of refreshments. 

It’s an odd evolution of the brand, to be sure. But why not strike while the iron (and coffee) is hot? I know plenty of people who swear by the phone accessory, and the pop-out gripper looks to fit pretty well on a matching koozie for hot and cold beverages, alike. Pop it on a can of LaCroix to find yourself on the cutting edge of the 2016 zeitgeist.

The cupholders feature a wide range of styles, from leopard print to camo. They’re up for pre-order on Popsocket’s page for $ 15 a pop. They’ll go on sale Sept 15.


TechCrunch

The Entertainment Software Association issued an apology of sorts after making available the contact information for more than 2,000 journalists and analysts who attended this year’s E3.

“ESA was made aware of a website vulnerability that led to the contact list of registered journalists attending E3 being made public,” the organization said via statement. “Once notified, we immediately took steps to protect that data and shut down the site, which is no longer available. We regret this this occurrence and have put measures in place to ensure it will not occur again.”

It’s not clear whether the organization attempted to reach out to those impacted by the breach.

In a kind of bungle that utterly boggles the mind in 2019, the ESA had made available on its site a full spreadsheet of contact information for thousands of attendees, including email addresses, phone numbers and physical addresses. While many or most of the addresses appear to be businesses, journalists often work remotely, and the availability of a home address online can present a real safety concern.

After all, many gaming journalists are routinely targets of harassments and threats of physical violence for the simple act of writing about video games on the internet. That’s the reality of the world we currently live in. And while the information leaked could have been worse, there’s a real potential human consequence here.

That, in turn, presents a pretty compelling case that the ESA is going to have a pretty big headache on its hands under GDPR. Per the rules,

In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.

There is, indeed, a pretty strong argument to made that said breach could “result in a risk to the rights and freedoms of natural persons.” Failure to notify individuals in the allotted time period could, in turn, result in some hefty fines.

It’s hard to say how long the ESA knew about the information, though YouTuber Sophia Narwitz, who first brought this information to light publicly, may have also been the first to alert the organization. The ESA appears to have been reasonably responsive in pulling the spreadsheet down, but the internet is always faster, and that information is still floating around online and fairy easily found.

VentureBeat notes rightfully that spreadsheets like these are incredibly valuable to convention organizations, representing contact information some of the top journalists in any given industry. Many will no doubt think twice before sharing this kind of information again, of course.

Notably (and, yes, ironically), the Black Hat security conference experienced a similar breach this time last year. It chalked the issue up to a “legacy system.”

Natasha Lomas contributed to this report


TechCrunch

Another day, another massive data breach.

This time it’s the financial giant and credit card issuer Capital One, which revealed on Monday a credit file breach affecting 100 million Americans and 6 million Canadians. Consumers and small businesses affected are those who obtained one of the company’s credit cards dating back to 2005.

That includes names, addresses, phone numbers, dates of birth, self-reported income and more credit card application data — including over 140,000 Social Security numbers in the U.S., and more than a million in Canada.

The FBI already has a suspect in custody. Seattle resident and software developer Paige A. Thompson, 33, was arrested and detained pending trial. She’s been accused of stealing data by breaching a web application firewall, which was supposed to protect it.

Sound familiar? It should. Just last week, credit rating giant Equifax settled for more than $ 575 million over a date breach it had — and hid from the public for several months — two years prior.

Why should we be surprised? Equifax faced zero fallout until its eventual fine. All talk, much bluster, but otherwise little action.

Equifax’s chief executive Richard Smith “retired” before he was fired, allowing him to keep his substantial pension packet. Lawmakers grilled the company but nothing happened. An investigation launched by the former head of the Consumer Financial Protection Bureau, the governmental body responsible for protecting consumers from fraud, declined to pursue the company. The FTC took its sweet time to issue its fine — which amounted to about 20% of the company’s annual revenue for 2018. For one of the most damaging breaches to the U.S. population since the breach of classified vetting files at the Office of Personnel Management in 2015, Equifax got off lightly.

Legislatively, nothing has changed. Equifax remains as much of a “victim” in the eyes of the law as it was before — technically, but much to the ire of the millions affected who were forced to freeze their credit as a result.

Mark Warner, a Democratic senator serving Virginia, along with his colleague since turned presidential candidate Elizabeth Warren, was tough on the company, calling for it to do more to protect consumer data. With his colleagues, he called on the credit agencies to face penalties to the top brass and extortionate fines to hold the companies accountable — and to send a message to others that they can’t play fast and loose with our data again.

But Congress didn’t bite. Warner told TechCrunch at the time that there was “a failure of the company, but also of lawmakers” for not taking action.

Lo and behold, it happened again. Without a congressional intervention, Capital One is likely to face largely the same rigmarole as Equifax did.

Blame the lawmakers all you want. They had their part to play in this. But fool us twice, shame on the credit companies for not properly taking action in the first place.

The Equifax incident should have sparked a fire under the credit giants. The breach was the canary in the coal mine. We watched and waited to see what would happen as the canary’s lifeless body emerged — but, much to the American public’s chagrin, no action came of it. The companies continued on with the mentality that “it could happen to us, but probably won’t.” It was always going to happen again unless there was something to force the companies to act.

Companies continue to vacuum up our data — knowingly and otherwise — and don’t do enough to protect it. As much as we can have laws to protect consumers from this happening again, these breaches will continue so long as the companies continue to collect our data and not take their data security responsibilities seriously.

We had an opportunity to stop these kinds of breaches from happening again, yet in the two years passed we’ve barely grappled with the basic concepts of internet security. All we have to show for it is a meager fine.

Thompson faces five years in prison and a fine of up to $ 250,000.

Everyone else faces just another major intrusion into their personal lives. Not at the hands of the hacker per se, but the companies that collect our data — with our consent and often without — and take far too many liberties with it.


TechCrunch

Created by R the Company. Powered by SiteMuze.