Privacy Roundup #0192 • July 2022
The fall of Roe drove July's privacy agenda, as location data, period apps and police access collided with fresh breaches, spyware revelations and a record breach settlement.
1. Google will start erasing location data for abortion clinic visits
Google said it would delete Location History entries soon after a user visits a clinic or other sensitive site. The move answered fears that stored location records could be used to prosecute people seeking abortions after the fall of Roe.
2. NIST announces the first four quantum-resistant encryption algorithms
The US standards body picked four algorithms designed to withstand attacks from future quantum computers. The choices set the foundation for encryption that protects web traffic and stored data against a coming generation of code-breaking machines.
3. Marriott confirms its third data breach in four years
Attackers used social engineering to trick an employee at a Baltimore airport hotel and made off with around twenty gigabytes of internal documents and customer records. Marriott said it contained the intrusion within hours and notified a few hundred guests and staff.
4. Senators urge the FTC to investigate TikTok over China data access
After reports that Beijing-based ByteDance staff had repeatedly accessed US user data, Senators Warner and Rubio asked the FTC to probe what they called deception. TikTok had told lawmakers the data was protected, then conceded that some China-based engineers could reach it.
5. Congress probes period tracking apps and data brokers over abortion privacy
The House Oversight Committee wrote to app makers and data brokers including Flo, Clue and SafeGraph seeking answers on how they collect and sell reproductive health data. Lawmakers warned that such information could be weaponised against people seeking abortions in a post-Roe America.
6. Mangatoon breach exposes data from twenty-three million accounts
A hacker pulled the comic platform's records from an Elasticsearch server that was guarded only by the password "password". The haul included email addresses, social login tokens and hashed passwords for about twenty-three million users.
7. Leaked Uber Files expose secret lobbying and surveillance tactics
A trove of more than one hundred thousand confidential documents revealed how Uber lobbied world leaders, broke laws and dodged investigators during its global expansion. The files showed a kill switch that locked staff computers and changed passwords whenever offices were raided by the authorities.
8. Amazon admits giving Ring footage to police without consent or a warrant
In a letter to Senator Markey, Amazon disclosed it had handed police Ring camera footage eleven times that year under a broad emergency exception. The company would not say how it judged an emergency, and owners were not asked or told.
9. EFF and rights groups warn UN cybercrime treaty would expand surveillance
The EFF, Privacy International and Human Rights Watch told the UN drafting committee that the proposed treaty authorised sweeping cross-border surveillance without safeguards. They cautioned that the text omitted essential data protection principles and could criminalise security research.
10. Neopets breach exposes personal data of sixty-nine million members
A hacker put the virtual pet site's database and source code up for sale, exposing names, email addresses, dates of birth and other details for sixty-nine million accounts. An investigation found the intruders had roamed the company's systems for some eighteen months.
11. Shields Health Care breach hits two million patients
The Massachusetts medical imaging provider disclosed that a hacker accessed its network and stole records belonging to about two million patients. The stolen data included names, Social Security numbers, insurance details and medical histories across more than fifty partner facilities.
12. T-Mobile agrees to pay 350 million dollars over its 2021 breach
T-Mobile settled class action claims tied to a 2021 attack that exposed data on roughly seventy-six million people. It agreed to pay three hundred and fifty million dollars to affected customers and to spend a further one hundred and fifty million on security.
13. EFF says Americans deserve more than the current federal privacy bill
The EFF criticised the American Data Privacy and Protection Act as it moved through the House, warning it would override stronger state laws. The group argued the bill gave people too few rights and left damaging loopholes intact.
14. Twitter probes claims that data on 5.4 million accounts was stolen
A seller on a hacking forum offered the records of 5.4 million Twitter accounts, tied together through a flaw that linked phone numbers and email addresses to profiles. Twitter opened an investigation into the bug, which it had patched earlier in the year.
15. Greek opposition leader targeted by Predator spyware
PASOK leader Nikos Androulakis filed a complaint after a European Parliament scan found a Predator infection link on his phone. The spyware, built by the firm Cytrox, can read messages, photos, passwords and browsing history once installed.
16. Data brokers agree to stop selling location data on abortion clinic visits
Senator Warren announced that SafeGraph and Placer.ai had committed in writing to permanently stop selling location data on people who visit abortion and family planning centres. The pledges followed letters from senators demanding answers about the brokers' data practices.
17. Citizen Lab researcher warns Congress about commercial spyware
The House Intelligence Committee held a hearing on the threat that foreign commercial spyware poses to US national security. Witnesses including Citizen Lab's John Scott-Railton and a Pegasus target described how the tools can seize texts, calls, photos and encrypted chats.
18. OneTouchPoint breach exposes data from dozens of health plans
The marketing and mailing vendor disclosed a ransomware intrusion that exposed records held on behalf of nearly forty health insurers and providers. The compromised data included names, member identifiers, diagnoses and other sensitive medical details.
19. NPR examines the uncharted data privacy risks of a post-Roe era
Privacy experts warned that texts, browsing histories and emails, more than period apps, were the records most likely to feature in abortion prosecutions. The report underscored how few US legal protections shield such data from subpoenas and warrants.
20. Senate committee advances two children's online privacy bills
The Senate Commerce Committee approved the Kids Online Safety Act and an update to the children's privacy law that would extend protections to teenagers up to age seventeen. Privacy advocates welcomed the data limits while warning that the safety bill could push platforms toward more surveillance of young users.
→ iapp.org
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: