Sen. Warner seeks answers on CBP biometric data breach

(Sep 17, 2019) U.S. Sen. Mark Warner, D-Va., has asked for more information on a pair of data breaches in which biometric information was compromised, The Hill reports. Warner sent a letter to acting Customs and Border Protection Commissioner Mark Morgan about the data breach his agency suffered in June. Hackers were able to steal more than 100,000 images of travelers in the incident. “It is absolutely critical that federal agencies and industry improve their track records, especially when handling and process... Read More

JPMorgan hacker to plead guilty to cybercrimes

(Sep 17, 2019) Bloomberg reports Russian hacker Andrei Tyurin will plead guilty for his role in a scheme to hack the financial data of 80 million customers at JPMorgan Chase. Tyurin is alleged to have carried out hacks that helped steal hundreds of millions of dollars from JPMorgan clients. The charges of wire and bank fraud come after Tyurin was extradited from Georgia last year in order to face punishment. (Registration may be required to access this story.)Full Story... Read More

Data breach potentially exposes all 17M Ecuadorian citizens

(Sep 17, 2019) ABC News reports more than 20 million individuals, a majority of whom are from Ecuador, had their personal information breached on an unsecured server owned by Novaestrat. Ecuador's population is approximately 17 million people, meaning all citizens, including children, may have been affected by the breach. If obtained by hackers, the exposed information could lead to anything from phone scams to fraud or cyberattacks. Ecuadorian President Lenin Moreno said he would push through data protection ... Read More

24.3M Lumin PDF users have data exposed

(Sep 17, 2019) ZDNet reports a hacking forum has exposed the personal data of 24.3 million users of the cloud-based service Lumin PDF. Hackers made the data public after allegedly reaching out to Lumin PDF multiple times in recent months. Users' names, email addresses, genders, language settings and hashed password strings or Google access tokens were all part of the exposed data. "The unprotected database was found about [five] months ago," the hacker wrote. "Vendor was contacted multiple times, but ignored a... Read More

New book discusses perils of parents sharing kids' personal details online

(Sep 16, 2019) In a book review for The New Yorker, Hua Hsu takes a look at Leah Plunkett’s “Sharenthood: Why We Should Think Before We Talk About Our Kids Online,” which details the pitfalls of parents sharing private details of their children’s lives over the internet. Hsu writes that children’s consent and a general unconsciousness to potential data loss are two areas Plunkett sees going unconsidered as parents divulge their kids’ information. Plunkett describes “a set of questions, about data and privacy, ... Read More

Attacks could allow hackers to determine data used to train AI, machine learning

(Sep 13, 2019) U.K. Information Commissioner’s Office Artificial Intelligence Research Fellow Reuben Binns and Principal Technology Adviser Andrew Paterson look at two methods malicious actors could use to identify individuals whose data is used to train AI and machine learning systems. If hackers have a person’s data, they could use a model inversion attack to find more information by observing the inputs and outputs of a machine learning model. Membership interference attacks are another method to achieve th... Read More

London-based gender clinic accidentally exposes nearly 2K email addresses

(Sep 12, 2019) The Charing Cross Gender Identity Clinic accidentally exposed the email addresses of nearly 2,000 individuals, BBC News reports. The London-based clinic sent patients two emails about an art competition; however, each message had hundreds of addresses attached. The Tavistock and Portman NHS Foundation Trust announced it will investigate the breach. The trust also notified the U.K. Information Commissioner’s Office of the incident. "Due to an error, the email addresses of some of those we are inv... Read More

Hong Kong seeks end to 'doxing' on messaging platforms

(Sep 12, 2019) The Global Times reports Hong Kong is still dealing with issues of "doxing" and hate speech on its messaging platforms. Claims of doxing surged in August, but Chinese Association of Hong Kong and Macao Studies member Tang Fei said there is no legal basis to shut down social networks, such as Telegram and LIHKG. The platforms are self-regulated and responsible for keeping users' personal information secure. "The existing laws can play a major role in supervising the networks and managing online g... Read More

Potential app breach affects information of 50K Australian college students

(Sep 12, 2019) Third-party payment app Get, formerly Qnect, has possibly been exposed to a data breach affecting more than 50,000 college students at schools around Australia, the Guardian reports. Names, email addresses, birthdates, Facebook IDs and phone numbers were all potentially exposed by the app, which serves 159,000 users and 453 college clubs or societies across four countries. A Reddit user discovered the personal information was accessible through basic application programming interface searches. "... Read More

Assessing GDPR progress in the EU, US, China and Japan

(Sep 11, 2019) We recently conducted an EU General Data Protection Regulation survey, sponsored by international law firm McDermott Will & Emery and carried out by the Ponemon Institute, which revealed that businesses across the globe continue to face challenges understanding and responding to EU data breaches, despite making investments in new personnel and changing business practices. This is a follow-up study to last year's research, "The Race to GDPR," a study we discussed here on Privacy Perspectives ... Read More