FlagThis

Apple is notifying users who are likely targeted by government-sponsored spyware, but is redirecting them to third-party security labs instead of performing forensic analysis. This decision stems from their position that in-depth forensic analysis could inadvertently reveal spyware capabilities to the attackers. This approach is praised by security experts as it balances victim protection and security research.

Microsoft’s new AI feature ‘Recall’ for Copilot+ PCs stores screenshots of sensitive data, including credit cards and social security numbers, even when a ‘sensitive information’ filter is enabled. This has raised serious privacy and security concerns among users. This feature takes continuous screenshots of everything a user does. The data is stored locally but sent off to Microsoft’s LLM for analysis. This has prompted an investigation by the UK Information Commissioner’s Office. This incident highlights the potential risks of AI-powered surveillance features and the importance of user privacy.

The Irish Data Protection Commission (DPC) has fined Meta €251 million (approximately $263 million) for General Data Protection Regulation (GDPR) violations. The fine stems from a 2018 data breach that compromised the personal information of 29 million Facebook accounts. The breach underscores the importance of robust security measures to protect user data and highlights the potential financial repercussions of non-compliance with GDPR regulations. The penalty is one of many such penalties faced by tech giants in recent years, showing a trend of increased enforcement of EU privacy laws.

UnitedHealthcare’s Optum had an AI chatbot used by employees exposed to the internet. This chatbot, designed for employees to inquire about claims, was accessible publicly. The exposure raises concerns about the security of sensitive data and the potential for unauthorized access. This incident highlights the risks associated with deploying AI tools without adequate security measures. The AI chatbot exposure occurred amid broader scrutiny of UnitedHealthcare for its use of AI in claims denials.

The FTC has taken action against data brokers Gravy Analytics and Mobilewalla for illegally collecting and selling sensitive information about American residents, including geolocation data from sensitive locations such as places of worship, abortion clinics, and political events. The FTC’s actions aim to protect consumer privacy and limit the collection of sensitive data from vulnerable locations. This highlights the increasing concerns regarding data privacy and the need for stricter regulations on data brokers. The settlements highlight the importance of responsible data handling and compliance with privacy regulations.

A data broker, SL Data Services, exposed 644,869 sensitive files, including background checks, in a publicly accessible cloud storage container. The files contained personal information like names, addresses, phone numbers, and criminal histories. This highlights the risks of data brokers and the need for individuals to protect their personal information.

Bojangles experienced a data breach between February and March 2024, resulting in the exfiltration of files containing employee and customer names and other personal details. The incident highlights the ongoing risk of data breaches affecting various sectors, emphasizing the need for robust security measures.

This news cluster focuses on a former Discord employee’s insights into the platform’s data retention policies and their implications for political activism. The employee reveals that Discord can retain all user messages, raising concerns about potential surveillance and legal repercussions for users engaging in political discussions. The second paragraph provides details about the former employee’s role within Discord’s Trust and Safety team, highlighting their experience in handling sensitive issues such as child safety and investigations into potential illegal activities. The employee stresses the importance of using more secure platforms, such as Signal, for organizing political activism to protect user privacy and avoid potential legal ramifications.