Category Archives: Privacy

‘Buying bad’: the black market where access to hacked Australian data can cost just $500

Posted on by

Some sites that mediate the sale of hacked data use Reddit-style upvoting systems to weed out scammers and law enforcement

When personal data is stolen in a breach, such as the recent high-profile attacks on Optus and Medibank, it often begins a journey through a shadowy criminal marketplace which follows surprisingly traditional models of supply and demand.

Passwords, personal information, copies of identity documents and contact details of victims may pass through a web of transactions, mediated in online forums or hidden on the dark web, and denominated in cryptocurrency, before ending up in the hands of those who plan to exploit them.

Sign up for our free morning and afternoon email newsletters from Guardian Australia for your daily news roundup

Continue reading...

Cybercrime in Australia has been on the rise for years, but Optus and Medibank have been wake-up calls

Posted on by

Experts say the recent prominence of data breaches is just companies being more forthcoming and the media more focused on reporting them

It might seem like data breaches are occurring more frequently than ever in the wake of the Optus cyber-attack, but while cybercrime incidents are constantly on the rise, Australia isn’t really a hot new target.

Since Optus first disclosed its massive data breach at the end of September, breaches or attacks have been reported by Medibank, Woolworths’ MyDeal, EnergyAustralia, Vinomofo and Medlab.

Sign up for our free morning and afternoon email newsletters from Guardian Australia for your daily news roundup

Continue reading...

Business racing to use facial recognition technology, raising concerns the law is too slow to catch up

Posted on by

Clubs NSW says the scheme will be used to combat problem gambling, but experts warn of a lack of safeguards and regulation

The rollout of facial recognition technology in all New South Wales pubs and clubs shows how business is forging ahead collecting biometric information before the law has had a chance to catch up, experts warn.

The NSW government this week introduced new laws allowing the use of facial recognition throughout pubs and clubs, despite not yet developing rules to guide the rollout.

Sign up for our free morning newsletter and afternoon email to get your daily news roundup

Continue reading...

Attorney general flags urgent privacy law changes after Optus data breach

Posted on by

Mark Dreyfus indicates potential reforms to laws regarding data breaches including higher penalties, mandatory precautions and customer notifications

Privacy law changes, including tougher penalties for data breaches, could be legislated as early as this year, the attorney general has said in the wake of the Optus breach.

Mark Dreyfus revealed on Thursday that in addition to completing a review of Australia’s privacy laws the Albanese government will look to legislate “even more urgent reforms” late this year or in early 2023.

Continue reading...

Optus cyber-attack: company opposed changes to privacy laws to give customers more rights over their data

Posted on by

In its submission to Privacy Act review telco said giving people right to erase personal data would involve ‘significant’ hurdles and costs

Optus has repeatedly opposed a proposed change to privacy laws that would give customers the right to request their data be destroyed, with the telco arguing there were “significant hurdles” to implementing such a system and it would come at “significant cost”.

On Thursday, the company revealed it had suffered a massive cyber-attack in which the personal information of customers was stolen, including names, dates of birth, phone numbers, email addresses, addresses, and passport and driver’s licence numbers.

Sign up to receive an email with the top stories from Guardian Australia every morning

Continue reading...

First-of-its-kind legislation will keep California’s children safer while online

Posted on by

Bill approved Monday will require companies to install guardrails for those under age 18 and use higher privacy settings

California lawmakers passed first-of-its-kind legislation on Monday designed to improve the online safety and privacy protections for children.

The bill, the California Age-Appropriate Design Code Act, will require firms such as TikTok, Instagram, and YouTube to install guardrails for users under the age of 18, including defaulting to higher privacy settings for minors and refraining from collecting location data for those users.

Continue reading...

FTC sues company for selling data that could be used to track consumers

Posted on by

The lawsuit against data broker Kochava seeks to halt the sale of sensitive geolocation data and delete what was collected

The US Federal Trade Commission (FTC) on Monday sued Idaho-based data broker Kochava for selling geolocation data from hundreds of millions of mobile devices that could be used to track consumers.

The FTC said consumer data could be used to trace people’s movements to and from sensitive locations including “reproductive health clinics, places of worship, homeless and domestic violence shelters, and addiction recovery facilities”.

Continue reading...

Facebook-Cambridge Analytica data breach lawsuit ends in 11th hour settlement

Posted on by

Dramatic move shows Mark Zuckerberg ‘desperate to avoid being questioned over cover-up’, says Observer journalist who exposed scandal

Facebook has dramatically agreed to settle a lawsuit seeking damages for allowing Cambridge Analytica access to the private data of tens of millions of users, four years after the Observer exposed the scandal that mired the tech giant in repeated controversy.

A court filing reveals that Meta, Facebook’s parent company, has in principle settled for an undisclosed sum a long-running lawsuit that claimed Facebook illegally shared user data with the UK analysis firm.

Continue reading...

Facebook agrees to settle Cambridge Analytica data privacy lawsuit

Posted on by

The four-year-old case alleged that the company had violated consumer privacy laws by sharing users’ personal data with third parties

Meta’s Facebook has in-principle agreed to settle a lawsuit in the San Francisco federal court seeking damages for letting third parties, including Cambridge Analytica, access the private data of users, a court filing showed.

The financial terms were not disclosed in the filing on Friday that asked the judge to put the class action suit on hold for 60 days until the lawyers for both plaintiffs and Facebook finalize a written settlement.

Continue reading...

CEO of Israeli Pegasus spyware firm NSO to step down

Posted on by

CEO Shalev Hulio is stepping down as part of NSO reorganisation that will see it focus on sales in Nato member countries

Israel’s NSO Group, which makes the globally controversial Pegasus spyware said on Sunday its CEO Shalev Hulio would step down as part of a reorganisation.

The indebted, privately owned company also said it would focus sales on countries belonging to the Nato alliance.

Continue reading...

UK cybersecurity chiefs back plan to scan phones for child abuse images

Posted on by

Heads of GCHQ and NCSC say client-side scanning could protect children and privacy at the same time

Tech companies should move ahead with controversial technology that scans for child abuse imagery on users’ phones, the technical heads of GCHQ and the UK’s National Cybersecurity Centre have said.

So-called “client-side scanning” would involve service providers such as Facebook or Apple building software that monitors communications for suspicious activity without needing to share the contents of messages with a centralised server.

Continue reading...

Amazon gave Ring doorbell videos to US police 11 times without permission

Posted on by

The company has said it will not share customer information with law enforcement without consent, a warrant or in an emergency

Amazon has provided Ring doorbell footage to law enforcement 11 times this year without the user’s permission, despite previously stating it would do so only with consent.

The disclosure came in a letter from the company that was made public Wednesday by Senator Edward Markey and is bound to raise more privacy and civil liberty concerns about its video-sharing agreements with police departments across the US.

Continue reading...

Privacy watchdog to investigate Bunnings and Kmart over use of facial recognition technology

Posted on by

Information commissioner will look into the personal information handling practices of the retail giants

Australia’s privacy watchdog has launched an investigation into retail giants Bunnings and Kmart over their use of facial recognition technology in some stores.

Consumer group Choice last month revealed Bunnings and Kmart were using the technology – which captures images of people’s faces from video cameras as a unique faceprint that is then stored and can be compared with other faceprints – in what the companies say is a move to protect customers and staff and reduce theft in select stores.

Sign up to receive an email with the top stories from Guardian Australia every morning

Continue reading...

Hacker claims to have obtained data on 1 billion Chinese citizens

Posted on by

Personal information allegedly taken from Shanghai police database would be one of biggest data breaches in history

A hacker has claimed to have stolen the personal information of 1 billion Chinese citizens from a Shanghai police database, in what would amount to one of the biggest data breaches in history if found to be true.

The anonymous hacker, identified only as “ChinaDan”, posted on hacker forum Breach Forums last week offering to sell the more than 23 terabytes (TB) of data for 10 bitcoin, equivalent to about $200,000 (£165,000).

Continue reading...

Google will delete location history data for abortion clinic visits

Posted on by

The company said that sensitive places including fertility centers, clinics and addiction treatment facilities will be erased

Alphabet will delete location data showing when users visit an abortion clinic, the online search company said on Friday, after concern that a digital trail could inform law enforcement if an individual terminates a pregnancy illegally.

As state laws limiting abortions set in after the US supreme court decided last month that they are no longer guaranteed by the constitution, the technology industry has fretted police could obtain warrants for customers’ search history, geolocation and other information revealing pregnancy plans.

Continue reading...

Why US women are deleting their period tracking apps

Posted on by

Even before the supreme court decision to overturn Roe v Wade, the trend to ditch the apps began amid fears of prosecution

Many American women in recent days have deleted period tracking apps from their cellphones, amid fears the data collected by the apps could be used against them in future criminal cases in states where abortion has become illegal.

The trend already started last month when a draft supreme court opinion that suggested the court was set to overturn Roe v Wade was leaked, and has only intensified since the court on Friday revoked the federal right to abortion

Continue reading...

TikTok moves to ease fears amid report workers in China accessed US users’ data

Posted on by

The company has said that Oracle will store all private information and is limiting the number of employees with those privileges

TikTok has said that Oracle will store all the data from its US users, in a bid to allay fears about its safety in the hands of a platform owned by the Chinese company ByteDance.

The move comes as a report from BuzzFeed news, citing leaked audio from TikTok in-house meetings, said ByteDance employees in China have repeatedly accessed private information about US TikTok users.

Continue reading...

Met police did not consult us on children’s data project, say youth violence experts

Posted on by

Force claimed it approached groups before launch of Project Alpha which scours social media sites

Youth violence experts have said they had no involvement with a police scheme that collects children’s personal data, despite the Met claiming to have consulted them.

Project Alpha, involving more than 30 staff and launched in 2019 with Home Office funding, scours social media sites looking at drill music videos and other content. It has prompted concerns about racial profiling and potential privacy violations.

Continue reading...

Author of review into aborted GP data sharing in England opted out of scheme

Posted on by

Prof Ben Goldacre cited risks of deanonymisation as his main reason for withdrawing his consent

The author of a government review into medical data sharing personally opted out of the aborted plan to share GP health data, a parliamentary committee has heard.

Prof Ben Goldacre, a former Guardian columnist and the author of the Goldacre Review, exercised his right to opt out of the Government’s General Practice Data for Planning and Research scheme, he told the Commons Science and Technology committee, because he was concerned about the risks of deanonymisation.

Continue reading...

Twitter takeover: EU and UK warn Elon Musk must comply or face sanctions

Posted on by

EU commissioner raises hate speech concerns as UK draws attention to penalties in online safety bill

The UK and EU have warned that Twitter must comply with new content rules or face sanctions that range from fines to a total ban, as concerns were raised that hate speech will increase on the platform under the ownership of Elon Musk.

The world’s richest man has agreed a $44bn (£34bn) deal to buy the social media network, which will hand control of a platform with 217 million users to a self-confessed “free speech absolutist”.

Continue reading...