KXAN: Almost 2 million Texans affected by Texas Department of Insurance data breach

KXAN: Almost 2 million Texans affected by Texas Department of Insurance data breach. “The department said the personal information of 1.8 million workers who have filed compensation claims — including Social Security numbers, addresses, dates of birth, phone numbers and information about workers’ injuries — was accessible online to members of the public from March 2019 to January 2022.”

Sky News: Google sued for using the NHS data of 1.6 million Britons ‘without their knowledge or consent’

Sky News: Google sued for using the NHS data of 1.6 million Britons ‘without their knowledge or consent’. “Google is being sued over its use of confidential medical records belonging to 1.6 million individuals in the UK. The company’s artificial intelligence arm, DeepMind, received the data in 2015 from the Royal Free NHS Trust in London for the purpose of testing a smartphone app called Streams.”

Ars Technica: Some top 100,000 websites collect everything you type—before you hit submit

Ars Technica: Some top 100,000 websites collect everything you type—before you hit submit. “Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000 websites, looking at scenarios in which a user is visiting a site while in the European Union and visiting a site from the United States. They found that 1,844 websites gathered an EU user’s email address without their consent, and a staggering 2,950 logged a US user’s email in some form. Many of the sites seemingly do not intend to conduct the data-logging but incorporate third-party marketing and analytics services that cause the behavior.”

MIT News: Technique protects privacy when making online recommendations

MIT News: Technique protects privacy when making online recommendations. “Algorithms recommend products while we shop online or suggest songs we might like as we listen to music on streaming apps. These algorithms work by using personal information like our past purchases and browsing history to generate tailored recommendations. The sensitive nature of such data makes preserving privacy extremely important, but existing methods for solving this problem rely on heavy cryptographic tools requiring enormous amounts of computation and bandwidth. MIT researchers may have a better solution.”

Bleeping Computer: Hackers stole data undetected from US, European orgs since 2019

Bleeping Computer: Hackers stole data undetected from US, European orgs since 2019. “The Chinese hacking group known as ‘Winnti’ has been stealthily stealing intellectual property assets like patents, copyrights, trademarks, and other corporate data – all while remaining undetected by researchers and targets since 2019. Winnti, also tracked as APT41, is an advanced and elusive cyber-espionage group that is believed to be backed by the Chinese state and operates on behalf of its national interests.”

WIRED: What to Do If You Can’t Log In to Your Google Account

WIRED: What to Do If You Can’t Log In to Your Google Account. “The web is filled with advice and shortcuts on what to do in this situation, from tapping your password manager to turning off two-factor authentication (not recommended!). Rather than use Google’s most popular tool, Search, for the answer, we decided to ask the company directly what happens when users can’t get in and what steps they should take to recover their account. Guemmy Kim, director of account safety and security at Google, guided us through our questions.”

Ars Technica: Russia hammered by pro-Ukrainian hackers following invasion

Ars Technica: Russia hammered by pro-Ukrainian hackers following invasion. “For years, Dmitriy Sergeyevich Badin sat atop the FBI’s most-wanted list. The Russian government-backed hacker has been suspected of cyberattacks on Germany’s Bundestag and the 2016 Olympics, held in Rio de Janeiro. A few weeks into Russia’s invasion of Ukraine, his own personal information—including his email and Facebook accounts and passwords, mobile phone number, and even passport details—was leaked online.”

Engadget: Grindr location data was reportedly for sale for at least three years (updated)

Engadget: Grindr location data was reportedly for sale for at least three years (updated). “Grindr’s past willingness to share sensitive data may have been more problematic than previously thought. The Wall Street Journal understands precise Grindr user location data was collected from the online ad network MoPub (once owned by Twitter) and put on sale through its partner company UberMedia (now UM) since ‘at least’ 2017.”

Ars Technica: Apple, Google, and Microsoft want to kill the password with “Passkey” standard

Ars Technica: Apple, Google, and Microsoft want to kill the password with “Passkey” standard. “The standard is being called either a ‘multi-device FIDO credential’ or just a ‘passkey.’ Instead of a long string of characters, this new scheme would have the app or website you’re logging in to push a request to your phone for authentication. From there, you’d need to unlock the phone, authenticate with some kind of pin or biometric, and then you’re on your way.”

Brookings Institution: How to tackle the data collection behind China’s AI ambitions

Brookings Institution: How to tackle the data collection behind China’s AI ambitions. “Although we have some insight into Chinese A.I. funding generally—see, for example, a recent report from the Center for Security and Emerging Technology on the People’s Liberation Army’s AI investments—we know far less about China’s strategy for data collection and acquisition. Given China’s interest in integrating cutting-edge AI into its intelligence and military enterprise, that oversight represents a profound vulnerability for U.S. national security. Policymakers in the White House and Congress should thus focus on restricting the largely unregulated data market not only to protect Americans’ privacy but also to deny China a strategic asset in developing their AI programs.”

Study: How Amazon uses Echo smart speaker conversations to target ads (The Register)

The Register: Study: How Amazon uses Echo smart speaker conversations to target ads. “Amazon and third-party services have been using smart speaker interaction data for ad targeting, in violation of privacy commitments, according to researchers at four US universities. Academics at the University of Washington, University of California-Davis, University of California-Irvine, and Northeastern University claim ‘Amazon processes voice data to infer user interests and uses it to serve targeted ads on-platform (Echo devices) as well as off-platform (web).’”