sensitive

“Cloud Security Under Scrutiny: Federal Agency Hacked by Government Watchdog”

Department Of The Interior Building
A U.S. government watchdog stole more than one gigabyte of seemingly sensitive personal data from the cloud systems of the U.S. Department of the Interior. The good news: The data was fake and part of a series of tests to check whether the Department’s cloud infrastructure was secure. The experiment is detailed in a new report by the Department of the Interior’s Office of the Inspector General (OIG), published last week. The tests were conducted between March 2022 and June 2023, the OIG wrote in the report. The Department of the Interior manages the country’s federal land, national parks and a budget of billions of dollars, and hosts a significant amount of data in the cloud.

Critical Vulnerability on Indian State Government Website Leaks PII of Residents

Rajasthan Local Voter Getty
An Indian state government has fixed security issues impacting its website that exposed the sensitive documents and personal information of millions of residents. The bugs existed on the Rajasthan government website related to Jan Aadhaar, a state program to provide a single identifier to families and individuals in the state to access welfare schemes. One of the bugs allowed anyone to access personal documents and information with knowledge of a registrant’s phone number. The state’s Jan Aadhaar portal, which launched in 2019, says it has more than 78 million individual registrants and 20 million families. The portal aims to offer “One Number, One Card, One Identity” to residents in the northern state of Rajasthan for accessing state government welfare schemes.

Russian Citizen Accused of Masterminding Medibank Ransomware Attack Faces US Sanctions

Medibank
The U.S. government sanctioned a Russian national for allegedly playing a “pivotal role” in the ransomware attack against Australian health insurance giant Medibank that exposed the sensitive information of almost 10 million patients. The breach is believed to have impacted several high-profile Medibank customers, including senior Australian government lawmakers. The U.S. Treasury Department sanctioned Ermakov shortly after the Australian government imposed first-of-its-kind sanctions against the Russian national. According to the U.S. Treasury, REvil ransomware has been deployed on approximately 175,000 computers worldwide, garnering at least $200 million in ransom payments. The FSB’s surprise operation came just months after the U.S. Department of Justice charged a 22-year-old Ukrainian citizen linked to the REvil ransomware gang due to his alleged role in the Kaseya attack.

The Discovery: A Malfunctioning Glitch Led to Multiple Posts Being Incorrectly Tagged as ‘Sensitive Material’

Twitter X Logo Musk 2
A bug on X, formerly Twitter, was causing numerous posts over the weekend to be flagged as “Sensitive Media,” thwarting the company’s own attempts to make its platform more approachable to advertisers. Today, a bug in our system caused X to incorrectly label numerous posts as Sensitive Media. — Safety (@Safety) January 21, 2024“Sensitive media” is a label X uses to denote content that others may not wish to see, like violence or nudity. X asks its users who want to regularly post such items, to adjust their media settings to appropriately mark their images. This is being fixed.” An hour later, he reposted the message from the X safety team which referred to the issue as a bug.

LoanDepot reports massive data breach, leaving 16.6 million customers’ sensitive personal details compromised in cyber assault.

Loandepot Cyber Incident Breach Ransomware
About 16.6 million LoanDepot customers had their “sensitive personal” information” stolen in a cyberattack earlier this month, which the loan and mortgage giant has described as ransomware. The loan company said in a filing with federal regulators on Monday that it would notify the affected customers of the data breach. LoanDepot did not say what kind of sensitive and personal customer data was stolen. When reached by email, LoanDepot spokesperson Jonathan Fine declined to tell TechCrunch what specific types of customer data was taken. LoanDepot said it has “not yet determined” whether the cybersecurity incident will materially impact the company’s financial condition.

FTC Prohibits Another Data Broker from Marketing Consumers’ Location Information

Location Data
The U.S. Federal Trade Commission has continued its crackdown on data brokers with a settlement banning data aggregation company InMarket from selling consumers’ precise location data. Texas-based InMarket, which debuted as CheckPoints at TechCrunch Disrupt 2010, provides a marketing platform that collects sensitive consumer data — including location data, purchasing history, and demographic information — which brands and advertising agencies use to facilitate targeted advertising on mobile devices. Based on the data that InMarket collects, brands can target shoppers who are likely to be low-income millennials or Christian churchgoers, according to the FTC. In its proposed order unveiled Thursday, the FTC accused InMarket of failing to obtain users’ consent before using their location data for marketing and advertising purposes. That order marked the first time the regulator struck a deal to prohibit a company from selling sensitive location data.

X-Mode Prohibited from Selling Phone Location Data by FTC, and Required to Erase Gathered Information

Gettyimages 1392356345
The U.S. Federal Trade Commission has banned the data broker X-Mode Social from sharing or selling users’ sensitive location data, the federal regulator said Tuesday. The settlement will also require the data broker to delete or destroy all the location data it previously collected, along with any products produced from this data, unless the company obtains consumer consent or ensures the data has been de-identified. X-Mode buys and sells access to the location data collected from ordinary phone apps. While just one of many organizations in the multibillion-dollar data broker industry, X-Mode faced scrutiny for selling access to the commercial location data of Americans’ past movements to the U.S. government and military contractors. Since its inception, X-Mode has imposed strict contractual terms on all data customers prohibiting them from associating its data with sensitive locations such as healthcare facilities.

EU Advertisements Targeting Sensitive Data Draw Privacy Complaint Against Musk’s X

X And Threads Gettyimages 1763609384
Elon Musk’s X, the social media platform formerly known as Twitter, is facing a new privacy complaint in Europe related to its ad targeting tools. The complaint, which is being lodged with the Dutch data protection authority by privacy rights not-for-profit noyb, accuses X of failing to enforce its own its advertising guidelines. “After we filed our first complaint in this matter, the EU Commission has already confirmed to stop advertising on X. “In November, this unlawful use of micro-targeting already prompted noyb to file a complaint against the EU Commission itself. “It remains to be seen if the Commission may take action against X itself under the DSA,” noyb further added.