Category Archives: Privacy

Third-party providers a customer data ‘weak spot’, Australian privacy commissioner says

Posted on by

Carly Kind’s comments come after major leak of customer data collected by IT provider for NSW and ACT clubs

The Australian privacy commissioner has warned third party suppliers are “a real weak spot” for protecting customer privacy after Australian user details were compromised in a leak of supplier data held by NSW and ACT clubs.

Last week more than 1 million people had their personal information including names, addresses, and driver’s licence information exposed after data collected by IT provider Outabox was published online. Outabox’s customers included dozens of clubs in New South Wales, including hospitality giant Merivale.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...

Police arrest Sydney man for blackmail over major data breach affecting up to 1 million NSW and ACT residents

Posted on by

IT provider Outabox, used by dozens of hospitality venues, blamed an ‘unauthorised third party’ for the breach

Police have arrested a Sydney man they expect to charge with blackmail as they investigate a major data breach that saw personal details for up to 1 million New South Wales and ACT residents shared online.

NSW police officers have been working with state, federal and international agencies as they investigate the major breach that is believed to be either blackmail or corporate sabotage after data was published this week.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...

Qantas passengers’ personal details exposed as airline app logs users into wrong account

Posted on by

Airline investigating whether privacy breach allowing customers to view others’ account details was caused by ‘recent system changes’

Potentially thousands of Qantas customers have had their personal details made public via the airline’s app, with some frequent flyers able to view strangers’ account details and possibly make changes to other users’ bookings.

Clare Gemmell from Sydney said that she and four colleagues encountered the problem shortly after 8.30 on Wednesday morning.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...

Anti far-right campaigners say Labor’s anti-doxing laws could be weaponised

Posted on by

Group tells attorney general’s department that not all doxing is harmful and therefore bad or undesirable

Anti-fascist research group the White Rose Society has warned the Australian government that its push for new anti-doxing laws are a “quick fix” for complex problems that could be weaponised against reporting and have negative consequences for society.

In March the attorney general, Mark Dreyfus, announced consultation for new laws that would include a right to sue for serious invasion of privacy and a criminal offence of doxing.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...

Worried about a bump on your date’s penis? There’s an app for that – but not everyone is convinced

Posted on by

Company behind app says no personal information is collected but experts warn of ‘how easily’ data can be hacked

Yudara Kularathne came up with the idea for an AI-driven app when a friend was worried about a bump on their penis.

Kularathne was then a consultant physician in Singapore in 2019, but he saw the potential for an app that could instantly identify a suspected sexually transmitted infection from a photo of male genitalia.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...

Millions more in cash needed to fund UK’s open-banking watchdog

Posted on by

Exclusive: £10m needed for regulator charged with developing tools to thwart financial crime and protect consumers

Banks are under pressure to stump up millions of pounds in interim funding for the organisation that polices open banking, with regulators saying the new money is needed to prevent financial crime and protect consumers if things “go wrong”.

Large banks including NatWest, HSBC, Lloyds and Santander UK were among more than 40 City firms summoned by the Financial Conduct Authority (FCA) last week to discuss a cash injection into Open Banking Limited (OPL), the body that oversees innovation in this area.

Continue reading...

Second accidental data leak in four months ‘regrettable’, Australian finance department says

Posted on by

Incident comes as data shows government sector breaches mostly caused by human error, not criminal acts

The finance department has accidentally shared confidential commercial information for the second time as new data reveals the number of human errors behind government data breaches.

The department has confirmed that last week it emailed 236 suppliers, and that the email included “embedded information with some third-party confidential information”.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...

Ulez fines scandal: Italian police ‘illegally accessed’ thousands of EU drivers’ data

Posted on by

Italy’s data protection body investigates claims police shared names and addresses with firm collecting penalties for TfL

The names and addresses of thousands of EU drivers were unlawfully accessed by Italian police and shared with the company that collects Ulez penalties on behalf of Transport for London (TfL), investigators believe.

The Italian data protection authority is investigating claims by Belgium’s government that an unnamed police department misused official powers to pass the personal details of Belgian drivers to Euro Parking Collections, which is employed by TfL to issue fines to enforce London’s low emission zone (Lez) and ultra-low emission zone.

Continue reading...

Dozens in Jordan targeted by authorities using NSO spyware, report finds

Posted on by

Findings suggest Jordan is relying on cyberweapon to quash dissent and its use is ‘staggeringly widespread’

About three dozen journalists, lawyers and human rights workers in Jordan have been targeted by authorities using powerful spyware made by Israel’s NSO Group amid a broad crackdown on press freedoms and political participation, according to a report by the lobbying group Access Now.

The information suggests the Jordanian government has used the Israeli cyberweapon against members of civil society, including at least one American citizen living in Jordan, between 2019 and September 2023.

Continue reading...

Hackers steal customer data from Europe’s largest parking app operator

Posted on by

Owner of RingGo and ParkMobile says data including parts of credit card numbers taken in cyber-attack

Europe’s largest parking app operator has reported itself to information regulators in the EU and UK after hackers stole customer data.

EasyPark Group, the owner of brands including RingGo and ParkMobile, said customer names, phone numbers, addresses, email addresses and parts of credit card numbers had been taken but said parking data had not been compromised in the cyber-attack.

Continue reading...

Police to be able to run face recognition searches on 50m driving licence holders

Posted on by

Exclusive: Privacy campaigners say clause in new criminal justice bill will put all UK drivers on ‘permanent police lineup’

The police will be able to run facial recognition searches on a database containing images of Britain’s 50 million driving licence holders under a law change being quietly introduced by the government.

Should the police wish to put a name to an image collected on CCTV, or shared on social media, the legislation would provide them with the powers to search driving licence records for a match.

Continue reading...

Sainsbury’s boss defends decision to sell customers’ Nectar card data

Posted on by

Supermarket says it protects personal data ‘incredibly carefully’ and move makes ads ‘more relevant’

The chief executive of Sainsbury’s has defended its decision to sell data on the shopping habits of his customers to TV and consumer goods manufacturers looking to target their advertising.

Simon Roberts has said the supermarket group protects personal data “incredibly carefully” and that its strategy had made adverts more “relevant” for shoppers.

Continue reading...

Hundreds of millions of Australian identity checks may have been illegally conducted, Senate hears

Posted on by

Albanese government is rushing through laws to underpin the ID verification service, say experts who have privacy concerns

Hundreds of millions of identity checks under the federal government’s ID verification service may have been illegally conducted, with the Albanese government rushing through legislation to underpin the service.

Identity verification services are used by government departments and businesses – such as credit card providers and power companies – to combat fraud and identity theft.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...

Britain is ‘omni-surveillance’ society, watchdog warns

Posted on by

Exclusive: Fraser Sampson says law is not keeping up with AI advances as police retain 3m images of innocent people

Britain is an “omni-surveillance” society with police forces in the “extraordinary” position of holding more than 3m custody photographs of innocent people more than a decade after being told to destroy them, the independent surveillance watchdog has said.

Fraser Sampson, who will end his term as the Home Office’s biometrics and surveillance commissioner this month, said there “isn’t much not being watched by somebody” in the UK and that the regulatory framework was “inconsistent, incomplete and in some areas incoherent”.

Continue reading...

Californians will be able to delete all personal online data with first-in-US law

Posted on by

Delete Act signed by governor Gavin Newsom strengthens existing regulations so users will be able to scrub info from a single page

In a victory for privacy advocates and consumers, the California governor Gavin Newsom signed a bill that would enable residents to request that their personal information be deleted from the coffers of all the data brokers in the state.

The bill, SB 362, otherwise known as the Delete Act, was introduced in April 2023 by the state senator Josh Becker in an attempt to give Californians more control over their privacy. Californians already have a right to request their data be deleted under current state privacy laws, but it requires filing a request with each individual company.

Continue reading...

Federal government could pay millions in compensation over asylum seeker data breach

Posted on by

Breach, discovered by Guardian Australia, resulted in information being used to allegedly threaten some in detention

The Australian government may be liable for tens of millions of dollars in compensation to asylum seekers after it posted their personal details online while they were in immigration detention.

The mass data breach, discovered by Guardian Australia in 2014, resulted in information being used, in some cases, to allegedly threaten asylum seekers, or persecute and even jail their family members.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...

TikTok fined €345m for breaking EU data law on children’s accounts

Posted on by

Irish data regulator says platform put 13- to 17-year-old users’ accounts on default public setting, among other breaches

TikTok has been fined €345m (£296m) for breaking EU data law in its handling of children’s accounts, including failing to shield underage users’ content from public view.

The Irish data watchdog, which regulates TikTok across the EU, said the Chinese-owned video app had committed multiple breaches of GDPR rules.

Continue reading...

‘Deeply disturbed’: names of 64 alleged child sex abuse victims mistakenly given to media in Queensland court blunder

Posted on by

Exclusive: Authorities move to notify families after children’s names were provided in unredacted documents

Authorities are notifying the families of 64 alleged victims of an accused Queensland paedophile after their identities were mistakenly made available to journalists.

The state’s attorney general, Yvette D’Ath, apologised for the “breach of victims’ privacy” on Friday morning and announced an inquiry into the error.

Continue reading...

Australia will not force adult websites to bring in age verification due to privacy and security concerns

Posted on by

The eSafety commissioner is to work with industry on a new code to educate parents about how to access filtering software and limit children’s access

The federal government will not force adult websites to bring in age verification following concerns about privacy and the lack of maturity of the technology.

On Wednesday, the communications minister, Michelle Rowland, released the eSafety commissioner’s long-awaited roadmap for age verification for online pornographic material, which has been sitting with the government since March 2023.

Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup

Continue reading...

Customer data used for unwanted romantic contact, UK poll shows

Posted on by

Almost one in three people aged 18-34 have been messaged by staff after giving personal details to a business

Almost one in three people aged 18-34 have received unwanted romantic contact after giving their personal information to a business, a UK poll has shown.

The Information Commissioner’s Office (ICO) has called for recipients of such texts to come forward to help the regulator gather evidence of the impact of this phenomenon.

The ICO has an online form for people who want to report an experience of unwanted contact.

Continue reading...