Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Data protection. Show all posts
User Privacy
China Data protection Digital Rights Privacy User Privacy

From Smartphones to State Security: The Reach of China’s New Surveillance Laws


China’s New Law Expands State Surveillance, Raises Global Concerns

China has enacted new restrictions under its Counter-espionage Law, shocking the international world and raising severe concerns about privacy and human rights. These guidelines, which went into effect on July 1, 2024, provide state security officers broad rights to inspect and search electronic equipment such as smartphones and computers, presumably in the name of national security. 

The "Provisions on Administrative Law Enforcement Procedures of National Security Organs" mark a considerable increase in state monitoring capabilities. Under the new legislation, authorities can now collect "electronic data" from personal devices such as text messages, emails, instant messages, group chats, documents, photos, audio and video files, apps, and log records. This broad mandate effectively converts each citizen's smartphone into a potential source of information for state security authorities.

Loopholes: Easy Searches and Broad Definitions

One of the most concerning downsides to these new regulations is the ease with which state security agents can conduct searches. According to Article 40 of the regulations, law enforcement officers can undertake on-the-spot inspections by just producing their police or reconnaissance cards, with the agreement of a municipal-level state security organ head. In an emergency, these checks can even be conducted without warrants, weakening safeguards against arbitrary enforcement. 

The regulations' ambiguous and sweeping nature is particularly concerning. Article 20 specifies "electronic data" and "audio-visual materials" as evidence that can be utilized in investigations, while Article 41 defines the "person being inspected" as not just the device's owner, but also its holder, custodian, or linked unit. This broad term may subject a wide range of individuals and organizations to examination.

Potential for Abuse and Privacy Invasion

Also, the regulations empower authorities to order individuals and organizations to stop utilizing specific electronic equipment, facilities, and related programs. In circumstances when people refuse to comply with "rectification requirements," state security agencies may seal or seize the gadgets in question. This provision opens the door to possible abuse, allowing the state to effectively muzzle dissenting voices or impede the functioning of organizations it considers harmful. 

The new guidelines also permit the "extraction," collecting, and storage of electronic data for evidence, as well as the seizure of original storage media. This level of penetration into personal data raises major problems regarding the preservation of privacy and confidential information, specifically foreign companies working in China.

Distrust and Limiting Free Expression

While the Ministry of State Security has attempted to soothe concerns by saying that these regulations would target "individuals and organizations related to spy groups" and that "ordinary passengers would not have their smartphones inspected at airports," the provisions' broad language leaves plenty of room for interpretation and potential abuse. 

The adoption of these laws coincides with the Chinese government's wider drive to encourage residents to be watchful against perceived risks to national security, including keeping an eye out for foreign spies in their daily lives. This culture of distrust, combined with additional powers provided to state security institutions, is likely to limit free expression and international participation in China.

Protecting Digital Rights

China's new legislation, which give state security organizations broad rights to examine and confiscate electronic devices, constitute a huge increase in the state's surveillance capabilities and a serious danger to individual privacy and freedom of speech. As the digital dragnet tightens, the international community must remain watchful and push for the protection of fundamental human rights in the digital era. The long-term repercussions of these actions may reach beyond China's borders, establishing a frightening precedent for authoritarian governance in the digital age.

Read more »
Manufacturing Organization
Cyber Awareness Cyber Security Cybersecurity Strategy Data protection data security manufacturing industry Manufacturing Organization

Building Cyber Resilience in Manufacturing: Key Strategies for Success

 

In today's digital landscape, manufacturers face increasing cyber threats that can disrupt operations and compromise sensitive data. Building a culture of cyber resilience is essential to safeguard against these risks. Here are three key strategies manufacturers can implement to enhance their cyber resilience. 

First, manufacturers must prioritize cybersecurity training and awareness across all levels of their organization. Employees should be educated about the latest cyber threats, phishing scams, and best practices for data protection. Regular training sessions, workshops, and simulations can help reinforce the importance of cybersecurity and ensure that all staff members are equipped to recognize and respond to potential threats. By fostering a knowledgeable workforce, manufacturers can significantly reduce the likelihood of successful cyberattacks. Training should be continuous and evolving to keep pace with the rapidly changing cyber threat landscape. Manufacturers can incorporate real-world scenarios and case studies into their training programs to provide employees with practical experience in identifying and mitigating threats. 

Second, adopting robust security measures is crucial for building cyber resilience. Manufacturers should implement multi-layered security protocols, including firewalls, intrusion detection systems, and encryption technologies. Regularly updating software and hardware, conducting vulnerability assessments, and implementing strong access controls can further protect against cyber threats. Additionally, integrating advanced threat detection and response solutions can help identify and mitigate risks in real-time, ensuring a proactive approach to cybersecurity. It is also vital to develop and maintain a comprehensive incident response plan that outlines specific steps to be taken in the event of a cyberattack. 
This plan should include roles and responsibilities, communication protocols, and procedures for containing and mitigating damage. Regular drills and simulations should be conducted to ensure that the incident response plan is effective and that employees are familiar with their roles during an actual event.  

Third, creating a collaborative security culture involves encouraging open communication and cooperation among all departments within the organization. Manufacturers should establish clear protocols for reporting and responding to security incidents, ensuring that employees feel comfortable sharing information about potential threats without fear of reprisal. By promoting a team-oriented approach to cybersecurity, manufacturers can leverage the collective expertise of their workforce to identify vulnerabilities and develop effective mitigation strategies. Fostering collaboration also means engaging with external partners, industry groups, and government agencies to share threat intelligence and best practices. 

By participating in these networks, manufacturers can stay informed about emerging threats and leverage collective knowledge to enhance their security posture. Moreover, manufacturers should invest in the latest cybersecurity technologies to protect their systems. This includes implementing AI-powered threat detection systems that can identify and respond to anomalies more quickly than traditional methods. Manufacturers should also consider employing cybersecurity experts or consulting firms to audit their systems regularly and provide recommendations for improvement. 

Finally, fostering a culture of cyber resilience involves leadership commitment from the top down. Executives and managers must prioritize cybersecurity and allocate sufficient resources to protect the organization. This includes not only financial investment but also dedicating time and effort to understand cybersecurity challenges and support initiatives aimed at strengthening defenses.
Read more »
Privacy
Data protection European Union GDPR Meta Privacy

Navigating Meta’s AI Data Training: Opt-Out Challenges and Privacy Considerations

Navigating Meta’s AI Data Training: Opt-Out Challenges and Privacy Considerations

The privacy policy update

Meta will reportedly amend its privacy policy beginning June 26 to allow its AI to be educated on your data. 

The story spread on social media after Meta sent out emails and notifications to subscribers in the United Kingdom and the European Union informing them of the change and offering them the option to opt out of data collecting. 

One UK-based user, Phillip Bloom, publicly published the message, informing everyone about the impending changes, which appear to also affect Instagram users.

The AI training process

These changes provide Meta permission to use your information and personal material from Meta-related services to train its AI. This implies that the social media giant will be able to use public Facebook posts, Instagram photographs and captions, and messages to Meta's AI chatbots to train its huge language model and other AI capabilities.

Meta states that private messages will not be included in the training data, and the business emphasizes in its emails and notifications that each user (in a protected region) has the "right to object" to the data being utilized. 

Once implemented, the new policy will begin automatically extracting information from the affected types of material. To avoid Meta removing your content, you can opt out right now by going to this Facebook help website. 

Keep in mind that this page will only load if you are in the European Union, the United Kingdom, or any country where Meta is required by law to provide an opt-out option.

Opting out: EU and UK users

If you live in the European Union, the United Kingdom, or another country with severe enough data protection regulations for Meta to provide an opt-out, go to the support page listed above, fill out the form, and submit it. 

You'll need to select your nation and explain why you're opting out in a text box, and you'll have the option to offer more information below that. You should receive a response indicating whether Meta will honor your request to opt out of having your data utilized. 

Prepare to fight—some users say that their requests are being denied, even though in countries governed by legislation such as the European Union's GDPR, Meta should be required to honor your request.

Challenges for users outside the EU and UK

There are a few caveats to consider. While the opt-out protects you, it does not guarantee that your postings will be protected if they are shared by friends or family members who have not opted out of using data for AI training. 

Make sure that any family members who use Facebook or other Meta services opt out, if possible. This move isn't surprising given that Meta has been gradually expanding its AI offerings on its platforms. 

As a result, the utilization of user data, particularly among Meta services, was always expected. There is too much data for the corporation to pass up as training material for its numerous AI programs.

Read more »
Theft Prevention
AI technology Android Android devices Android Security Cyber Security Data protection Google Theft Prevention

Google Introduces Advanced Anti-Theft and Data Protection Features for Android Devices

 

Google is set to introduce multiple anti-theft and data protection features later this year, targeting devices from Android 10 up to the upcoming Android 15. These new security measures aim to enhance user protection in cases of device theft or loss, combining AI and new authentication protocols to safeguard sensitive data. 

One of the standout features is the AI-powered Theft Detection Lock. This innovation will lock your device's screen if it detects abrupt motions typically associated with theft attempts, such as a thief snatching the device out of your hand. Another feature, the Offline Device Lock, ensures that your device will automatically lock if it is disconnected from the network or if there are too many failed authentication attempts, preventing unauthorized access. 

Google also introduced the Remote Lock feature, allowing users to lock their stolen devices remotely via android.com/lock. This function requires only the phone number and a security challenge, giving users time to recover their account details and utilize additional options in Find My Device, such as initiating a full factory reset to wipe the device clean. 

According to Google Vice President Suzanne Frey, these features aim to make it significantly harder for thieves to access stolen devices. All these features—Theft Detection Lock, Offline Device Lock, and Remote Lock—will be available through a Google Play services update for devices running Android 10 or later. Additionally, the new Android 15 release will bring enhanced factory reset protection. This upgrade will require Google account credentials during the setup process if a stolen device undergoes a factory reset. 

This step renders stolen devices unsellable, thereby reducing incentives for phone theft. Frey explained that without the device or Google account credentials, a thief won't be able to set up the device post-reset, essentially bricking the stolen device. To further bolster security, Android 15 will mandate the use of PIN, password, or biometric authentication when accessing or changing critical Google account and device settings from untrusted locations. This includes actions like changing your PIN, accessing Passkeys, or disabling theft protection. 

Similarly, disabling Find My Device or extending the screen timeout will also require authentication, adding another layer of security against criminals attempting to render a stolen device untrackable. Android 15 will also introduce "private spaces," which can be locked using a user-chosen PIN. This feature is designed to protect sensitive data stored in apps, such as health or financial information, from being accessed by thieves.                                                                           
These updates, including factory reset protection and private spaces, will be part of the Android 15 launch this fall. Enhanced authentication protections will roll out to select devices later this year. 
Google also announced at Google I/O 2024 new features in Android 15 and Google Play Protect aimed at combating scams, fraud, spyware, and banking malware. These comprehensive updates underline Google's commitment to user security in the increasingly digital age.
Read more »
VPN
Cyber Security Data protection Encryption internet Security IP address hiding Online Privacy VPN

Understanding the Complexities of VPNs: Balancing Privacy and Security in the Digital Age

 

Virtual private networks (VPNs) are crafted to safeguard online privacy through the encryption of internet traffic and concealment of IP addresses, thereby preventing the determination of user locations. This functionality becomes apparent when users attempt to access websites or services while abroad. 

Typically, an IP address triggers the loading of a URL based on the local area, potentially limiting access to U.S.-based services or sites. VPNs offer a workaround for such constraints. For instance, a U.S. traveler in Europe might face restrictions accessing certain paid streaming services available in the U.S., which can be circumvented by a VPN masking the local European IP address, thus granting access to U.S.-based content.

When utilizing a VPN, a VPN server substitutes its IP address as it transmits encrypted data to the public internet. For example, if an individual resides in New York but connects to a VPN server in Amsterdam, their IP address will reflect a location in the Netherlands. While VPNs appear to conceal a user's digital footprint, they don't ensure absolute anonymity. Internet service providers (ISPs) can detect VPN usage but cannot access specific online activities protected by VPN encryption, such as browsing history or downloaded files. VPNs are effective in preventing government agencies from surveilling users' online activities by creating an encrypted tunnel that shields data from prying eyes.

Despite their advantages, VPNs are not foolproof. In the event of a system breach, cybercriminals can bypass VPN protection and access user data. Furthermore, under certain circumstances, law enforcement agencies can obtain access to VPN data. In cases of serious crimes, police may request online data from a user's ISP, and if a VPN is employed, the VPN provider may be compelled to disclose user details. VPN logs have facilitated law enforcement in apprehending individuals involved in criminal activities by revealing their actual IP addresses.

Law enforcement agencies can legally request specific information from VPN providers, including logs of websites visited and services used while connected to the VPN, actual IP addresses, connection timestamps, and billing information. While some VPN providers claim to adhere to a no-logs policy to enhance anonymity, data may still be accessible under legal compulsion or through undisclosed logging practices. The level of cooperation with law enforcement varies among VPN providers, with some readily providing information upon request and others being less cooperative.

In terms of tracking IP addresses, police may obtain access to VPN connection logs, allowing them to trace a user's actual IP address and identify the user's device and identity. However, live encrypted VPN traffic is challenging to track, limiting law enforcement's ability to monitor online activities in real-time. Nevertheless, malware attacks and breaches in VPN security can compromise user data, emphasizing the importance of maintaining updated software and security measures.

Data retention laws vary by country, impacting the degree of privacy offered by VPNs. Users are advised to select VPN providers located in countries with strong privacy protections. Conversely, countries with stringent data retention laws may compel VPN providers to share user data with government agencies, posing risks to user privacy. Certain nations, such as China and North Korea, have extensive internet censorship measures, making it essential for users to exercise caution when using VPNs in these regions.

While VPNs alter IP addresses and encrypt data, they do not guarantee complete anonymity. Technically proficient individuals may find ways to track VPN data, and sophisticated tracking techniques, such as browser fingerprinting, can potentially reveal a user's identity. Moreover, corporate VPN users may be subject to monitoring by their employers, highlighting the importance of understanding the privacy policies of commercial VPN providers.

In conclusion, while VPNs offer enhanced privacy and security for online activities, users should be aware of their limitations and potential vulnerabilities. Maintaining awareness of privacy laws and selecting reputable VPN providers can mitigate risks associated with online privacy and data security.
Read more »
Ransomware
Backups Business Safety Cyber Security Data protection Ransomware

The High Cost of Neglecting Backups: A Ransomware Wake-Up Call

 


Ransomware attacks are becoming increasingly costly for businesses, with a new study shedding light on just how damaging they can be. According to research from Sophos, a staggering 94% of organisations hit by ransomware in 2023 reported attempts by cybercriminals to compromise their backups. This alarming trend poses a significant threat to businesses, as compromised backups can lead to a doubling of ransom demands and payments compared to incidents where backups remain secure.

The impact is particularly severe for certain sectors, such as state and local government, the media, and the leisure and entertainment industry, where 99% of attacks attempted to compromise backups. Perhaps most concerning is the revelation that overall recovery costs can skyrocket when backups are compromised, with organisations facing recovery costs up to eight times higher than those whose backups remain unaffected.

To mitigate the risk of falling victim to ransomware attacks, businesses are urged to take proactive measures. First and foremost, it's essential to backup data frequently and store backups securely in a separate physical location, such as the cloud, to prevent them from being compromised alongside the main systems. Regularly testing the restoration process is also crucial to ensure backups are functional in the event of an attack.

Furthermore, securing backups with robust encryption and implementing layered defences to prevent unauthorised access is essential for ransomware defence. Vigilance against suspicious activity that could signal attackers attempting to access backups is also recommended.

While it's tempting to believe that your organisation won't be targeted by ransomware, the reality is that it's not a matter of if, but when. Therefore, taking proactive steps to secure backups and prepare for potential attacks is imperative for businesses of all sizes.

For businesses seeking additional guidance on ransomware remediation, you can follow this step-by-step guide in order to navigate the recovery process. This Ransomware Defender solution aims to minimise the impact of data breaches and ensure business continuity by storing backups in a highly secure environment isolated from the main infrastructure.

The threat of ransomware attacks targeting backups is real and growing, with significant implications for businesses' financial, operational, and reputational security. By implementing robust backup strategies and proactive defence measures, organisations can better protect themselves against the rising tide of ransomware attacks.


Read more »
sensitive files
confidential documents Data Breach Data protection data security European Union Europol Investigation Law Enforcement Personal Information Security Breach sensitive files

Sensitive Documents Vanish Under Mysterious Circumstances from Europol Headquarters

 

A significant security breach has impacted the European Union's law enforcement agency, Europol, according to a report by Politico. Last summer, a collection of highly confidential documents containing personal information about prominent Europol figures vanished under mysterious circumstances.

The missing files, which included sensitive data concerning top law enforcement officials such as Europol Executive Director Catherine De Bolle, were stored securely at Europol's headquarters in The Hague. An ongoing investigation was launched by European authorities following the discovery of the breach.

An internal communication dated September 18, revealed that Europol's management was alerted to the disappearance of personal paper files belonging to several staff members on September 6, 2023. Subsequent checks uncovered additional missing files, prompting serious concerns regarding data security and privacy.

Europol took immediate steps to notify the individuals affected by the breach, as well as the European Data Protection Supervisor (EDPS). The incident poses significant risks not only to the individuals whose information was compromised but also to the agency's operations and ongoing investigations.

Adding to the gravity of the situation, Politico's report highlighted the unsettling discovery of some of the missing files by a member of the public in a public location in The Hague. However, key details surrounding the duration of the files' absence and the cause of the breach remain unclear.

Among the missing files were those belonging to Europol's top executives, including Catherine De Bolle and three deputy directors. These files contained a wealth of sensitive information, including human resources data.

In response to the breach, Europol took action against the agency's head of Human Resources, Massimiliano Bettin, placing him on administrative leave. Politico suggests that internal conflicts within the agency may have motivated the breach, speculating on potential motives for targeting Bettin specifically.

The security breach at Europol raises serious concerns about data protection and organizational security measures within the agency, prompting an urgent need for further investigation and safeguards to prevent future incidents.
Read more »
vehicle technology
car shoppers Cyber Security Data protection Privacy Concerns safeguarding data vehicle technology

Navigating Data Protection: What Car Shoppers Need to Know as Vehicles Turn Tech

 

Contemporary automobiles are brimming with cutting-edge technological features catering to the preferences of potential car buyers, ranging from proprietary operating systems to navigation aids and remote unlocking capabilities.

However, these technological strides raise concerns about driver privacy, according to Ivan Drury, the insights director at Edmunds, a prominent car website. Drury highlighted that many of these advancements rely on data, whether sourced from the car's built-in computer or through GPS services connected to the vehicle.

A September report by Mozilla, a data privacy advocate, sheds light on the data practices of various car brands. It reveals that most new vehicles collect diverse sets of user data, which they often share and sell. Approximately 84% of the assessed brands share personal data with undisclosed third parties, while 76% admit to selling customer data.

Only two brands, Renault and Dacia, currently offer users the option to delete their personal data, as per Mozilla's findings. Theresa Payton, founder and CEO of Fortalice Solutions, a cybersecurity advisory firm, likened the current scenario to the "Wild, Wild West" of data collection, emphasizing the challenges faced by consumers in balancing budgetary constraints with privacy concerns.

Tom McParland, a contributor to automotive website Jalopnik, pointed out that data collected by cars may not differ significantly from that shared by smartphones. He noted that users often unknowingly relinquish vast amounts of personal data through their mobile devices.

Despite the challenges, experts suggest three steps for consumers to navigate the complexities of data privacy when considering new car purchases. Firstly, they recommend inquiring about data privacy policies at the dealership. Potential buyers should seek clarification on a manufacturer's data collection practices and inquire about options to opt in or out of data collection, aggregation, and monetization.

Furthermore, consumers should explore the possibility of anonymizing their data to prevent personal identification. Drury advised consulting with service managers at the dealership for deeper insights, as they are often more familiar with technical aspects than salespersons.

Attempts to remove a car's internet connectivity device, as demonstrated in a recent episode of The New York Times' podcast "The Daily," may not effectively safeguard privacy. McParland cautioned against such actions, emphasizing the integration of modern car systems, which could compromise safety features and functionality.

While older, used cars offer an alternative without high-tech features, McParland warned of potential risks associated with aging vehicles. Payton highlighted the importance of finding a balance between risk and reward, as disabling the onboard computer could lead to missing out on crucial safety features.

Read more »
VPN
2024 cyber crimes CISA Cyber crimes cybersecurity advisory Cybersecurity Experts Data Breach Data protection FBI IMF VPN

Rising Cybercrime Threats and Prevention Measures Ahead of 2024

 

According to projections from Statista, the FBI, and the IMF, the global cost of cybercrime is anticipated to experience a substantial increase. By 2027, it is estimated to surge to $23.84 trillion, marking a significant rise from the $8.44 trillion reported in 2022. 

Security expert James Milin-Ashmore, from Independent Advisor VPN, has provided a comprehensive list of 10 crucial guidelines aimed at enhancing digital safety by avoiding sharing sensitive information online. 

These guidelines serve as proactive measures to combat the rising threat of cybercrime and safeguard personal and confidential data from potential exploitation. 

1. Avoid Sharing Your Phone Number on Random Sites 

Sharing your phone number online can expose you to a range of security risks, warns an expert. Cybercriminals could exploit this information to gather personal details, increasing the likelihood of identity theft and other malicious scams: 

  • Subscriber Fraud: Scammers set up fake cell phone accounts with stolen info. 
  • Smishing: Fraudsters send text messages to trick victims into revealing data or visiting harmful sites.
  • Fake Call Frauds: Scammers pose as legitimate entities to extract sensitive information. 
  • Identity Theft: Phone numbers are exploited to commit financial fraud and impersonate individuals. 

2. Do Not Update Your Current Location 

It is not new or unknown that people share their current locations on social media handles however, experts caution against sharing personal addresses or current locations online, citing heightened risks of theft, stalking, and malicious online activity. 

Such information can be exploited to tailor phishing attempts, rendering them more convincing and increasing the likelihood of falling victim to scams. 

3. Do Not Post Your Holiday Plans 

As the holiday season approaches, many individuals may feel inclined to share their vacation plans on social media platforms. However, security experts are warning against this seemingly innocent practice, pointing out the potential risks associated with broadcasting one's absence from home. 

Announcing your vacation on social media not only informs friends and family of your whereabouts but also alerts criminals that your residence will be unoccupied. This information could make your home a target for burglary or other criminal activities. 

4. Do Not Take Risks of Sharing Password Online 

Passwords serve as the primary defense mechanism for safeguarding online accounts, making them crucial components of digital security. However, security expert emphasizes the importance of protecting passwords and refraining from sharing them online under any circumstances. Sharing passwords, regardless of the requester's identity, poses a significant risk to online security. 

Unauthorized access to sensitive accounts can lead to various forms of cybercrime, including identity theft, financial fraud, and data breaches. 

 5. Protect Your Financial and Employment Information 

Experts caution against sharing sensitive financial or employment details online, highlighting the potential risks associated with divulging such information. Financial details, including credit card numbers and bank account details, are highly sought after by online fraudsters. Similarly, sharing employment information can inadvertently provide criminals with valuable data for social engineering scams. 

 6. Protect Your ID Documentation 

Expert urges individuals to refrain from posting images of essential identification documents such as passports, birth certificates, or driver's licenses online. These documents contain sensitive information that could be exploited by identity thieves for various criminal activities, including opening unauthorized bank accounts or applying for credit cards. 

7. Stop Sharing Names of Your Loved Ones/Family/Pets 

Security experts advise against sharing personal details such as the names of loved ones or pets online. Hackers frequently attempt to exploit these details when guessing passwords or answering security questions. 

 8. Protect Your Medical Privacy 

Your medical history is a confidential matter and should be treated as such, caution experts. Sharing details about the hospitals or medical facilities you visit can inadvertently lead to a data breach, exposing personal information such as your name and address. 

 9. Protect Your Child's Privacy 

Expert warns against sharing information about your child's school online, as it can potentially put them at risk from online predators and expose them to identity theft. 

 10. Protect Your Ticket Information 

Expert advises against sharing pictures or details of tickets for concerts, events, or travel online. Scammers can exploit this information to impersonate legitimate representatives and deceive you into disclosing additional personal data. 

Furthermore, in 2023, the Internet Crime Complaint Center (IC3) reported a staggering surge in complaints from the American public. A total of 880,418 complaints were filed, marking a significant uptick of nearly 10% compared to the previous year. 

These complaints reflected potential losses exceeding $12.5 billion, representing a substantial increase of 22% in losses suffered compared to 2022. Also, according to the Forbes Advisors, Ransomware, Misconfigurations and Unpatched Systems, Credential Stuffing, and Social Engineering will be the most common threats in 2024.
Read more »
Technology
AI CISO cyber threat Data protection LLM Machine learning Ransomware Technology

Enterprise AI Adoption Raises Cybersecurity Concerns

 




Enterprises are rapidly embracing Artificial Intelligence (AI) and Machine Learning (ML) tools, with transactions skyrocketing by almost 600% in less than a year, according to a recent report by Zscaler. The surge, from 521 million transactions in April 2023 to 3.1 billion monthly by January 2024, underscores a growing reliance on these technologies. However, heightened security concerns have led to a 577% increase in blocked AI/ML transactions, as organisations grapple with emerging cyber threats.

The report highlights the developing tactics of cyber attackers, who now exploit AI tools like Language Model-based Machine Learning (LLMs) to infiltrate organisations covertly. Adversarial AI, a form of AI designed to bypass traditional security measures, poses a particularly stealthy threat.

Concerns about data protection and privacy loom large as enterprises integrate AI/ML tools into their operations. Industries such as healthcare, finance, insurance, services, technology, and manufacturing are at risk, with manufacturing leading in AI traffic generation.

To mitigate risks, many Chief Information Security Officers (CISOs) opt to block a record number of AI/ML transactions, although this approach is seen as a short-term solution. The most commonly blocked AI tools include ChatGPT and OpenAI, while domains like Bing.com and Drift.com are among the most frequently blocked.

However, blocking transactions alone may not suffice in the face of evolving cyber threats. Leading cybersecurity vendors are exploring novel approaches to threat detection, leveraging telemetry data and AI capabilities to identify and respond to potential risks more effectively.

CISOs and security teams face a daunting task in defending against AI-driven attacks, necessitating a comprehensive cybersecurity strategy. Balancing productivity and security is crucial, as evidenced by recent incidents like vishing and smishing attacks targeting high-profile executives.

Attackers increasingly leverage AI in ransomware attacks, automating various stages of the attack chain for faster and more targeted strikes. Generative AI, in particular, enables attackers to identify vulnerabilities and exploit them with greater efficiency, posing significant challenges to enterprise security.

Taking into account these advancements, enterprises must prioritise risk management and enhance their cybersecurity posture to combat the dynamic AI threat landscape. Educating board members and implementing robust security measures are essential in safeguarding against AI-driven cyberattacks.

As institutions deal with the complexities of AI adoption, ensuring data privacy, protecting intellectual property, and mitigating the risks associated with AI tools become paramount. By staying vigilant and adopting proactive security measures, enterprises can better defend against the growing threat posed by these cyberattacks.

Read more »
Privacy
AI Systems Bank Accounts Data protection DWP Financial Security Fraud Privacy

UK Government’s New AI System to Monitor Bank Accounts

 



The UK’s Department for Work and Pensions (DWP) is gearing up to deploy an advanced AI system aimed at detecting fraud and overpayments in social security benefits. The system will scrutinise millions of bank accounts, including those receiving state pensions and Universal Credit. This move comes as part of a broader effort to crack down on individuals either mistakenly or intentionally receiving excessive benefits.

Despite the government's intentions to curb fraudulent activities, the proposed measures have sparked significant backlash. More than 40 organisations, including Age UK and Disability Rights UK, have voiced their concerns, labelling the initiative as "a step too far." These groups argue that the planned mass surveillance of bank accounts poses serious threats to privacy, data protection, and equality.

Under the proposed Data Protection and Digital Information Bill, banks would be mandated to monitor accounts and flag any suspicious activities indicative of fraud. However, critics contend that such measures could set a troubling precedent for intrusive financial surveillance, affecting around 40% of the population who rely on state benefits. Furthermore, these powers extend to scrutinising accounts linked to benefit claims, such as those of partners, parents, and landlords.

In regards to the mounting criticism, the DWP emphasised that the new system does not grant them direct access to individuals' bank accounts or allow monitoring of spending habits. Nevertheless, concerns persist regarding the broad scope of the surveillance, which would entail algorithmic scanning of bank and third-party accounts without prior suspicion of fraudulent behaviour.

The joint letter from advocacy groups highlights the disproportionate nature of the proposed powers and their potential impact on privacy rights. They argue that the sweeping surveillance measures could infringe upon individual liberties and exacerbate existing inequalities within the welfare system.

As the debate rages on, stakeholders are calling for greater transparency and safeguards to prevent misuse of the AI-powered monitoring system. Advocates stress the need for a balanced approach that addresses fraud while upholding fundamental rights to privacy and data protection.

While the DWP asserts that the measures are necessary to combat fraud, critics argue that they represent a disproportionate intrusion into individuals' financial privacy. As this discourse takes shape, the situation is pronouncing the importance of finding a balance between combating fraud and safeguarding civil liberties in the digital sphere. 


Read more »
Technology
Data Privacy Laws Data protection privacy protection smart home devices Technology

Legal Implications for Smart Doorbell Users: Potential £100,000 Fines

 

In the era of smart technology, where convenience often comes hand in hand with innovation, the adoption of smart doorbells has become increasingly popular. However, recent warnings highlight potential legal ramifications for homeowners using these devices, emphasizing the importance of understanding data protection laws. Smart doorbells, equipped with features like video recording and motion detection, provide homeowners with a sense of security. 

Nevertheless, the use of these devices extends beyond personal safety, delving into the realm of data protection and privacy laws. One key aspect that homeowners need to be mindful of is the recording of anything outside their property. While the intention may be to enhance security, it inadvertently places individuals in the realm of data protection regulations. Unauthorized recording of public spaces raises concerns about privacy infringement and legal consequences. The legal landscape around the use of smart doorbells is multifaceted. 

Homeowners must navigate through various data protection laws to ensure compliance. Recording public spaces may violate privacy rights, and penalties for such infractions can be severe. In the United Kingdom, for instance, the Information Commissioner's Office (ICO) enforces data protection laws. Homeowners found in breach of these laws, especially regarding unauthorized recording beyond their property, may face fines of up to £100,000. 

This hefty penalty underscores the significance of understanding and adhering to data protection regulations. The crux of the matter lies in the definition of private and public spaces. While homeowners have the right to secure their private property, extending surveillance to public areas without proper authorization becomes a legal concern. Striking the right balance between personal security and respecting the privacy of others is imperative. 

It's crucial for smart doorbell users to educate themselves on the specific data protection laws applicable to their region. Understanding the boundaries of legal surveillance helps homeowners avoid unintentional violations and the resulting legal consequences. Moreover, the deployment of smart doorbells should align with the principles of necessity and proportionality. Homeowners must assess whether the extent of surveillance is justifiable concerning the intended purpose. 

Indiscriminate recording of public spaces without a legitimate reason may lead to legal repercussions. To mitigate potential legal risks, homeowners can take proactive measures. Displaying clear and visible signage indicating the presence of surveillance devices can serve as a form of consent. It informs individuals entering the monitored space about the recording, aligning with transparency requirements in data protection laws. 

As technology continues to advance, the intersection of innovation and privacy regulations becomes increasingly complex. Homeowners embracing smart doorbell technology must recognize their responsibilities in ensuring lawful and ethical use. Failure to comply with data protection laws not only jeopardizes individual privacy but also exposes homeowners to significant financial penalties. 

The convenience offered by smart doorbells comes with legal responsibilities. Homeowners should be cognizant of the potential £100,000 fines for breaches of data protection laws, especially concerning unauthorized recording of public spaces. Striking a balance between personal security and privacy rights is essential to navigate the evolving landscape of smart home technology within the bounds of the law.
Read more »
Digital Privacy
AI technology Cyber Security cyber threat Data protection Digital Privacy

Indian SMEs Lead in Cybersecurity Preparedness and AI Adoption

 

In an era where the digital landscape is rapidly evolving, Small and Medium Enterprises (SMEs) in India are emerging as resilient players, showcasing robust preparedness for cyber threats and embracing the transformative power of Artificial Intelligence (AI). 

As the global business environment becomes increasingly digital, the proactive stance of Indian SMEs reflects their commitment to harnessing technology for growth while prioritizing cybersecurity. Indian SMEs have traditionally been perceived as vulnerable targets for cyber attacks due to perceived resource constraints. However, recent trends indicate a paradigm shift, with SMEs becoming more proactive and strategic in fortifying their digital defenses. 

This shift is partly driven by a growing awareness of the potential risks associated with cyber threats and a recognition of the critical importance of securing sensitive business and customer data. One of the key factors contributing to enhanced cybersecurity in Indian SMEs is the acknowledgment that no business is immune to cyber threats. 

With high-profile cyber attacks making headlines globally, SMEs in India are increasingly investing in robust cybersecurity measures. This includes the implementation of advanced security protocols, employee training programs, and the adoption of cutting-edge cybersecurity technologies to mitigate risks effectively. Collaborative efforts between industry associations, government initiatives, and private cybersecurity firms have also played a pivotal role in enhancing the cybersecurity posture of Indian SMEs. Awareness campaigns, workshops, and knowledge-sharing platforms have empowered SMEs to stay informed about the latest cybersecurity threats and best practices. 

In tandem with their cybersecurity preparedness, Indian SMEs are seizing the opportunities presented by Artificial Intelligence (AI) to drive innovation, efficiency, and competitiveness. AI, once considered the domain of large enterprises, is now increasingly accessible to SMEs, thanks to advancements in technology and the availability of cost-effective AI solutions. Indian SMEs are leveraging AI across various business functions, including customer service, supply chain management, and data analytics. AI-driven tools are enabling these businesses to automate repetitive tasks, gain actionable insights from vast datasets, and enhance the overall decision-making process. 

This not only improves operational efficiency but also positions SMEs to respond more effectively to market dynamics and changing customer preferences. One notable area of AI adoption among Indian SMEs is cybersecurity itself. AI-powered threat detection systems and predictive analytics are proving instrumental in identifying and mitigating potential cyber threats before they escalate. This proactive approach not only enhances the overall security posture of SMEs but also minimizes the impact of potential breaches. 

The Indian government's focus on promoting a digital ecosystem has also contributed to the enhanced preparedness of SMEs. Initiatives such as Digital India and Make in India have incentivized the adoption of digital technologies, providing SMEs with the necessary impetus to embrace cybersecurity measures and AI solutions. Government-led skill development programs and subsidies for adopting cybersecurity technologies have further empowered SMEs to strengthen their defenses. The availability of resources and expertise through government-backed initiatives has bridged the knowledge gap, enabling SMEs to make informed decisions about cybersecurity investments and AI integration. 

While the strides made by Indian SMEs in cybersecurity and AI adoption are commendable, challenges persist. Limited awareness, budget constraints, and a shortage of skilled cybersecurity professionals remain hurdles that SMEs need to overcome. Collaborative efforts between the government, industry stakeholders, and educational institutions can play a crucial role in addressing these challenges by providing tailored support, training programs, and fostering an ecosystem conducive to innovation and growth. 
 
The proactive approach of Indian SMEs towards cybersecurity preparedness and AI adoption reflects a transformative mindset. By embracing digital technologies, SMEs are not only safeguarding their operations but also positioning themselves as agile, competitive entities in the global marketplace. As the digital landscape continues to evolve, the resilience and adaptability displayed by Indian SMEs bode well for their sustained growth and contribution to the nation's economic vitality.
Read more »
user data security
cryptocurrency wallet Cyber Crime Data protection hardware wallet compromise Phishing Attacks phishing threat Trezor breach Trezor response Unauthorized access user data security

Trezor Unveils Unauthorized User Data Access, Highlighting Emerging Phishing Threat

 

Hardware wallet manufacturer Trezor recently announced a security breach that may have exposed the personal data of approximately 66,000 users. The breach involved unauthorized access to a third-party support portal. Trezor, a renowned provider of cryptocurrency hardware wallets, took immediate action to address the situation and notify affected users.

The security breach was identified when Trezor detected unauthorized access to the third-party support portal. Users who had interacted with Trezor’s support team since December 2021 may have had their contact details compromised in the incident. While the breach did not compromise users' funds or their physical hardware wallets, concerns were raised about potential phishing attacks targeting affected individuals.

Phishing, a common cybercrime technique, involves attackers impersonating trusted entities to deceive individuals into revealing sensitive information. At least 41 users reported receiving direct email messages from the attacker, requesting information related to their recovery seeds. Additionally, eight users who had accounts on the same third-party vendor’s trial discussion platform had their contact details exposed.

Trezor responded swiftly to the security breach, ensuring that no recovery seed phrases were disclosed. The company promptly alerted users who received phishing emails within an hour of detecting the breach. While there hasn't been a significant increase in phishing activity, the exposure of email addresses could make affected users vulnerable to future attempts.

Trezor took proactive measures to mitigate the impact of the breach, emailing all 66,000 affected contacts to inform them of the incident and associated risks. The company reassured users that their hardware wallets remained secure, emphasizing that the breach did not compromise the security of their cryptocurrency holdings.

Despite previous security incidents, including phishing attempts and scams involving counterfeit hardware wallets, Trezor has consistently demonstrated a commitment to enhancing user security. The company remains vigilant in safeguarding the assets and information of its users, with hardware wallet security being a top priority.

In response to the recent incident, Trezor advised users to exercise caution and adhere to best practices for protection against potential phishing attacks. This includes being skeptical of unsolicited communications, avoiding clicking on suspicious links or downloading attachments from unknown sources, and refraining from sharing sensitive information such as recovery seed phrases or private keys.

Users are encouraged to monitor their accounts and financial transactions regularly for signs of unauthorized activity. Additionally, enabling two-factor authentication (2FA) whenever possible provides an additional layer of security against unauthorized access.
Read more »
Technology
AI regulations Artificial Intelligence ChatGPT CISA CSA Data protection Data Safety Technology

2024 Data Dilemmas: Navigating Localization Mandates and AI Regulations

 


Data has been increasing in value for years and there have been many instances when it has been misused or stolen, so it is no surprise that regulators are increasingly focused on it. Shortly, global data regulation is likely to continue to grow, affecting nearly every industry as a result.

There is, however, a particular type of regulation affecting the payments industry, the "cash-free society," known as data localization. This type of regulation increases the costs and compliance investments related to infrastructure and compliance. 

There is a growing array of overlapping (and at times confusing) regulations on data privacy, protection, and localization emerging across a host of countries and regions around the globe, which is placing pressure on the strategy of winning through scale.

As a result of these regulations, companies are being forced to change their traditional uniform approach to data management: organizations that excelled at globalizing their operations must now think locally to remain competitive. 

As a result, their regional compliance costs increase because they have to invest time, energy, and managerial attention in understanding the unique characteristics of each regulatory jurisdiction in which they operate, resulting in higher compliance costs for their region. 

As difficult as it may sound, it is not an easy lift to cross geographical boundaries, but companies that find a way to do so will experience significant benefits — growth and increased market share — by being aware of local regulations while ensuring that their customer experiences are excellent, as well as utilizing the data sets they possess across the globe. 

Second, a trend has emerged regarding the use of data in generative artificial intelligence (GenAI) models, where the Biden administration's AI executive order, in conjunction with the EU's AI Act, is likely to have the greatest influence in the coming year.

The experts have indicated that enforcement of data protection laws will continue to be used more often in the future, affecting a wider range of companies, as well. In 2024, Troy Leach, chief strategy officer for the Cloud Security Alliance (CSA), believes that the time has come for companies to take a more analytical approach towards moving data into the cloud since they will be much more aware of where their data goes. 

The EU, Chinese, and US regulators put an exclamation point on data security regulations in 2023 with some severe fines. There were fines imposed by the Irish Data Protection Commission on Meta, the company behind Facebook, in May for violating localization regulations by transferring personal data about European users to the United States in violation of localization regulations. 

For violating Chinese privacy and data security regulations, Didi Global was fined over 8 billion yuan ($1.2 billion) in July by Chinese authorities for violating the country's privacy and data security laws. As Raghvendra Singh, the head of Tata Consultancy Services' cybersecurity arm, TCS Cybersecurity, points out, the regulatory landscape is becoming more complex, especially as the age of cloud computing grows. He believes that most governments across the world are either currently defining their data privacy and protection policies or are going to the next level if they have already done so," he states.

Within a country, data localization provisions restrict how data is stored, processed, and/or transferred. Generally, the restriction on storage and processing data is absolute, and a company is required to store and process data locally. 

However, transfer restrictions tend to be conditional. These laws are usually based on the belief that data cannot be transferred outside the borders of the country unless certain conditions are met. However, at their most extreme, data localization provisions may require very strict data processing, storing, and accessing procedures only to be performed within a country where data itself cannot be exported. 

Data storage, processing, and/or transfers within a company must be done locally. However, this mandate conflicts with the underlying architecture of the Internet, where caching and load balancing are often system-independent and are often borderless. This is especially problematic for those who are in the payments industry. 

After all, any single transaction involves multiple parties, involving data moving in different directions, often from one country to another (for instance, a U.S. MasterCard holder who pays for her hotel stay in Beijing with her American MasterCard). 

Business is growing worldwide and moving towards centralizing data and related systems, so the restriction of data localization requires investments in local infrastructure to provide storage and processing solutions. 

The operating architecture of businesses, business plans, and hopes for future expansion can be disrupted or made more difficult and expensive, or at least more costly, as a result of these disruptions. AI Concerns Lead to a Shift in The Landscape The technology of the cloud is responsible for the localization of data, however, what will have a major impact on businesses and how they handle data in the coming year is the fast adoption of artificial intelligence services and the government's attempts to regulate the introduction of this new technology. 

Leach believes that as companies become more concerned about being left behind in the innovation landscape, they may not perform sufficient due diligence, which may lead to failure. The GenAI model is a technology that organizations can use to protect their data, using a private instance within the cloud, he adds, but the data in the cloud will remain encrypted, he adds.
Read more »
VPN security
Cyber Security Data Encryption Data protection fast VPN geo-restriction bypass Online Privacy private browsing VPN risks VPN security

Unveiling Free VPN Risks: Protecting Online Privacy and Security

 

If you're seeking enhanced security and privacy for your online activities, you might be considering the use of a Virtual Private Network (VPN). Virtual Private Networks (VPNs) are specifically crafted to accomplish this task. 

A quality VPN channels your web traffic through a secure server, masking your IP address, encrypting your data, and shielding your personal information from unauthorized access.

This software's abilities have attracted various users, ranging from activists safeguarding human rights to individuals seeking access to restricted sports events or exclusive TV shows. An abundance of VPN options exists, including free ones. However, experts advise caution when opting for free VPNs, emphasizing the importance of understanding the potential risks associated with them.

Free VPNs often offer only basic features, lacking advanced functionalities like split tunnelling, which divides internet traffic between the VPN and an open network, or the ability to bypass geo-restrictions for streaming purposes. These limitations might compromise your online experience and fall short of providing the desired level of protection.

  • Encryption Weakness: Many free VPNs use outdated or weak encryption protocols, leaving users vulnerable to cyber threats and data breaches.
  • Data Restrictions: Free VPNs usually impose data caps, restricting high-data activities and causing inconvenience to heavy users.
  • Speed Issues: Free VPNs might suffer from overcrowded servers, resulting in sluggish connection speeds, latency, and buffering, significantly affecting browsing, streaming, and gaming experiences.
  • Server Limitations: With fewer servers, free VPNs struggle to offer reliable and fast connections, limiting access to geo-restricted content.
  • Data Collection: Some free VPNs collect and sell users' browsing data to third parties, compromising privacy and resulting in targeted ads or even identity theft.
  • Advertisements: Free VPNs often bombard users with intrusive ads and pop-ups, as they rely on advertising for revenue.
  • Malware Risks: Lesser-known free VPNs may harbor malware, posing severe risks to devices and personal data, potentially leading to hacking or data theft.
It's crucial to weigh the convenience of a free VPN against the risks it poses, emphasizing the potential compromise on privacy, security, and overall online experience.
Read more »
Scam
2FA Cash App Cyber Security Data protection Financial Fraud Holiday Scam Identity Theft Money Transfer Scam

Fallen Victim to Zelle Scams During the Holiday Season

Identity theft is a serious concern at a time of rapid technology development and digital commerce. It becomes essential to strengthen our defenses against potential cyber threats as we negotiate the complexities of internet platforms and financial services. Identity protection must be prioritized immediately, as shown by several recent instances. 

A thorough analysis by CNET states that as more people become aware of the significance of protecting their personal information online, there is a growing demand for identity theft protection services. The paper emphasizes that because hackers have become more skilled, protecting sensitive data needs to be done proactively.

The holiday season, a time of increased financial activity, poses additional challenges. Fraudsters exploit popular money transfer services like Zelle, Venmo, and Cash App during this period. As we enter 2023, it is crucial to be aware of potential threats and adopt preventive measures. Emily Mason's analysis serves as a wake-up call, urging users to exercise caution and be vigilant in protecting their accounts.

One of the prevalent scams involves Zelle, as reported by sources. Victims of Zelle scams find themselves ensnared in a web of financial deceit, with the aftermath often leaving them grappling for solutions. Refund scams, in particular, have become a cause for concern, prompting financial experts to emphasize the need for enhanced security measures and user education.

To fortify your defenses against identity theft and financial fraud, consider implementing the following recommendations:
  • Employ Robust Identity Theft Protection Services: Invest in reputable identity theft protection services that monitor your personal information across various online platforms.
  • Enable Two-Factor Authentication (2FA): Add an extra layer of security to your accounts by enabling 2FA. This additional step can thwart unauthorized access attempts.
  • Stay Informed and Vigilant: Keep abreast of the latest scams and fraud techniques. Awareness is your first line of defense.
  • Regularly Monitor Financial Statements: Review your bank and credit card statements regularly for any suspicious activity. Promptly report any discrepancies to your financial institution.
  • Educate Yourself on Common Scams: Familiarize yourself with the modus operandi of common scams, such as refund fraud and phishing attempts, to recognize and avoid potential threats.
Safeguarding your identity in the constantly changing world of digital transactions is a shared duty between users and the platforms they use. People can greatly lower their chance of being victims of identity theft and financial fraud by being informed and taking preventative action. As technology develops, maintaining the integrity of our personal data increasingly depends on taking a proactive approach to security.

Read more »
Vulnerabilities and Exploits
China Data Privacy Laws Data protection geolocation Military Data Sensitive data unauthorised access Vulnerabilities and Exploits

China Launches Probe into Geographic Data Security

China has started a security investigation into the export of geolocation data, a development that highlights the nation's rising concerns about data security. The probe, which was made public on December 11, 2023, represents a major advancement in China's attempts to protect private information, especially geographic information that can have national security ramifications.

The decision to scrutinize the outbound flow of geographic data comes amid a global landscape increasingly shaped by digital technologies. China, like many other nations, recognizes the strategic importance of such data in areas ranging from urban planning and transportation to military operations. The probe aims to ensure that critical geographic information does not fall into the wrong hands, posing potential threats to the nation's security.

The official statements from Chinese authorities emphasize the need for enhanced cybersecurity measures, especially concerning data breaches that could affect transportation and military operations. The concern is not limited to unauthorized access but extends to the potential misuse of geographic information, which could compromise critical infrastructure and national defense capabilities.

"Geographic information is a cornerstone of national security, and any breaches in its handling can have far-reaching consequences," a spokeswoman for China's Ministry of Public Security said. In order to stop unwanted access or abuse, our objective is to locate and fix any possible weaknesses in the system."

International watchers have taken notice of the development, which has sparked concerns about the wider ramifications for companies and organizations that deal with geolocation data. Other countries might review their own cybersecurity regulations as a result of China's aggressive steps to bolster its data protection safeguards.

This development aligns with a global trend where countries are increasingly recognizing the need to regulate and protect the flow of sensitive data, particularly in the digital age. As data becomes a valuable asset with strategic implications, governments are compelled to strike a balance between fostering innovation and safeguarding national interests.

China's security probe into the export of geographic data signals a heightened awareness of the potential risks associated with data breaches. As the world becomes more interconnected, nations are grappling with the challenge of securing critical information. The outcome of China's investigation will likely shape future policies and practices in data security, setting a precedent for other countries to follow suit in safeguarding their digital assets.

Read more »
User Information
23andMe ancestry files Cybersecurity Data Breach Data protection Genetic testing hacker access Online Privacy User Information

23andMe Reports Hackers Accessed "Significant Number" of Ancestry Files

 

Genetic testing company 23andMe declared on Friday that approximately 14,000 customer accounts were compromised in its recent data breach. In an updated submission to the U.S. Securities and Exchange Commission, the company revealed that its investigation determined the breach affected 0.1% of its customer base, equivalent to around 14,000 individuals out of its reported 14 million worldwide customers.

The hackers not only gained access to these accounts but also managed to retrieve "a significant number of files" containing profile information related to other users' ancestry who had opted into 23andMe's DNA Relatives feature. The company refrained from specifying the exact number of impacted files or users in this category.

Despite requests for clarification on these figures, 23andMe did not immediately respond to inquiries. The data breach, disclosed in early October, utilized the "credential stuffing" method, where hackers exploit a known password obtained from a previous data breach to infiltrate a victim's account.

The repercussions extended beyond the initially compromised accounts due to 23andMe's DNA Relatives feature, allowing hackers to access personal data of individuals connected to the primary victim. The stolen data for the initial 14,000 users generally included ancestry information and, for a subset, health-related information based on genetics. For the other subset, 23andMe mentioned the theft of "profile information" without specifying the details.

Upon analyzing the stolen data, TechCrunch found similarities with known public genealogy records, raising concerns about the exposure of sensitive user and genetic information. 

The data breach first surfaced in October when hackers advertised alleged data from one million Jewish Ashkenazi descent users and 100,000 Chinese users on a prominent hacking forum. Subsequently, the same hacker offered records of an additional four million people for sale.

A separate hacker, reported two months earlier, claimed to possess 300 terabytes of stolen 23andMe user data, seeking $50 million for the entire database or offering subsets for amounts ranging from $1,000 to $10,000. In response to the breach, 23andMe enforced password resets on October 10 and urged users to enable multi-factor authentication. By November 6, the company mandated two-step verification for all users. Following 23andMe's breach, DNA testing companies Ancestry and MyHeritage also implemented mandatory two-factor authentication.
Read more »
Technology
ChatGPT Data protection Generative AI South Korea Technology

South Korea Aims to be the Global Leader in Regulating Generative AI

Generative AI

South Korea and Generative AI

The emergence of generative artificial intelligence (AI) technologies, such as ChatGPT, has caused regulators all around the world to establish rules and regulations governing their use. South Korea is rising to the occasion by trying to create normative frameworks for emerging AI technologies, to set a precedent for other countries in data protection and industry regulation. 

Ko Hak-soo, chairman of Korea's Personal Information Protection Commission (PIPC), talked about South Korea's goal to develop AI rules and data protection on a worldwide scale in an exclusive interview with The Korea Herald.

Korea's PIPC Chairman aspires to lead the world

Ko Hak-soo, who took over as PIPC head in October of the year prior, has been actively involved in discussions over data privacy and AI policies. Particularly, he has been selected for the United Nations' high-level advisory group on artificial intelligence, highlighting Korea's significance in worldwide AI governance.

Ko stressed South Korea's determination to be a global leader in establishing AI rules. While recognizing that the European Union and the United States have taken a leading role in regulating AI, he emphasized the importance of Korea forging its path, given its unique AI ecosystem, which offers one of the world's greatest AI scaleup conditions and is home to IT behemoths such as Naver and Kakao.

"We need to come up with more balanced normative systems while stepping up global cooperation in effectively responding to the technology," Ko went on to say.

Korea's one-of-a-kind AI ecosystem

Korea's AI landscape differs from other countries. With a strong AI scaleup environment and big tech businesses situated within its borders, Korea is well-positioned to make important contributions to the advancement of AI rules that balance industrial growth and personal data protection.

Ko stated that the nation's AI sector has been under discussion for over five years, illustrating Korea's proactive approach to addressing AI-related concerns. When it comes to coordinating national AI data strategy, the PIPC, as a central administrative agency, stands in an unparalleled position in Asia.

As generative AI technologies continue to revolutionize many sectors, South Korea has established itself as a leader in AI data regulation and protection. The actions of Ko Hak-soo and the PIPC highlight Korea's dedication to balancing business expansion with sensitive data protection, forging a path independent of that of the EU and the US. 

South Korea is on course to become an important player in determining the future of AI policy and data protection globally, with upcoming global events and active involvement in international forums.


Read more »
Subscribe to: Posts (Atom)