Tag: data

Privacy in Pieces: States Scramble to Protect Data as Congress Dithers

As Congress struggles to catch up to the European Union’s comprehensive data privacy regulations, some US states have begun to forge their own robust legislation to increase user protection. But this system only protects the data of some Americans, leaving more than half the country without guaranteed data protection or privacy rights.

And it may take years before a national solution is created, if at all.

The EU took its first step towards providing sweeping privacy protection years ago, with the creation of the region’s General Data Protection Regulation (GDPR).

The GDPR, which took effect in 2018 and gives individuals ownership over their personal information and the right to control who can use it, is often marked as the first major, multinational step towards comprehensive data protection and privacy.

Traditionally, the EU’s approach to data privacy stems from a human rights standpoint and has its roots in World War II, when the Nazi party collected personal data to commit numerous atrocities and, later, when the East German secret police, the Stasi, carried out invasive state surveillance.

After the war ended, the right to privacy was enshrined in the European Convention on Human Rights and later in the EU Charter of Fundamental Rights, becoming the ideological foundation on which data privacy laws have been built in the EU today.

Across the Atlantic, the US Constitution does not explicitly provide a right to privacy.

Rather than enacting a comprehensive federal law, the US federal government has taken a reactive approach, passing legislation only after issues arise in a few specific business sectors, which has resulted in a series of data protection laws addressing specific types of data. For example, the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA) have protected medical and financial data respectively since the 1990s.

“The US is very much an innovation, capital-first society,” said Jodi Daniels, founder and CEO of privacy consultancy firm Red Clover Advisors. “And they do want to protect the people, but it has to all get balanced.”

But in recent years, some lawmakers have begun to push back against this system by introducing comprehensive data privacy bills, like the bipartisan American Privacy Rights Act (APRA).

Introduced in April by Sen. Maria Cantwell (D-WA) and Rep. Cathy McMorris Rodgers (R-WA), APRA is like GDPR in that it is not limited to specific business sectors and aims to minimize the amount and types of data companies can collect, give consumers control over their information, and allow them to opt out of targeted advertising.

While the legislation didn’t get very far, stalling in the House Committee on Energy and Commerce, it’s the furthest any comprehensive privacy bill has gone in Congress yet. To become law, however, it would have to be reintroduced next year when Republicans control both chambers. 

Some lawmakers, like Sen. Ted Cruz (R-TX), contend that APRA is more concerned with “controlling the internet” than creating a balance between innovation and privacy protection, and argue that the current right to private action present in the act, which allows individuals to pursue legal action if their privacy is violated, will give overwhelming power to trial lawyers.

Keep reading

Data Centers Are Sending Global Electricity Demand Soaring

The global electricity demand is expected to grow exponentially in the coming decades, largely due to an increased demand from tech companies for new data centers to support the rollout of high-energy-consuming advanced technologies, such as artificial intelligence (AI). As governments worldwide introduce new climate policies and pump billions into alternative energy sources and clean tech, these efforts may be quashed by the increased electricity demand from data centers unless greater international regulatory action is taken to ensure that tech companies invest in clean energy sources and do not use fossil fuels for power.

The International Energy Agency (IEA) released a report in October entitled “What the data centre and AI boom could mean for the energy sector”. It showed that with investment in new data centers surging over the past two years, particularly in the U.S., the electricity demand is increasing rapidly – a trend that is set to continue. 

The report states that in the U.S., annual investment in data center construction has doubled in the past two years alone. China and the European Union are also seeing investment in data centers increase rapidly. In 2023, the overall capital investment by tech leaders Google, Microsoft, and Amazon was greater than that of the U.S. oil and gas industry, at approximately 0.5 percent of the U.S. GDP.

The tech sector expects to deploy AI technologies more widely in the coming decades as the technology is improved and becomes more ingrained in everyday life. This is just one of several advanced technologies expected to contribute to the rise in demand for power worldwide in the coming decades. 

Global aggregate electricity demand is set to increase by 6,750 terawatt-hours (TWh) by 2030, per the IEA’s Stated Policies Scenario. This is spurred by several factors including digitalization, economic growth, electric vehicles, air conditioners, and the rising importance of electricity-intensive manufacturing. In large economies such as the U.S., China, and the EU, data centers contribute around 2 to 4 percent of total electricity consumption at present. However, the sector has already surpassed 10 percent of electricity consumption in at least five U.S. states. Meanwhile, in Ireland, it contributes more than 20 percent of all electricity consumption.

Keep reading

Massive DATA LEAK at background check company exposes private information of over 100 million Americans

The private information of almost one-third of the population of the United States has been leaked following a security lapse within a major corporation responsible for conducting background checks.

The affected company, MC2 Data, provides background check services. The company collects, organizes and analyzes data from a vast range of public sources, such as criminal records, employment histories, family data and contact details. (Related: Massive DATA BREACH exposes personal data of 700 million users of Microsoft-owned LinkedIn.)

MC2 Data and similar companies use the gathered information to make complete profiles that are used by employers, landlords and other entities who depend on them for decision-making and risk management.

MC2 Data owns multiple background check websites, including PrivateRecords.net, PrivateReports, PeopleSearcher, ThePeopleSearchers and PeopleSearchUSA.

Cyber News reported that the total number of people affected by the data breach is 106,316,633. MC2 is being accused of leaving a database with 2.2 terabytes worth of information without a password and readily accessible on the open web, raising serious concerns regarding the ability of MC2 Data to protect the privacy and safety of people it conducts background searches on.

Keep reading

Massive leak of US personal information shows up on hacking forum, including almost 2.7 billion records

Nearly 2.7 billion personal information records for people in the United States have been posted to a popular hacking forum, exposing names, addresses, and even Social Security numbers. The data allegedly comes from a company that collects and sells the data for legitimate use, but was stolen and put up for sale in April 2024.

Originally, a threat actor known as USDoD claimed to have stolen the information from National Public Data. National Public Data scrapes the information from public sources, uses it to compile individual profiles, and then sells those portfolios. The company serves private investigators as well as entities needing to conduct background checks and obtain criminal records.

When USDoD first obtained the data, it offered to sell it for $3.5 million. The hacker claimed it contained 2.9 billion records and consisted of personal information for every person in Canada, the United Kingdom, and the United States. In the past, USDoD has been linked to another database breach, trying to sell InfraGard’s user database for $50,000 in December 2023.

On Aug. 6, a user going by the alias Fenice posted what’s believed to be the most complete version of the stolen National Public Data information for free on the Breached hacking forum. Fenice says, however, that the data breach was actually done by a different hacker than USDoD, one known as SXUL.

This isn’t the first time the data from this leak has been released, but previous posts have only included partial copies of the data. These included different numbers of records and sometimes different data. Fenice has offered the most complete version of the National Public Data information and has provided it for free.

Keep reading

Almost Entire US State Becomes Victim of Major Data Breach

A significant data breach in Maine has compromised the personal information of at least 1.3 million residents.

This breach, reported by The Hill, occurred earlier this year and involved a cyberattack on the MOVEit file transfer system. This system is widely used by various government agencies at both state and federal levels. The breach resulted in the exposure of names, dates of birth, social security numbers and government IDs of potentially all 1.38 million residents in Maine.

The cyberattack, initiated by a Russian ransomware group, had a global impact, affecting at least 70 million people. The Maine government, in a press release, stated, “Since the onset of the incident, the cybercriminals involved claimed their primary targets were businesses, with a promise to erase data from certain entities, including governments.” However, despite assurances from the cybercriminals that data obtained from governments has been erased, the state is urging individuals to protect their personal information.

Keep reading

LEXISNEXIS IS SELLING YOUR PERSONAL DATA TO ICE SO IT CAN TRY TO PREDICT CRIMES

THE LEGAL RESEARCH and public records data broker LexisNexis is providing U.S. Immigration and Customs Enforcement with tools to target people who may potentially commit a crime — before any actual crime takes place, according to a contract document obtained by The Intercept. LexisNexis then allows ICE to track the purported pre-criminals’ movements.

The unredacted contract overview provides a rare look at the controversial $16.8 million agreement between LexisNexis and ICE, a federal law enforcement agency whose surveillance of and raids against migrant communities are widely criticized as brutal, unconstitutional, and inhumane.

“The purpose of this program is mass surveillance at its core,” said Julie Mao, an attorney and co-founder of Just Futures Law, which is suing LexisNexis over allegations it illegally buys and sells personal data. Mao told The Intercept the ICE contract document, which she reviewed for The Intercept, is “an admission and indication that ICE aims to surveil individuals where no crime has been committed and no criminal warrant or evidence of probable cause.”

While the company has previously refused to answer any questions about precisely what data it’s selling to ICE or to what end, the contract overview describes LexisNexis software as not simply a giant bucket of personal data, but also a sophisticated analytical machine that purports to detect suspicious activity and scrutinize migrants — including their locations.

Keep reading

Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests

Apple and Meta provided basic subscriber details, such as a customer’s address, phone number and IP address, in mid-2021 in response to the forged “emergency data requests.” Normally, such requests are only provided with a search warrant or subpoena signed by a judge, according to the people. However, the emergency requests don’t require a court order.

Snap Inc. received a forged legal request from the same hackers, but it isn’t known whether the company provided data in response. It’s also not clear how many times the companies provided data prompted by forged legal requests.

Cybersecurity researchers suspect that some of the hackers sending the forged requests are minors located in the U.K. and the U.S. One of the minors is also believed to be the mastermind behind the cybercrime group Lapsus$, which hacked Microsoft Corp., Samsung Electronics Co. and Nvidia Corp., among others, the people said. City of London Police recently arrested seven people in connection with an investigation into the Lapsus$ hacking group; the probe is ongoing.

Keep reading

Scraped data of 1.5 BILLION Facebook users offered for sale on the dark web – reports

Facebook, Messenger, Instagram, and WhatsApp are all down, but CEO Mark Zuckerberg has another headache: The personal data of 1.5 billion customers, scraped from his platform, is reportedly being offered for sale on the dark web.

User IDs, real names, email addresses, phone numbers, and locations are among the data of more than 1.5 billion Facebook customers that’s up for sale, according to a report on the cybersecurity news outlet Privacy Affairs on Monday. The going price has been quoted as $5,000 for a million names.

The data “appears to be authentic” and was obtained through “scraping” – getting the information that users set to ‘public’ or allow quizzes or other questionable apps or pages to access.

It’s the “biggest and most significant Facebook data dump to date,” according to the publication – about three times greater than the April leak of 533 million phone numbers. Facebook said at the time this was “old data” and the security vulnerability responsible had been patched back in 2019.

Privacy Affairs reported that one purported buyer was quoted the price of $5,000 for a million entries. Another user claimed they had paid the seller but had received nothing, and the seller had not yet responded. The samples of data provided to the unnamed “popular hacking-related forum” appeared to be real, the outlet said.

Facebook, Messenger, WhatsApp, and Instagram, all owned by Zuckerberg’s social media behemoth, were struck by a serious global outage that began on Monday. However, the data dump doesn’t appear to be related to the outage itself.

Keep reading

John Ioannidis Warned COVID-19 Could Be a “Once-In-A-Century” Data Fiasco. He Was Right

On Thursday, a Florida health official told a local news station that a young man who was listed as a COVID-19 victim had no underlying conditions.

The answer surprised reporters, who probed for additional information.

“He died in a motorcycle accident,” Dr. Raul Pino clarified. “You could actually argue that it could have been the COVID-19 that caused him to crash. I don’t know the conclusion of that one.”

The anecdote is a ridiculous example of a real controversy that has inspired some colorful memes: what should define a COVID-19 death?

While the question is important, such incidents may be just the tip of the proverbial iceberg regarding the unreliability of COVID-19 data.

Keep reading