Big data: With great data comes great responsibility (Open Access Government)

Open Access Government: Big data: With great data comes great responsibility. “Personal data stored within large repositories of companies are regularly exfiltrated in data breaches. Almost every individual in Western society has been subject to their data being exposed in almost always multiple data breaches. Nation-state actors have been exposed to conduct cyber-espionage on individuals and companies. Although it is 2021, George Orwell’s novel 1984 is a distinct possibility nowadays. So, we must ask ourselves: How do we combine Western civil liberties with the advance of ubiquitous data collection technologies?”

ZDNet: Over a billion records belonging to CVS Health exposed online

ZDNet: Over a billion records belonging to CVS Health exposed online. “On Thursday, WebsitePlanet, together with researcher Jeremiah Fowler, revealed the discovery of an online database belonging to CVS Health. The database was not password-protected and had no form of authentication in place to prevent unauthorized entry. Upon examination of the database, the team found over one billion records that were connected to the US healthcare and pharmaceutical giant, which owns brands including CVS Pharmacy and Aetna.”

WICZ: Wegmans Notifies Customers Of Database Security Breach

WICZ: Wegmans Notifies Customers Of Database Security Breach. “Wegmans says they were notified of the issue by a third-party security researcher in mid-April. The company says the database contains customer phone numbers, addresses, email addresses, Shopper’s Club Card numbers, and passwords to Wegmans.com. However, Wegmans says all passwords were encrypted, so the actual characters for the passwords were not involved.”

Channel 4: NHS England digital database launch delayed by two months after patient outcry over consultation

Channel 4: NHS England digital database launch delayed by two months after patient outcry over consultation . “A new central NHS database using GP records in England won’t now come online until September, amid concerns about privacy. The digital system was meant to be launched next month, collating information on patient appointments, treatments and referrals, as well as other data held by local surgeries.”

Financial Times: England’s NHS plans to share patient records with third parties

Financial Times: England’s NHS plans to share patient records with third parties. I do not usually share Financial Times articles because of the paywall, but this article was not paywalled to me. “England’s NHS is preparing to scrape the medical histories of 55m patients, including sensitive information on mental and sexual health, criminal records and abuse, into a database it will share with third parties. The data collection project, which is the first of its kind, has caused an uproar among privacy campaigners, who say it is ‘legally problematic’, especially as patients only have a few weeks to opt out of the plan.”

WUSA: Hackers demand $4 million ransom from DC police, as more officers’ confidential info posted to the dark web

WUSA: Hackers demand $4 million ransom from DC police, as more officers’ confidential info posted to the dark web. “In the latest escalation of an unprecedented cyber-attack against U.S. law enforcement, hackers belonging to the Russian-speaking Babuk syndicate posted a $4 million ransom demand against the Metropolitan Police Department on the dark web. The demand came as more D.C. police officers received notice their confidential information was included within the scope of the April hack.”

Gizmodo: If You Use Twitter’s New Tip Jar Feature, Make Sure You Don’t Accidentally Send People Your Address

Gizmodo: If You Use Twitter’s New Tip Jar Feature, Make Sure You Don’t Accidentally Send People Your Address . “Rachel Tobac, a security professional, was playing around with the app with a friend of hers when she noticed what initially seemed like a glaring security risk. Tobac discovered that if you specifically used PayPal to send someone a tip, you will also be sending them something else fairly intimate: your home address. This doesn’t appear to be an issue for any of the other pay applications set up through Tip Jar.” It’s apparently a PayPal thing.

The Verge: Android bug exposed COVID-19 contact tracing logs to preinstalled apps

The Verge: Android bug exposed COVID-19 contact tracing logs to preinstalled apps. “The Android version of Google and Apple’s COVID-19 exposure notification app had a privacy flaw that let other preinstalled apps potentially see sensitive data, including if someone had been in contact with a person who tested positive for COVID-19, privacy analysis firm AppCensus revealed on Tuesday. Google says it’s currently rolling out a fix to the bug.”

Albania: Alarm Over Indications Of Personal Data Breach, Election Campaign Violations (Transparency International)

Transparency International: Albania: Alarm Over Indications Of Personal Data Breach, Election Campaign Violations. “On 11 April, an Albanian media portal published a database containing personal data and private information of 910,000 individuals, allegedly maintained by the country’s ruling Socialist Party. It was revealed – and since then confirmed – that ‘patrons’ were assigned to voters who tracked their political preferences. Additional comments, recorded by the patrons, reportedly detail their interactions with citizens, with some instances amounting to possible voter intimidation.”

KOMO News: Mental health apps may expose more than you want them to

KOMO News: Mental health apps may expose more than you want them to. “The apps are becoming more popular and offer a range of options, from guided meditations to appointments with a licensed therapist. But the mental health apps aren’t always covered by the same medical privacy laws that shield information shared with medical care providers in person. When federal HIPPA rules do apply, they may not cover all the data collected by digital apps.”

CNET: AirDrop could be hacked to reveal personal information, researchers say

CNET: AirDrop could be hacked to reveal personal information, researchers say. “Apple’s popular AirDrop feature for sharing files may be vulnerable to hacking attempts, according to security researchers at a German university. In a post published Friday, researchers at Technische Universitat Darmstadt said that a nearby stranger could discover the phone number and email of an AirDrop user because of a privacy gap in the feature.”