Privacy Roundup #0179 • June 2021
June 2021 paired a string of corporate breaches and ransomware payouts with landmark court wins for privacy, as regulators and police surveillance both came under fresh scrutiny.
1. Supreme Court narrows the Computer Fraud and Abuse Act in Van Buren
The court ruled on 3 June that misusing data you are allowed to access does not by itself break the federal hacking law. The EFF called the decision a victory for security researchers and ordinary internet users alike.
2. Cox Media Group hit by ransomware that knocked stations off air
On 3 June a ransomware attack encrypted servers at Cox Media Group, taking down live radio and television streams across the company's stations. The broadcaster later confirmed the incident and notified people whose personal information was exposed.
3. Norton 360 adds a cryptocurrency miner to its antivirus suite
NortonLifeLock announced that its security software would let customers mine Ethereum directly on their own computers. Critics questioned why an antivirus product would bundle mining and warned that the feature was hard to remove cleanly.
4. Amazon Sidewalk enrols Echo and Ring devices by default
Amazon switched on its Sidewalk mesh network and automatically opted in existing devices, giving owners only days to decline. Privacy advocates objected that sharing a slice of home broadband with neighbours should have required consent, not a hurried opt-out.
5. France fines Google 220 million euros for self-preferencing in ad tech
The French competition authority penalised Google on 7 June for favouring its own advertising server and exchange over rivals. Google did not contest the facts and agreed to interoperability commitments to settle the case.
6. Justice Department recovers most of the Colonial Pipeline ransom
On 7 June federal officials announced they had seized about 2.3 million dollars in bitcoin paid to the DarkSide gang after the pipeline attack. The recovery showed that cryptocurrency payments are more traceable than many criminals assume.
7. FBI reveals it secretly ran the Anom encrypted phone network
Operation Trojan Shield, disclosed on 8 June, saw the FBI and partners covertly operate a phone company used by organised crime and read every message. More than 800 people were arrested worldwide after years of monitoring supposedly secure devices.
8. Fastly outage briefly knocks much of the web offline
A latent software bug at the content delivery firm Fastly was triggered on 8 June, taking down major news sites, Reddit, and government portals for about an hour. The episode underlined how a single infrastructure provider can break large parts of the internet at once.
9. Meatpacker JBS confirms it paid an 11 million dollar ransom
JBS, the world's largest meat supplier, said on 9 June that it had paid hackers the equivalent of 11 million dollars after an attack disrupted plants in several countries. The company described the payment as a step to protect customers and limit further damage.
10. Former ADT technician sentenced for spying on customers through cameras
A Texas technician was sentenced on 9 June to more than four years in prison after secretly adding himself to customer accounts to watch home security feeds. He had accessed footage thousands of times over several years, often targeting women.
11. Hackers steal Electronic Arts source code and internal tools
EA disclosed on 10 June that attackers had taken roughly 780 gigabytes of data, including the source code for the Frostbite engine. The intruders reportedly gained entry by social-engineering an employee over Slack to hand over a login token.
12. McDonald's discloses a breach affecting customers and staff
On 11 June McDonald's said intruders had accessed systems in the United States, South Korea, and Taiwan, exposing customer contact details in Asia. The company cut off the access and said no payment card data was taken.
13. Trump-era Justice Department subpoenaed Apple for lawmakers' data
Reports on 11 June revealed that the department had secretly seized metadata on House Intelligence Committee Democrats, their staff, and family members during leak investigations. The disclosures prompted an inspector general review and a congressional inquiry.
14. Volkswagen and Audi notify 3.3 million people of a data breach
On 15 June the carmakers said a marketing vendor had left customer data exposed for nearly two years. The records included names and contact details, and for tens of thousands of people more sensitive items such as driving licence and Social Security numbers.
15. Carnival discloses a second cruise line breach in under a year
Carnival warned customers and staff on 18 June that an intruder had reached personal data across its Carnival, Holland America, and Princess brands. The firm did not say how many people were affected or why notification took months.
16. Wegmans exposes customer data through misconfigured cloud databases
The supermarket chain said on 18 June that two cloud databases had been left publicly accessible since 2018. Exposed records included names, addresses, and login credentials for Wegmans.com accounts.
17. Google delays the death of third-party cookies in Chrome
On 24 June Google pushed its plan to phase out tracking cookies back to late 2023 and slowed testing of its FLoC replacement. The delay extended the life of a tracking method privacy advocates had hoped to see retired sooner.
18. Appeals court rules Baltimore's aerial surveillance unconstitutional
An en banc Fourth Circuit held on 24 June that the city's spy plane programme, which tracked movements across the city, violated the Fourth Amendment. The court ordered police to stop using data gathered by the now-defunct flights.
19. Judge blocks Florida's social media deplatforming law
On 30 June a federal judge halted Florida's statute that would have fined platforms for removing political candidates' accounts. The judge found the law likely violated the First Amendment by compelling companies to host speech against their own standards.
20. Scraped data on 700 million LinkedIn users put up for sale
A dataset covering roughly 92 per cent of LinkedIn members appeared for sale online at the end of June, drawn from profiles via the site's interface. LinkedIn maintained that this was scraping rather than a breach, since no private account data was taken.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: