An anonymous reader quotes a report from The Register: Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers' personal and financial information -- including bank account and routing numbers, credit card numbers and security or access codes -- after breaking into Infosys' IT systems in the fall. According to Fidelity, in documents filed with the Maine attorney general's office, miscreants "likely acquired" information about 28,268 people's life insurance policies after infiltrating Infosys.

"At this point, [Infosys] are unable to determine with certainty what personal information was accessed as a result of this incident," the insurer noted in a letter [PDF] sent to customers. However, the US-headquartered firm says it "believes" the data included: names, Social Security numbers, states of residence, bank accounts and routing numbers, or credit/debit card numbers in combination with access code, password, and PIN for the account, and dates of birth. In other words: Potentially everything needed to drain a ton of people's bank accounts, pull off any number of identity theft-related scams -- or at least go on a massive online shopping spree.

LockBit claimed to be behind the Infosys intrusion in November, shortly after the Indian tech services titan disclosed the "cybersecurity incident" affecting its US subsidiary, Infosys McCamish Systems aka IMS. It reported that the intrusion shuttered some of its applications and IT systems [PDF]. This was before law enforcement shut down at least some of LockBit's infrastructure in December, although that's never a guarantee that the gang will slink off into obscurity -- as we're already seen. "Since learning of this event, we have been engaged with IMS to understand IMS's actions to investigate and contain the event, implement remedial measures, and safely restore its services," Fidelity assured its customers. "In addition, we remain engaged with IMS as they continue their investigation of this incident and its impact on the data they maintain."

One of the country's most influential courts has asked the nation's top securities regulator for its views on an uncomfortable subject: whether audit reports by outside accounting firms actually matter. From a report: The court already ruled that, at least in one case, they didn't. That case, where an insurer overstated profits and an auditor signed off on its books, led to an investor lawsuit against the auditor that was dismissed. In its ruling, the court said the audit report was so general an investor wouldn't have relied on it. The decision could have broad ramifications for the Securities and Exchange Commission, which oversees corporate financial disclosures, and for the auditing industry, which charged about $17 billion last year for blessing the books of publicly listed companies in the U.S.

The ruling, by a three-judge panel of the Second U.S. Circuit Court of Appeals, prompted three former SEC officials to tell the court it got the answer wrong. They asked the court to reconsider its decision, noting that the SEC in a previous enforcement case had said that "few matters could be more important to investors" than whether a company's financial statements had been subjected to a properly conducted annual audit. The court responded by inviting the SEC to file a brief expressing its views on the former officials' arguments. The SEC in a court filing said that "the commission has an interest in ensuring its views on this issue are considered by the court." Its brief is due Feb. 16. The court ruling involved a lawsuit by investors over an audit gone wrong. AmTrust Financial Services, an insurance company, had overstated its profit, and BDO USA, its outside accounting firm, had blessed the numbers.

An anonymous reader quotes a report from Ars Technica: Prison phone company Global Tel*Link leaked the personal information of nearly 650,000 users and failed to notify most of the users that their personal data was exposed, the Federal Trade Commission said today. The company agreed to a settlement that requires it to change its security practices and offer free credit monitoring and identity protection to affected users, but the settlement doesn't include a fine. "Global Tel*Link and two of its subsidiaries failed to implement adequate security safeguards to protect personal information they collect from users of its services, which enabled bad actors to gain access to unencrypted personal information stored in the cloud and used for testing," the FTC said.

A security researcher notified Global Tel*Link of the breach on August 13, 2020, according to the FTC's complaint (PDF). This happened just after "the company and a third-party vendor copied a large volume of sensitive, unencrypted personal information about nearly 650,000 real users of its products and services into the cloud but failed to take adequate steps to protect the data," the FTC said. The data was copied to an Amazon Web Services test environment to test a new version of a search software product. For about two days, the data was in the test environment and "accessible via the Internet without password protection or other access controls," the FTC said. After hearing from the security researcher, Global Tel*Link reconfigured the test environment to cut off public access. But a few weeks later, the firm was notified by an identity monitoring vendor that the data was available on the dark web. Global Tel*Link didn't notify any users until May 2021, and even then, it only notified a subset of them, according to the FTC. [...]

The complaint said that Global Tel*Link violated the Federal Trade Commission Act's section on unfair or deceptive acts or practices and charged the firm with unfair data security practices, unfair failure to notify affected consumers of the incident, misrepresentations regarding data security, misrepresentations to individual users regarding the incident, misrepresentations to individual users regarding notice, and deceptive representations to prison facilities regarding the incident. To settle the charges, the company agreed to new security protocols, including "'change management' measures to all of its systems to help reduce the risk of human error, use of multifactor authentication, and procedures to minimize the amount of data it collects and stores," the FTC said. Global Tel*Link also has to notify the affected users who were not previously notified of the breach and provide them with credit monitoring and identity protection products. The product must include $1,000,000 worth of identity theft insurance to cover costs related to identity theft or fraud. The company must also notify consumers and prison facilities within 30 days of future data breaches and notify the FTC of the incidents, the agency said. Violations of the settlement could result in fines of $50,120 for each violation, the FTC said.

An anonymous reader quotes a report from The Record: One of the nation's largest private radiology companies agreed to pay a $450,000 fine after a 2021 ransomware attack led to the exposure of sensitive information from nearly 200,000 patients. In an agreement announced on Wednesday, New York Attorney General Letitia James said US Radiology failed to remediate a vulnerability announced by security company SonicWall in January 2021. US Radiology used the company's firewall to protect its network and provide managed services for many of its partner companies, including the Windsong Radiology Group, which has six facilities across Western New York.

The vulnerability highlighted by the attorney general -- CVE-2021-20016 -- was used by ransomware gangs in several attacks. US Radiology was unable to install the firmware patch for the zero-day because its SonicWall hardware was at an end-of-life stage and was no longer supported. The company planned to replace the hardware in July 2021, but the project was delayed "due to competing priorities and resource restraints." The vulnerability was never addressed, and the company was attacked by an unnamed ransomware gang on December 8, 2021.

An investigation determined that the hacker was able to gain access to files that included the names, dates of birth, patient IDs, dates of service, provider names, types of radiology exams, diagnoses and/or health insurance ID numbers of 198,260 patients. The data exposed during the incident also included driver's license numbers, passport numbers, and Social Security numbers for 82,478 New Yorkers. [...] In addition to the $450,000 penalty, the company will have to upgrade its IT network, hire someone to manage its data security program, encrypt all sensitive patient information and develop a penetration testing program. The company will have to delete patient data "when there is no reasonable business purpose to retain it" and submit compliance reports to the state for two years. "When patients visit a medical facility, they deserve confidence in knowing that their personal information will not be compromised when they are receiving care," said Attorney General James. "US Radiology failed to protect New Yorkers' data and was vulnerable to attack because of outdated equipment. In the face of increasing cyberattacks and more sophisticated scams to steal private data, I urge all companies to make necessary upgrades and security fixes to their computer hardware and systems."

"Viasat Inc. has more than $1 billion of orbiting satellites in trouble," reports Bloomberg, "and space insurers are girding for market-rattling claims." The company's roughly $1 billion ViaSat-3 Americas satellite, central to expanding its fixed-broadband coverage and fending off rivals including Elon Musk's Starlink, suffered an unexpected problem as it deployed its antenna in orbit in April. Should Viasat declare it a total loss, industry executives estimate the claim would reach a record-breaking $420 million and, in turn, make it harder — and more expensive — for other satellite operators to get insurance... Viasat on Aug. 24 reported another stricken spacecraft, saying its Inmarsat-6 F2 satellite launched in February suffered a power problem. The failure may end the craft's useful life and result in a $350 million insurance claim, Space Intel Report said.

Viasat's troubles in orbit come a few years after big-name insurers like American International Group Inc. and Allianz SE have shuttered their space portfolios. That's left a smaller pool of providers to absorb the risks in the notoriously high-stakes $553 million market...

Following news of the Inmarsat-6 anomaly, Viasat and other industry participants "will likely experience significant challenges with obtaining insurance for future satellite launches," [investment banking firm] William Blair's Louie DiPalma said in an Aug. 25 note... In 2019, the total losses from satellite claims amounted to $788 million, which overwhelmed the total premiums for the year at $500 million, according to launch and satellite database Seradata. In the years that followed, big names like American International Group Inc., Swiss Re AG, and Allianz SE all closed the door on satellite insurance.
Earlier this month Viasat's CEO says before deciding whether they'll file a claim, "There's no consequences to us taking another couple or three months to get good measurements and then making those decisions."

An anonymous reader shares a report: Earlier this month, shares of big health insurance companies fell after UnitedHealth Group warned that healthcare utilization rates were up. At a conference the company had said that it was seeing a higher-than-expected pace of hip replacements, knee surgeries and other elective procedures. In a new note out Monday, UBS Group AG analysts led by Andrew Mok offer a surprising theory about one factor that could be driving a higher pace of injuries: pickleball.

As everyone knows, the racket game has become a booming (and sometimes controversial) sport and business. And per UBS, not only are "Picklers" competing with the public for use of park and court space, they're also driving up healthcare capacity utilization and costs. The firm estimates between $250-500 million in costs attributable to pickle injuries in 2023. So how does it arrive at this number? First, it establishes that growth has been absolutely mammoth, with huge and accelerating numbers of participants. This year is expected to see a 150% jump in players, to 22.3 million. Of this 22.3 million, UBS estimates that seniors make about a third of "core players" or those who play it at least eight times a year. Pickleball players also have incomes that tend to skew high (with almost half having income of over $100K per year.)

An anonymous reader shares an opinion piece from the Guardian's Arwa Mahdawi: Insurance company documents aren't exactly renowned for being riveting reading. This week, however, State Farm, the largest insurance firm in the US by premium volume, came out with an eyeball-grabbing update: it has stopped accepting new homeowner insurance applications in California. In a statement, the company said the decision was based on the heightened risk of natural disasters, such as wildfires, along with historic increases in construction costs.

This news didn't come out of nowhere. Last year, two large insurance firms in California ended their coverage for some multimillion-dollar houses in wildfire-prone areas. "We cannot charge an adequate price for the risk," one insurance company CEO explained in an earnings call. But the scope of this announcement seems unprecedented. The US's biggest insurer halting new policies in the US's most populous state? A state with a population of nearly 40 million suddenly having its home insurance options curtailed because insurance companies know that extreme weather is only getting worse and more expensive?

If this doesn't serve as a wake-up call about the climate crisis, I don't know what will. Melting ice caps may be abstract enough to ignore, but plummeting house prices have a way of getting people's attention. House prices haven't plummeted yet, of course. Quite the opposite: California is an incredibly expensive place to live. But if you can't get insurance, it's almost impossible to get a mortgage. This makes it harder to sell your house and will make prices go down. The writing is on the wall, as insurance companies are well aware.

A new report looks at the firms that quietly move billions around the banking industry each day. Reciprocal deposits enable banks to place deposits with another bank and receive the same value back through technology firms, reshuffling approximately $1 trillion through their platforms. This deposit-swapping allows banks to offer customers more insurance, a priority after Silicon Valley Bank's failure, where 93% of deposits were uninsured. At the end of last year, around 45% of deposits in the American banking system were uninsured.

Invented by Eugene Ludwig in 2002, reciprocal deposits help banks offer greater deposit insurance without forgoing deposit funding. Ludwig's firm, IntraFi, allows banks to place insured deposits around the system while receiving the same value from other locations. IntraFi, the largest firm with 3,000 banks on its platform, has been joined by r&t Deposit Solutions, ModernFi, and StoneCastle Cash Management. These firms are experiencing rapid growth, with reciprocal deposits' value increasing significantly since March.

The story asks: All this deposit-swapping raises the question of whether it makes sense to maintain the federal cap. The private sector has come up with a clever workaround to offer more deposit insurance than mandated. It is conceivable that, with several thousand banks in the network, an account could offer deposit insurance for hundreds of millions of dollars. Indeed, StoneCastle offers an account with $125m in deposit insurance. But there is a difference between a private-sector workaround and a public-sector mandate. It is currently difficult to match banks so that all are able to offer such high limits (most offer just a few million dollars' insurance), and reciprocal-deposit firms levy fees, too. They apply on top of the charges, of between 0.05% and 0.32% of the value of total liabilities, that institutions pay for federal-deposit insurance.

Abolishing the cap would make insurance pricier across the system; these higher costs would almost certainly be passed on to customers in the form of lower interest rates. Still, if enough depositors seek insurance by spreading deposits around, higher costs might be the result anyway.

SVB Financial Group, the former parent company of Silicon Valley Bank, the lender that was seized by regulators last week after a devastating run on deposits, filed for bankruptcy on Friday. From a report: The move would place SVB Financial, which owns other businesses aside from Silicon Valley Bank, into a court-led process, as it auctions off units that include the investment manager SVB Capital and the brokerage firm SVB securities. Those units continue to operate and were not part of the bankruptcy filing. The bankruptcy process would be separate from the sale of assets led by the Federal Deposit Insurance Corporation to repay Silicon Valley Bank's depositors. SVB Financial said in a statement that it "believes it has approximately $2.2 billion of liquidity." The company had about $3.3 billion in debt outstanding and a type of shares worth $3.7 billion.

Chronic pain patients were implanted with "dummy" pieces of plastic and told it would ease their pain, according to an indictment charging the former CEO of the firm that made the fake devices with fraud. Motherboard reports: Laura Perryman, the former CEO of Stimwave LLC, was arrested in Florida on Thursday. According to an FBI press release, Perryman was indicted "in connection with a scheme to create and sell a non-functioning dummy medical device for implantation into patients suffering from chronic pain, resulting in millions of dollars in losses to federal healthcare programs." According to the indictment, patients underwent unnecessary implanting procedures as a result of the fraud. Perryman was charged with one count of conspiracy to commit wire fraud and health care fraud, and one count of healthcare fraud. Stimwave received FDA approval in 2014, according to Engadget, and was positioned as an alternative to opioids for pain relief.

The Stimwave "Pink Stylet" system consisted of an implantable electrode array for stimulating the target nerve, a battery worn externally that powered it, and a separate, 9-inch long implantable receiver. When doctors told Stimwave that the long receiver was difficult to place in some patients, Perryman allegedly created the "White Stylet," a receiver that doctors could cut to be smaller and easier to implant -- but was actually just a piece of plastic that did nothing. "To perpetuate the lie that the White Stylet was functional, Perryman oversaw training that suggested to doctors that the White Stylet was a 'receiver,' when, in fact, it was made entirely of plastic, contained no copper, and therefore had no conductivity," the FBI stated. "In addition, Perryman directed other Stimwave employees to vouch for the efficacy of the White Stylet, when she knew that the White Stylet was actually non-functional." Stimwave charged doctors and medical providers approximately $16,000 for the device, which medical insurance providers, including Medicare, would reimburse the doctors' offices for.

CRN reports: Prominent incident response firm Mandiant disclosed Tuesday that it responded to 15 percent fewer ransomware incidents last year. The statistic was first reported by the Wall Street Journal. Mandiant, which is owned by Google Cloud, confirmed the stat in an email to CRN.

The WSJ report also included several other indicators that 2022 was a less successful year for ransomware. Cybersecurity giant CrowdStrike told the outlet that the average ransom demand dropped 28 percent last year, to $4.1 million, from $5.7 million the year before. The firm reportedly pinned the decline on factors including the arrests of ransomware gang members and other disruptions to the groups last year, as well as the drop in the value of cryptocurrencies such as Bitcoin. CrowdStrike confirmed the stat to CRN.
Their article also cites a blog post from Chainalysis, the blockchain data platform, which estimated that 2022's total ransomware revenue "fell to at least $456.8 million in 2022 from $765.6 million in 2021 — a huge drop of 40.3%." And that blog post cites the Chief Claims Officer of cyber insurance firm Resilience, who also specifically notes "signs that meaningful disruptions against ransomware actor groups are driving lower than expected successful extortion attempts," including arrests and recovery of extorted cryptocurrency by western law enforcement agencies.

From the Wall Street Journal: After ballooning for years, the amount of money being paid to ransomware criminals dropped in 2022, as did the odds that a victim would pay the criminals who installed the ransomware.... "It reflects, I think, the pivot that we have made to a posture where we're on our front foot," Deputy Attorney General Lisa Monaco said in an interview. "We're focusing on making sure we're doing everything to prevent the attacks in the first place."

The hacking groups behind ransomware attacks have been slowed by better company security practices. Federal authorities have also used new tactics to help victims avoid paying ransom demands.... And the FBI said last month that it disrupted $130 million in potential ransomware profits last year by gaining access to servers run by the Hive ransomware group and giving away the group's decryption keys — used to undo the effects of ransomware — for free.

In the fall, about 45 call-center operators were laid off by former members of a ransomware group known as Conti, according to Yelisey Bohuslavskiy, chief research officer with the threat intelligence firm Red Sense LLC. They had been hired as part of a scam to talk potential victims into installing remote-access software onto networks that would then be infected by ransomware, but the call centers ended up losing money, he said.

Companies have also stepped up their cybersecurity practices, driven by demands from insurance underwriters and a better understanding of the risks of ransomware following high-profile attacks. Companies are spending more money on business continuity and backup software that allow computer systems to restart after they have been infected. With improved backups, U.S. companies are better at bouncing back from ransomware attacks than they were four years ago, according to Coveware Inc., which helps victims respond to ransomware intrusions and has handled thousands of cases. Four years ago, 85% of ransomware victims wound up paying their attackers. Today that number is 37%, according to Coveware Inc. Chief Executive Bill Siegel.

The cyber-insurance market, battered by a rash of pandemic-era ransomware attacks, is making a comeback. Price hikes are moderating, new carriers and fresh sources of capital are emerging, and companies can better afford coverage. From a report: Cyber-insurance pricing increased 10% from a year earlier in January, a fraction of the 110% annual increase reported in the first quarter of 2022, preliminary data from insurance broker Marsh McLennan show. If those trends continue, prices could be set to decline, said Tom Reagan, Marsh's cyber practice leader. The reversal would follow a wave of digital intrusions that dominated the work-from-home era and forced insurers to recalibrate both how they write policies and their risk appetites. Those attacks also pushed their clients to adopt stronger cybersecurity measures. The brutal conditions in the market have let up since then, with claim frequency declining in the fourth quarter of 2022 even as severity remained elevated, according to Marsh.

"What we're left with is a very, very, very different market than what we went into two or three years ago," said Paul Bantick, the global head of cyber risks at London-based insurer Beazley. "We have a mature market that has stood up against a huge test." The risks posed by cyber criminals are still enormous. Ransomware attacks against industrial organizations increased by 87% in 2022 from the year before, while the US Treasury Department said financial institutions flagged nearly $1.2 billion in likely ransomware-related payments in 2021. Recent high-profile breaches at financial services firm ION Trading UK and a major Asian data center emphasized the grim risk posed by hackers. Even so, the total amount extorted from ransomware victims in 2022 dropped to $456.8 million from $765.6 million the year before, according to data from Chainalysis.

IBM, along with 13 of its current and former executives, has been sued by investors who claim the IT giant used mainframe sales to fraudulently prop up newer, more trendy parts of its business. The Register reports: In effect, IBM deceived the market about its progress in developing Watson, cloud technologies, and other new sources of revenue, by deliberately misclassifying the money it was making from mainframe deals, assigning that money instead to other products, it is alleged. The accusations emerged in a lawsuit [PDF] filed late last week against IBM in New York on behalf of the June E Adams Irrevocable Trust. It alleged Big Blue shifted sales by its "near-monopoly" mainframe business to its newer and less popular cloud, analytics, mobile, social, and security products (CAMSS), which bosses promoted as growth opportunities and designated "Strategic Imperatives."

IBM is said to have created the appearance of demand for these Strategic Imperative products by bundling them into three- to five-year mainframe Enterprise License Agreements (ELA) with large banking, healthcare, and insurance company customers. In other words, it is claimed, mainframe sales agreements had Strategic Imperative products tacked on to help boost the sales performance of those newer offerings and give investors the impression customers were clamoring for those technologies from IBM. "Defendants used steep discounting on the mainframe part of the ELA in return for the customer purchasing catalog software (i.e. Strategic Imperative Revenue), unneeded and unused by the customer," the lawsuit stated.

IBM is also alleged to have shifted revenue from its non-strategic Global Business Services (GBS) segment to Watson, a Strategic Imperative in the CAMSS product set, to convince investors that the company was successfully expanding beyond its legacy business. Last April the plaintiff Trust filed a similar case, which was joined by at least five other law firms representing other IBM shareholders. A month prior, the IBM board had been presented with a demand letter from shareholders to investigate the above allegations. Asked whether any action has been taken as a result of that letter, IBM has yet to respond.

"To date, about 500 people have been put in cryogenic stasis after legal death," writes a Bloomberg Opinion technology columnist, "with the majority of them in the U.S.

"But a few thousand more, including Emil Kendziorra, are on waiting lists, wearing bracelets or necklaces with instructions for emergency responders. " Kendziorra, 36, runs Berlin-based Tomorrow Biostasis GmbH, one of the first cryonics businesses in Europe to join a market dominated by American firms organizations like The Alcor Life Extension Foundation and The Cryonics Institute. The former cancer doctor has several hundred people on his firm's waiting list. They skew to their late 30s, male and tend to work in technology. Patients can choose to have their entire body preserved and held upside down in a four-person dewars, a thermos-like aluminum vat filled with liquid nitrogen, or just preserve their brain, which is cheaper.

Kendziorra says cryopreservation overall has become less expensive over the past few decades on an inflation-adjusted basis, a claim that he bases on historic prices published by his peers, who he says are making a collective effort to bring down costs. That could be critical to shifting cryonics from a fringe pursuit to something a little more mainstream, especially since it is no longer just for billionaires like PayPal Inc. co-founder Peter Thiel (who has reportedly signed up with Alcor). Kendziorra, for instance, has made cryonics just another monthly subscription by capitalizing on insurance, he told me during a Twitter Spaces discussion on cryonics last month. His customers pay a 25-euro ($26.54) monthly fee to Tomorrow Biostasis, and they also make the company the beneficiary of a minimum 100,000-euro life insurance payout upon their legal death. Kendziorra says that covers the full cost of cryonics including the biggest outlay: maintenance over the next century or so.

All told, most of his customers are paying about 50 euros a month for both the company's subscription fee and the life insurance policy for the option of a long sleep at death. Of course, most companies don't survive for more than a century, so Tomorrow Biostasis also partners with a non-profit group in Switzerland to carry out the storage of customers on its behalf.... The domain itself is largely funded by wealthy individuals including CEOs of tech companies, angel investors and scientists, Kendziorra says, adding that for them to invest in his own firm, their primary motivation shouldn't be "monetary" but rather to help further the field.

The mechanics all sound sensible, but that still leaves the question of whether cryonics will work, medically speaking. Doctors and scientists have used words like quackery, pseudoscience and outright fraud to describe the field. Clive Cohen, a neuroscientist from Kings College London, has called it a "hopeless aspiration that reveals an appalling ignorance of biology." The Association of Cryobiology has compared it to turning a hamburger back into a cow.

The controversial facial recognition firm hired by the US government during the height of the pandemic is being slammed by members of Congress, who say the company misrepresented how its technology works and downplayed excessive wait times which stopped Americans from collecting unemployment benefits. From a report: New evidence shows that ID.me "inaccurately overstated its capacity to conduct identity verification services to the Internal Revenue Service (IRS) and made baseless claims about the amount of federal funds lost to pandemic fraud in an apparent attempt to increase demand for its identity verification services," according to a new report from the two U.S. House of Representatives committees overseeing the government's COVID-19 response.

The report also said that ID.me -- which received $45 million in COVID relief funds from at least 25 state agencies -- misrepresented the excessively long wait times it forced on people trying to claim emergency benefits like unemployment insurance and Child Tax Credit payments. Wait times for video chats were as long as 4 to 9 hours in some states. Members of Congress also wrote that ID.me provided no evidence to support a claim that unemployment fraud had cost US taxpayers $400 billion.

As insurance companies struggle to stay afloat amid rising cyber claims, Swiss Re has recommended a public-private partnership insurance scheme with one option being a government-backed fund to help fill the coverage gap. From a report: Global cyber insurance premiums hit $10 billion in 2021, according to Swiss Re's estimates. In a study published this week, the insurance giant forecasted 20 percent annual growth to 2025, with premiums rising to $23 billion over the next few years.

Meanwhile, annual cyberattack-related losses total about $945 billion globally, and about 90 of that risk remains uninsured, according to insurance researchers at the Geneva Association. While Forrester estimates a typical data breach costs an average $2.4 million for investigation and recovery, only 55 percent of companies currently have cyber insurance policies. Additionally, less than 20 percent have coverage limits in excess of $600,000, which the analyst firm cites as the median ransomware demand in 2021. "The market needs to mature further to ensure enough insurance protection is available," John Coletti, head cyber reinsurance at Swiss Re, told The Register. "Our industry has a key role to play by addressing three issues: improving data and modeling, increasing contract consistency and clarity and identifying new sources of capital."

Here's the Guardian's report on new cryptographic techniques where "you can share data while keeping that data private" — known by the umbrella term "privacy-enhancing technologies" (or "Pets). They offer opportunities for data holders to pool their data in new and useful ways. In the health sector, for example, strict rules prohibit hospitals from sharing patients' medical data. Yet if hospitals were able to combine their data into larger datasets, doctors would have more information, which would enable them to make better decisions on treatments. Indeed, a project in Switzerland using Pets has since June allowed medical researchers at four independent teaching hospitals to conduct analysis on their combined data of about 250,000 patients, with no loss of privacy between institutions. Juan Troncoso, co-founder and CEO of Tune Insight, which runs the project, says: "The dream of personalised medicine relies on larger and higher-quality datasets. Pets can make this dream come true while complying with regulations and protecting people's privacy rights. This technology will be transformative for precision medicine and beyond."

The past couple of years have seen the emergence of dozens of Pet startups in advertising, insurance, marketing, machine learning, cybersecurity, fintech and cryptocurrencies. According to research firm Everest Group, the market for Pets was $2bn last year and will grow to more than $50bn in 2026. Governments are also getting interested. Last year, the United Nations launched its "Pet Lab", which was nothing to do with the welfare of domestic animals, but instead a forum for national statistical offices to find ways to share their data across borders while protecting the privacy of their citizens.

Jack Fitzsimons, founder of the UN Pet Lab, says: "Pets are one of the most important technologies of our generation. They have fundamentally changed the game, because they offer the promise that private data is only used for its intended purposes...." The emergence of applications has driven the theory, which is now sufficiently well developed to be commercially viable. Microsoft, for example, uses fully homomorphic encryption when you register a new password: the password is encrypted and then sent to a server who checks whether or not that password is in a list of passwords that have been discovered in data breaches, without the server being able to identify your password. Meta, Google and Apple have also over the last year or so been introducing similar tools to some of their products.
The article offers quick explanations of zero-knowledge proofs, secure multiparty computation, and fully homomorphic encryption (which allows the performance of analytics on data by a second party who never reads the data or learns the result).

And "In addition to new cryptographic techniques, Pets also include advances in computational statistics such as 'differential privacy', an idea from 2006 in which noise is added to results in order to preserve the privacy of individuals."

Hailstones of record size are falling left and right, and hailstorm damage is growing. But there is surprisingly little research to explain why. From a report: On Aug. 1, a team of scientists from Western University in London, Ontario, collected a giant hailstone while chasing a storm in Alberta, about 75 miles north of Calgary. The hailstone measured five inches across and weighed a little more than half a pound -- half the size and one-quarter the heft of Mr. Scott's. So it was not a world record, but a Canadian one. The Canadian hailstone added to the list of regional records set in the past couple of years, including Alabama's in 2018 (5.38 inches long, 0.612 pounds), Colorado's in 2019 (4.83 inches, 0.53 pounds) and Africa's in 2020 (around seven inches long, weight unknown). Australia set a national record in 2020, then set it again in 2021. Texas' record was set in 2021. In 2018, a storm in Argentina produced stones so big that a new class of hail was introduced: gargantuan. Larger than a honeydew melon.

But the record-setting has come with increased hail damage. Although the frequency of reported "hail events" in the United States is at its lowest in a decade, according to a recent report by Verisk, a risk assessment firm, insurance claims on cars, houses and crops damaged by hail reached $16.5 billion in 2021 -- the highest ever. Hail can strip plants to the stem and effectively total small cars. Ten years after the record-setting storm in Vivian, the tin roofs of some buildings are still dented. On Wednesday, a hailstorm killed a toddler in the Catalonia region of Spain. "It's one of the few weather hazards that we don't necessarily build for," said Ian Giammanco, a meteorologist at the Insurance Institute for Business & Home Safety. "And it's getting bigger and worse." Although the changing climate probably plays a role in these trends, weather experts say, a more complete explanation might have something to do with the self-stoking interplay of human behavior and scientific discovery. As neighborhoods sprawl into areas that experience heavy hail and greater hail damage, researchers have sought out large hailstones and documented their dimensions, stirring public interest and inviting further study.

Julian Brimelow, the director of the Northern Hail Project, a new collaboration among Canadian organizations to study hail, whose team found the record hailstone in August, said, "It's a pretty exciting time to be doing hail research." The fixation with big hail goes back to at least the 1960s, when Soviet scientists claimed that they could significantly reduce the size of a storm's hailstones by dispersing chemicals into the atmosphere. The method, called cloud seeding, promised to save millions of dollars in crop damage a year. In the 1970s, the United States funded the National Hail Research Experiment to replicate the results of the Soviet experiments, this time by cloud seeding in hailstorms above Northern Colorado. Scientists then collected the largest hailstones they could find to see if it worked. It did not. And a decade of research demonstrated that the Soviet effort probably hadn't worked either. Both countries eventually gave up on the idea, and hailstone research stalled, although cloud seeding to increase rain and snowfall continued -- and continues to this day -- around the world.

The ubiquitous device is becoming a shop window for the firm's services. From a report: As it dreams up more gadgets to sell to more people, however, Apple is employing another strategy in parallel. The company has so far put 1.8bn devices in the pockets and on the desks of some of the world's most affluent consumers. Now it is selling access to those customers to other companies, and persuading those who own its devices to sign up to its own subscription services. As Luca Maestri, Apple's chief financial officer, said on a recent earnings call, the Apple devices in circulation represent "a big engine for our services business." The strategy is picking up speed. Last year services brought in $68bn in revenue, or 19% of Apple's total. That is double the share in 2015. In the latest quarter services' share was even higher, at 24%. Apple doesn't break down where the money comes from, but the biggest chunk is reckoned to be fees from its app store, which amounted to perhaps $25bn last year, according to Sensor Tower, a data provider.

The next-biggest part is probably the payment from Google for the right to be Apple devices' default search engine. This was $10bn in 2020; analysts believe the going rate now is nearer $20bn. Apple's fast-growing advertising business -- mainly selling search ads in its app store -- will bring in nearly $7bn this year, reckons eMarketer, another research firm. Most of the rest comes from a range of subscription services: iCloud storage, Apple Music and Apple Care insurance are probably the biggest, estimates Morgan Stanley, an investment bank. More recent ventures like Apple tv+, Apple Fitness, Apple Arcade and Apple Pay make up the rest. New services keep popping up. Last November Apple launched a subscription product for small companies called Apple Business Essentials, offering tech support, device management and so on. In June it announced a "buy now, pay later" service. The company claims a total of 860m active paid subscriptions, nearly a quarter more than it had a year ago.

After admonishing crypto lender Voyager Digital for "false and misleading" statements on the subject, the FDIC said banks must ensure that crypto firms they partner with are clear about whether customer deposits are insured. From a report: In industry guidance published Friday, the Federal Deposit Insurance Corp. said insured banks should monitor that crypto firms they work with do not misrepresent the availability of deposit insurance and "should take appropriate action to address such misrepresentations." The notice comes a day after the FDIC and Federal Reserve demanded Voyager Digital correct what it called misrepresentations that suggested some of its customers were covered by federal insurance if the firm collapsed.

When Voyager filed for bankruptcy earlier this month, its banking partner, Metropolitan Commercial Bank, issued a statement clarifying that FDIC insurance is available "only to protect against the failure of Metropolitan Commercial Bank," not Voyager. Metropolitan is holding about $350 million in customer funds, which Voyager has told customers will be released after the bank undergoes a fraud prevention process. Metropolitan is far from the only bank holding deposits on behalf of crypto companies, and now the FDIC wants to ensure customers are not further confused about how, or if, their assets are covered.