GDPR Services report 10 Private Data breaches
– Week 29, 2019 –
This is a curated list about last week’s latest news from by our GDPR Services. Be informed about the latest 10 Private Data breaches, identified and reported publicly during Week 29, 2019.
As these Private Data breaches have a severe negative impact on any business and highly serious legal consequences, consider a these GDPR Service packages: on-demand GDPR COMPLIANCE or a recurrent monthly service of GDPR COMPLIANCE ADD-ON together with your dedicated data protection OFFICER package.
- According to Belgian news reports last week, Google has been secretly recording ambient conversations around its Google Home device, even without the wake words being used.
- Some of these recordings contain evidence of child abuse and domestic violence. Google agreed the conversations were genuine but were used to train its tools to better recognize numerous languages. They are reviewing how the data was leaked to the reporters and their various privacy safeguards. Google Home Silently Captures Recordings of Domestic Violence and More
- Sprint said hackers broke into an unknown number of customer accounts via the Samsung.com “add a line” website last month.
- They accessed PII including phone number, subscriber ID, device type, account number, billing address and other account info. They released this breach notification. Account passwords were reset. Sprint customer accounts breached by hackers
- LabCorp and Quest Diagnostic have already reported that patient information was exposed in that breach.
- Clinical Pathology Laboratories is the latest medical testing company to fall victim to a data security breach at billing service American Medical Collection Agency. CPL has discovered that 2.2 million patients’ may have had their names, addresses, phone numbers, birth dates and other personal information stolen. Clinical Pathology Laboratories says 2.2M patients exposed in AMCA breach
- Google faces a possible investigation by Irish data privacy regulators related to reports that contractors had been able to listen to audio of users of its digital assistant technology.
- The Irish Data Protection Commission received a breach notification from the company late Thursday, said Graham Doyle, the agency’s spokesman. Google reacted in a blog post on Thursday after reports by Belgian broadcaster VRT that contractors could listen to recordings made from people’s conversations with their Google Assistant. Google Data Breach Faces Review by Irish Privacy Watchdog
- The largest health insurance company in the Pacific Northwest says it will pay $10.4 million to 30 states to settle an investigation into a data breach that compromised information on more than 10 million people.
- The largest health insurance company in the Pacific Northwest says it will pay $10.4 million to 30 states to settle an investigation into a data breach that compromised information on more than 10 million people. Premera Blue Cross settles state data breach investigations for $10 million
Discover more trending and viral stories from our GDPR Service. The remaining Private Data breaches made news headlines. All these news related to GDPR Services happened just in the last week.
- Netlog, a Belgium-based social networking company has suffered a major data breach.
- This comes from Netlog and its US subsidiary Massive Media, which discontinued operations in 2015 but was breached in 2012 and discovered the breach recently. Usernames and passwords were leaked. Time to change your password if you are still using the same one. NETLOG SECURITY INCIDENT (pdf)
- Private data from almost every adult Bulgarian — some 5M people — was stolen and samples were then sent to reporters.
- It originated from national tax records and contains financial records, much of it years old. Government officials confirmed the data was legit and police have identified a suspected hacker. Hacker steals data of millions of Bulgarians, emails it to local media
- A major data leak was discovered by the researcher Sam Jadali that involves data collected by numerous browser extensions.
- He dubbed it Dataspii. This report by Dan Goodin shows the depth of their perfidy, and how various vendors had unintentional access to this information. More on DataSpii: How extensions hide their data grabs—and how they’re discovered
- The Kazakhstan government is trying once again to force its citizens to install its own browser certificate.
- No cert, no web access. The idea, originally attempted several years ago, is to be able to snoop on all HTTPS traffic. It isn’t clear if they will be successful, and also what the browser vendors will do if the goernment succeeds in getting this cert deployed across their country. Part of the problem is that if the vendors block the cert, users will have to find a browser that allows communications if they want to get any useful work done online. Kazakhstan government is now intercepting all HTTPS traffic
- Researchers have discovered a massive leak that appears to originate from a third party who has access to the data from the Chinese marketing company Aliyun Computing.
- The leak contains credit reports for loan applicants, including ID numbers and contact information along with details about mobile device identities (such as IMEI numbers and GPS locations). The leak has been closed. Personal Data (Incl. SMS & Calls) of Mobile Loan App Users in China Left OPEN for ALL to See