Privacy Roundup #0217 • August 2024
August 2024 brought the arrest of Telegram's founder, a record GDPR fine on Uber, the National Public Data mega-breach and a run of court rulings that reshaped surveillance and Big Tech privacy.
1. National Public Data confirms breach exposing Social Security numbers
The background check broker National Public Data confirmed a breach after a hacker leaked a database said to hold billions of records of names, addresses and Social Security numbers. The firm later filed for bankruptcy as more than a dozen lawsuits piled up.
2. Telegram CEO Pavel Durov indicted in France
French police arrested Telegram co-founder Pavel Durov at a Paris airport on 24 August, and prosecutors indicted him days later on charges tied to crime on the platform. One of the charges, providing cryptology services without a licence, alarmed privacy advocates across the messaging industry.
3. Federal court rules Google is an illegal monopoly
Judge Amit Mehta ruled on 5 August that Google had unlawfully maintained its monopoly over search and search advertising. The decision opened the door to remedies that could reshape how the company collects and exploits user data.
4. Dutch regulator fines Uber 290 million euros over US data transfers
The Dutch Data Protection Authority fined Uber 290 million euros for sending European drivers' personal data to the United States without proper safeguards. The penalty ranked among the largest ever imposed under the GDPR.
→ www.autoriteitpersoonsgegevens.nl
5. X agrees to suspend use of EU data to train Grok
Ireland's Data Protection Commission won an undertaking from X to stop processing European users' public posts to train its Grok artificial intelligence tool. It was the first time the regulator had used its urgent High Court powers in this way.
6. Brazil lifts its ban on Meta training AI with user data
Brazil's data protection authority lifted the suspension that had stopped Meta from using public posts to train its generative models. The regulator allowed processing to resume after Meta improved transparency, while keeping data of under-eighteens off limits.
7. City of Columbus sues researcher who exposed its ransomware leak
The City of Columbus, Ohio, sued the security researcher who revealed that data stolen in a ransomware attack contained unencrypted personal records of residents. Critics said the lawsuit tried to silence a whistleblower rather than protect the public.
8. Halliburton hit by RansomHub ransomware attack
Oil services giant Halliburton disclosed in an SEC filing that an unauthorised party had accessed its systems and disrupted operations. Researchers later linked the August intrusion to the RansomHub ransomware gang, and the company reported a 35 million dollar loss.
9. Toyota confirms third-party data breach impacting customers
Toyota confirmed that customer and employee data had been stolen after a hacker leaked 240GB of files on a forum. The carmaker blamed a third-party entity and said its own systems were not breached.
10. Microchip Technology discloses cyberattack impacting operations
Chipmaker Microchip Technology told regulators that an intrusion had disrupted servers and forced factories to run below normal levels. The company later said attackers obtained employee contact details and hashed passwords.
11. Enzo Biochem fined 4.5 million dollars over 2023 ransomware breach
The attorneys general of New York, New Jersey and Connecticut fined biotech firm Enzo Biochem for security failures that exposed health data on 2.4 million people. Investigators found shared logins, no multi-factor authentication and a password left unchanged for a decade.
12. ADT confirms breach exposing customer contact details
Home security firm ADT disclosed that an attacker had accessed databases holding customer email addresses, phone numbers and postal addresses. The company said it had no reason to believe financial data or home security systems were compromised.
13. Microsoft pushes Recall to October after privacy backlash
Microsoft said its controversial Recall feature, which captures screenshots of user activity, would reach Windows Insiders in October rather than launch broadly. The delay followed sustained criticism from researchers who showed how easily the snapshots could be extracted.
14. Google says Iranian group targeted Trump and Biden campaign staff
Google's Threat Analysis Group reported that the Iran-linked group APT42 had run phishing operations against people tied to both presidential campaigns. The disclosure detailed how the attackers compromised the personal accounts of political figures.
15. Justice Department sues TikTok over children's privacy
The US Department of Justice sued TikTok and ByteDance, alleging they collected data from millions of children without parental consent in breach of federal law. The complaint sought heavy civil penalties and an order to stop the practice.
16. NIST releases first finalised post-quantum encryption standards
The National Institute of Standards and Technology published three finished standards for encryption designed to resist future quantum computers. The release gave organisations a concrete path to protect long-lived data against a coming threat.
17. Appeals court rules geofence warrants are categorically unconstitutional
The Fifth Circuit held in United States v. Smith that geofence warrants, which sweep up location data from everyone near a place, violate the Fourth Amendment. Privacy advocates welcomed the ruling as a check on dragnet location surveillance.
18. Cyberattack on Mobile Guardian wipes thousands of student devices
A breach of the school device management platform Mobile Guardian let an intruder remotely wipe iOS and ChromeOS devices around the world. Singapore reported that roughly 13,000 students across 26 schools lost access to their machines.
19. Patelco Credit Union confirms member data exposed in ransomware attack
Patelco Credit Union acknowledged that a ransomware attack had exposed personal data including Social Security numbers and dates of birth. The breach affected more than a million current and former members and employees.
20. EFF warns that police drones erode backyard privacy
The Electronic Frontier Foundation argued that the spread of police drones threatens privacy in spaces that courts once treated as protected. With old aerial surveillance precedents offering little shield, it urged states to require warrants for drone flights.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: