Krebs on Security: It Might Be Our Data, But It’s Not Our Breach

Krebs on Security: It Might Be Our Data, But It’s Not Our Breach. “A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm’s analysis of the data suggests it corresponds to current and former customers of AT&T. The telecommunications giant stopped short of saying the data wasn’t theirs, but it maintains the records do not appear to have come from its systems and may be tied to a previous data incident at another company.”

Ars Technica: FTC aims to counter the “massive scale” of online data collection

Ars Technica: FTC aims to counter the “massive scale” of online data collection. “The Federal Trade Commission has kicked off the rulemaking process for privacy regulations that could restrict online surveillance and punish bad data-security practices. It’s a move that some privacy advocates say is long overdue, as similar Congressional efforts face endless uncertainty.”

CyberScoop: Federal courts left Americans’ data exposed, senator tells Supreme Court chief justice

CyberScoop: Federal courts left Americans’ data exposed, senator tells Supreme Court chief justice. “A top Democratic lawmaker is urging U.S. Supreme Court Chief Justice John Roberts to address the federal court system’s decades-long failure to secure Americans’ most sensitive personal information in court filings.”

Bleeping Computer: Twitter confirms zero-day used to expose data of 5.4 million accounts

Bleeping Computer: Twitter confirms zero-day used to expose data of 5.4 million accounts. “Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users’ accounts, allowing a threat actor to compile a list of 5.4 million user account profiles.”

Bleeping Computer: Meta, US hospitals sued for using healthcare data to target ads

Bleeping Computer: Meta, US hospitals sued for using healthcare data to target ads. “A class action lawsuit has been filed in the Northern District of California against Meta (Facebook), the UCSF Medical Center, and the Dignity Health Medical Foundation, alleging that the organizations are unlawfully collecting sensitive healthcare data about patients for targeted advertising.”

New York Times: The Default Tech Settings You Should Turn Off Right Away

New York Times: The Default Tech Settings You Should Turn Off Right Away. “…with every tech product we use, it’s important to take time to peruse the many menus, buttons and switches to pare down the data we share. Here’s a streamlined guide to many of the default settings that I and other tech writers always change.”

EXCLUSIVE: Anti-vax dating site that let people advertise ‘mRNA FREE’ semen left all its user data exposed (Daily Dot)

Daily Dot: EXCLUSIVE: Anti-vax dating site that let people advertise ‘mRNA FREE’ semen left all its user data exposed. “After the Daily Dot set up a test account on the platform, GeopJr was able to change the account’s private email address, username, and profile picture. GeopJr was also able to edit a public post made by the Daily Dot and change its wording. Other data such as the site’s backups could be downloaded or deleted. GeopJr was able to give away $15 per month subscriptions to Unjected as well as reply to and delete help center tickets and reported posts.”

Reuters: Uber admits covering up 2016 hacking affecting 57 million passengers and drivers

Reuters: Uber admits covering up 2016 hacking affecting 57 million passengers and drivers. “Uber Technologies Inc on Friday accepted responsibility for covering up a 2016 data breach that affected 57 million passengers and drivers, as part of a settlement with US prosecutors to avoid criminal charges.”

Engadget: T-Mobile will pay $350 million to settle lawsuits over massive data breach

Engadget: T-Mobile will pay $350 million to settle lawsuits over massive data breach. “If you were a T-Mobile customer in August 2021, you may get a few dollars from the carrier in the near future. It has agreed to settle a consolidated class action lawsuit filed against the company over a data breach that exposed the personal information of 76.6 million ‘current, former and prospective customers.'”

TechCrunch: Denmark bans Chromebooks and Google Workspace in schools over data transfer risks

TechCrunch: Denmark bans Chromebooks and Google Workspace in schools over data transfer risks. “In a verdict published last week, Denmark’s data protection agency, Datatilsynet, revealed that data processing involving students using Google’s cloud-based Workspace software suite — which includes Gmail, Google Docs, Calendar and Google Drive — ‘does not meet the requirements’ of the European Union’s GDPR data privacy regulations.”

The Conversation: What do TikTok, Bunnings, eBay and Netflix have in common? They’re all hyper-collectors

The Conversation: What do TikTok, Bunnings, eBay and Netflix have in common? They’re all hyper-collectors . “Consumer data is big business. In 2019, a report from digital marketers WebFX showed that data from around 1,400 loyalty programs was routinely being traded across the globe as part of an industry worth around US$200 billion. That same year, the Australian Competition and Consumer Commission’s review of loyalty schemes revealed how many of these loyalty schemes lacked data transparency and even discriminated against vulnerable customers. But the digital environment is making data collection even easier.”

Reuters: Limits on personal data gathering by Google, Facebook, others advance in U.S. House

Reuters: Limits on personal data gathering by Google, Facebook, others advance in U.S. House. “A U.S. House of Representatives committee approved on Wednesday a bill to create the first U.S. privacy law limiting personal information collected online by companies like Alphabet’s Google and Meta’s Facebook. The House Energy and Commerce Committee approved the bill by a margin of 53-2. It now goes to the House floor. A companion bill is before the Senate.”

NPR: How to protect your privacy when using mental health care apps

NPR: How to protect your privacy when using mental health care apps. “With online mental health services providing a convenient alternative to traditional methods of in-person therapy for many people, NPR asked digital privacy experts to weigh in on what you should know about protecting your privacy when using these types of platforms. The privacy tips here can apply to more than just online therapy services, but experts say these steps can help with privacy related to therapy apps as well.”

The Conversation: No, submitting junk data to period tracking apps won’t protect reproductive privacy

The Conversation: No, submitting junk data to period tracking apps won’t protect reproductive privacy. “As researchers who develop and evaluate technologies that help people manage their health, we analyze how app companies collect data from their users to provide useful services. We know that for popular period tracking applications, millions of people would need to input junk data to even nudge the algorithm.”

KnowTechie: Ring is giving your camera footage to police without a warrant

KnowTechie: Ring is giving your camera footage to police without a warrant. “Ring has been giving out its users’ camera footage to law enforcement, even without the owners’ consent or a court-ordered warrant. The Amazon subsidiary is apparently very friendly with law enforcement, giving out unwarranted user footage to cops at least 11 times this year.”