Privacy Roundup #0075 • October 2012
October 2012 paired huge state and corporate breaches with a widening fight over tracking, as carriers, advertisers and governments all reached for more of our data.
1. South Carolina reveals tax breach exposing 3.6 million Social Security numbers
Governor Nikki Haley announced that hackers had stolen 3.6 million Social Security numbers and 387,000 payment card numbers from the state Department of Revenue. The intrusion, traced back to a contractor who clicked a malicious link in August, was the largest cyberattack on a US state agency at the time.
2. Barnes and Noble PIN pads tampered with in 63 stores
The bookseller disclosed that criminals had planted bugs in one payment terminal at each of 63 shops across nine states to capture card numbers and PINs. The company disconnected every PIN pad in the chain and told affected customers to change their debit card codes.
3. Nationwide Insurance breach hits 1.1 million people
An attacker broke into a network shared by Nationwide and Allied Insurance on 3 October, exposing names, birth dates, Social Security numbers and driving licence details. The data covered both customers and people who had merely requested insurance quotes.
4. EU regulators tell Google to rewrite its privacy policy
European data protection authorities sent a letter to Larry Page demanding more transparency and user control after Google merged data across its services into one policy. Regulators rejected the idea that search, YouTube and Gmail should be treated as a single product for data purposes.
5. Europe's top court asked to rule on fingerprints in passports
The Dutch Council of State referred to the European Court of Justice the question of whether mandatory biometric fingerprints in passports violate privacy rights. The case arose after several Dutch citizens were refused travel documents for declining to surrender their prints.
6. Apple switches advertising tracking back on in iOS 6
Apple introduced the Identifier for Advertisers in iOS 6, reviving cross-app tracking after it had deprecated the permanent device identifier. The new identifier was on by default, and many users did not know it existed or how to limit it.
7. Advertising industry tries to gut Do Not Track at W3C meeting
At the standards body meeting in Amsterdam, advertising representatives pushed for sweeping exceptions that would let marketing data collection continue despite a Do Not Track signal. Working group members warned that such carve-outs would render the standard meaningless.
8. Verizon starts selling subscriber location and browsing data
Verizon Wireless launched Precision Market Insights, a programme that gathered customers' location, app use and web browsing and sold reports to marketers. Privacy advocates questioned whether disclosing the specific sites a subscriber visited might breach federal wiretap law.
9. Yahoo says it will ignore Internet Explorer 10's Do Not Track signal
Yahoo announced it would disregard the Do Not Track header sent by default in Microsoft's new browser, arguing the default did not reflect a real user choice. The move followed Apache's decision to strip the same signal from IE10 requests.
10. Greater Manchester Police fined £120,000 over stolen memory stick
The Information Commissioner penalised the force after an unencrypted USB stick holding details of more than 1,000 people linked to serious crime was stolen from an officer's home. The regulator noted the force had failed to act on a similar breach two years earlier.
11. Stoke-on-Trent council fined £120,000 for unencrypted emails
A council solicitor sent eleven emails containing sensitive child protection details to the wrong address because the legal team had no encryption software. The Information Commissioner increased the penalty because the council had already suffered a similar lapse in 2010.
12. Supreme Court weighs whether anyone can challenge warrantless wiretapping
Justices heard oral argument in Clapper v. Amnesty over whether journalists and lawyers had standing to challenge the FISA Amendments Act. The case turned on whether courts could ever review the NSA's targeted warrantless surveillance of Americans' international communications.
13. French groups move to force Twitter to identify anti-Semitic posters
After the hashtag "#unbonjuif" trended with anti-Semitic abuse, the Union of Jewish Students and SOS Racisme announced legal action to make Twitter reveal the authors. The dispute set French hate-speech law against the platform's policy of responding only to US court orders.
14. Gawker outs a Reddit moderator and ignites a doxxing row
Adrian Chen identified the anonymous moderator "Violentacrez" as a Texas programmer who ran forums trading in images of young women, and the man lost his job. Reddit retaliated by banning Gawker links, sparking a wide argument about anonymity, privacy and accountability online.
15. EFF and MuckRock file more than 200 records requests on police drones
The two groups launched a drone census, filing public records requests with law enforcement agencies nationwide about plans to fly surveillance drones. Early responses revealed agencies quietly seeking federal grants while telling the public they were merely considering the technology.
16. EFF warns Megaupload seizure threatens cloud computing users
EFF filed a brief for a customer who lost lawful files when the government shut down Megaupload and froze access to its servers. The case asked whether ordinary people had any way to retrieve their own data after authorities seized a cloud service.
17. Supreme Court leaves telecom immunity for NSA spying intact
The justices declined to hear Hepting v. AT&T, EFF's challenge to carriers that handed customer communications to the NSA. The refusal confirmed that a 2008 immunity law shielded the companies from lawsuits over warrantless surveillance.
18. EFF argues for warrants before police track phones
At a Fifth Circuit hearing on 2 October, EFF urged the court to require a probable-cause warrant before the government could obtain sixty days of cell-site location data. The case was one of several testing how the Supreme Court's GPS ruling applied to mobile phones.
19. Texas district starts tracking pupils with RFID badges
A San Antonio district switched on a pilot scheme on 1 October that made thousands of students wear identification cards carrying radio chips so administrators could follow their location on campus. The launch drew a small parent protest and warnings from civil liberties advocates that constant tracking of schoolchildren threatened their privacy.
20. NASA loses unencrypted laptop with employee personal data
A laptop holding personally identifiable information for thousands of NASA staff and contractors was stolen from a locked car at the end of October. The device was password protected but not encrypted, prompting the agency to order full-disk encryption on all laptops.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: