Privacy Roundup #0228 • July 2025
July 2025 brought mass breaches, fresh age checks, and a clearer look at how governments and firms hoard our data.
1. Qantas data breach could affect 6 million customers
Qantas said attackers reached customer records through a third party platform used by one of its call centres. Names, email addresses, phone numbers and frequent flyer numbers were exposed for millions of people.
2. Weak passwords expose data on tens of millions of McDonald's job seekers
Researchers guessed the login for McDonald's hiring chatbot and reached the records of about sixty four million applicants. The maker, Paradox.ai, had left a default username and password of "123456" in place.
3. Women's safety app Tea leaks selfies and ID photos
A poorly secured store left about seventy two thousand images open, including selfies and government identity documents. The files spread to public forums, putting users at risk of harassment and fraud.
4. UK age checks for adult sites begin under the Online Safety Act
From 25 July, sites serving adult content in the United Kingdom had to confirm that visitors are over eighteen. Critics warned that credit card and selfie checks force people to hand sensitive data to verification firms.
5. Meta board settles Cambridge Analytica claims for 190 million dollars
Shareholders accused Mark Zuckerberg and other leaders of letting the firm break a privacy order with regulators. The two sides settled on the second day of trial, so the executives avoided giving evidence.
6. EFF exposes a power meter mass surveillance scheme in Sacramento
The local utility searched every customer's energy data and passed more than thirty three thousand tips to police. EFF called the decade long programme an illegal search of private household records.
7. Amazon Ring revives direct police requests for home camera footage
Ring said police could again ask users for video and even request live access to home cameras. EFF warned this undoes earlier reforms and widens a network of private surveillance across neighbourhoods.
8. Police arrest the suspected administrator of the XSS cybercrime forum
Ukrainian and French officers, backed by Europol, detained a man accused of running a forum with more than fifty thousand members. The site sold stolen data, malware and access to hacked systems.
9. Schneier weighs encryption backdoors against the Fourth Amendment
Bruce Schneier reviewed a paper on the Dual_EC backdoor that the NSA pushed into security products. He asked whether secretly weakening encryption breaks the constitutional rule against unreasonable searches.
10. A DOGE staffer leaks a private xAI key from a sensitive system
Marko Elez, who held access to Treasury and Social Security data, published a working xAI key on a code site. The slip raised fresh doubts about how DOGE handles the personal records of Americans.
11. EFF urges an appeals court to protect taxpayer privacy
EFF filed a brief against an arrangement that let the tax agency share protected records with immigration enforcement. It argued the deal breaks long standing limits on the use of tax data.
12. EFF vows to fight on against online age mandates
After the Supreme Court upheld a Texas age check law, EFF set out its plan to resist broader mandates. It warned that such rules strip away the right to read and speak without proving who you are.
13. Investigation maps the firm behind the Clothoff nudify app
A whistleblower told Der Spiegel that Clothoff runs a network of apps that turn ordinary photos into fake nudes. The operators hide their identity, even using AI to fake the face of the company chief.
14. Schneier collects warnings on surveillance in his July newsletter
The Crypto-Gram issue gathered work on the near impossibility of human spying under constant digital tracking. It also noted that large language models could open a new front of intimate surveillance.
15. UK police charge four over the Scattered Spider ransom group
British authorities charged four people tied to a crew blamed for attacks on major retailers. The group is known for tricking staff and stealing data to extort large payments.
16. EFF cautions that zero knowledge proofs cannot save digital ID
The group argued that clever cryptography does not fix the risks built into mandatory digital identity. Age and identity checks still push people to share more data and lose the chance to stay anonymous.
17. EFF says dating apps must learn how consent works
EFF criticised dating services that feed personal profiles and messages into AI tools without asking users. It pressed firms to seek clear consent before mining the most private details of their members.
18. Phishers target aviation executives to scam their customers
Krebs reported a scheme that hijacks executive email accounts in the aviation trade. The attackers then use that trust to redirect payments and steal money from suppliers and clients.
19. Microsoft rushes a fix for attacks on a SharePoint zero day
Microsoft released an emergency patch after attackers exploited a flaw in on premises SharePoint servers. The hole let intruders run code and reach data held inside many organisations.
20. Big Tech gives a mixed response to Treasury sanctions
The government sanctioned a network that hosted scam and cybercrime operations abroad. Krebs found that major technology firms were slow and uneven in cutting off the named bad actors.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: