Tag Archives: data

Is 23andMe’s DNA Trustworthy Without Significant Safeguards? | Data Protection

Posted on by
Reply

WIs hats next for 23andMe? Most people know this biotech company as a genetic testing service. The story of a woman who sends a cheek swab through the mail and discovers that the parents who raised her were not her biological parents has become something of a millennial horror genre. Of course, most 23andMe experiences aren’t that dramatic. The company says more than 14 million people have used the service to learn more about their ancestry.

But this month, 23andMe revealed it was facing major financial troubles, and more information emerged about the company’s devastating security breach last year. Now, customers may be wondering, “Can I trust his DNA on 23andMe?”

DNA “bait and switch”

Last week, 23andMe reported dismal third-quarter results, and the company’s stock price slumped.
CNBC reported. The company’s financial difficulties come down to longevity issues. The company’s most famous service, DNA ancestry testing, is a one-time transaction. After being tested, there is no reason for consumers to continue paying for his 23andMe, and it has reached a kind of plateau.

Nevertheless, the company’s CEO, Ann Wojcicki, said:
wired She remains “optimistic” about 23andMe’s future.

At-home DNA testing is so popular that you can even order one for your dog. 23andMe was the first company to offer this (human) service in 2007, and it now serves an estimated one in five American girlfriends.
I’ve tried Genetic testing that can be done at home. Some customers handed over personal data that Wojcicki and others used for purposes other than family reunions.

From 2018 to 2023, 23andMe partnered with pharmaceutical giant GlaxoSmithKline to use customers’ genetic information to help develop drug targets. (Drug targets are molecules involved in a disease. Researchers use them to develop treatments for specific diseases.) This year, the partnership became non-exclusive. This means 23andMe can sign deals with more drug companies and squeeze more money out of them. From the treasure trove of DNA.

“This is a real resource that different organizations can apply to their own drug discovery,” Wojcicki said, adding that 23andMe is interested in researching inflammatory immunology, particularly asthma.

23andMe already has two cancer drugs in clinical trials. These drugs are created from the user’s genetic data. But 23andMe users may not realize that the spit they gave the company months or years ago is being used to make more money.

As Health Reporter Kristen V. Brown
I have written For Bloomberg in 2021: “It’s strange that the 8.8 million 23andMe customers who once said, sure, use my data for whatever they want and didn’t check the box, now feel like they’ve been baited. Now they’re making the switch because their genes lay the foundation for potential cancer treatments. ” (Since 2021, the number of customers who have checked that box has grown to 10 million, according to Wired.)

Americans tend to believe that their health data is protected by Hipaa, the medical privacy law, and 23andMe, with its official-looking cheek swabs and far-flung labs, sure is too. However, 23andMe is not a healthcare provider.same rules
do not apply.

“There are no significant safeguards or regulations around the collection and sale of truly sensitive personal data,” said Suzanne Bernstein, a legal researcher at the Electronic Privacy Information Center. “A nefarious presence for 23andMe.” [data] A breach constitutes a security issue, but so does a company sharing your information with a third party you don’t know. Customers can technically consent to data sharing by agreeing to terms and conditions, but they are very long and many people don’t read them. ”




Ann Wojcicki, CEO of the company, 2015. Photo: Brad Barket/Getty Images for Fast Company

Some people may feel honored to have their genes used in cancer research. Some people may feel cheated because they paid about $229 for a DNA test kit and 23andMe is using their health data for free. Torin Klosowski, a security and privacy activist at the Electronic Frontier Foundation, said 23andMe could do more to help customers better understand the move before opting in.

“The fact that so many people are surprised by the amount of data being leaked elsewhere is a sign that 23andMe is not explaining things very clearly,” he said.

Klosowski added that users can opt out of 23andMe’s use of their data long after they have shipped their DNA swab, but that information may already have been used for research purposes. “You can ask 23andMe to stop using your information, but you cannot ask 23andMe to remove your sold data from its lists,” he said.

On the other hand, 23andMe
maintain Users are asked to select a survey at the time of purchase and all personal data is de-identified before being shipped for analysis. Your data will not be used without this consent, which you can withdraw. The company’s research department is also overseen by an “independent and impartial” review board. (23andMe did not respond to a request for comment.)

Data breaches lead to class action lawsuits

The 23andMe security breach is still on the minds of many customers. Approximately 7 million customer profiles were hacked last year. Over a five-month period, hackers compromised the personal information of up to 5.5 million people who opted in to one of 23andMe’s best-known features, including their career status reports. I was able to access my health records. Find relatives.

Customers of Chinese and Ashkenazi Jewish descent appear to have been targeted in the breach, and their information was sold on the dark web, the New York Times reported.
report. Some of these users recently filed a class action lawsuit against 23andMe, alleging the company failed to notify them of the exposure.

As The Guardian reported on Thursday, 23andMe in a letter to customers downplayed its responsibility for the hack and made claims about the health information that was accessed. It cannot be used for the purpose of causing harm. The company also criticized customers for “carelessly recycling their passwords and not updating them,” a response one former customer called “morally and politically foolish.”

Wojcicki did not directly discuss the breach due to pending litigation, but told Wired that 23andMe introduced two-factor authentication and forced customers to reset their passwords. “Data privacy and security has always been a very high priority and continues to be a high priority for the company, and we intend to further invest in it,” she said.

Will 23andMe’s security problems spell the end for a company once hailed as a “corporate” by Time?
inventions of the year? Regardless of whether customer privacy concerns are well-founded, the company’s financial position is rapidly deteriorating, and CNN
report If the stock price does not rise, the company could be delisted from the Nasdaq.

Dominic Sellitto, a clinical assistant professor at the University at Buffalo who specializes in digital privacy, believes that if 23andMe survives this year, it will be thanks to data mining. “There is a lot of demand and funding for data, especially high-quality health data,” he said. “If 23andMe continues to monetize, it will be the golden ticket in 2024.”

Source: www.theguardian.com

AI Companies Will Be Required by Labor to Share Test Data on Their Technology

Posted on by
Reply

Labor is planning to require artificial intelligence companies to share the results of their road tests with authorities, replacing voluntary testing agreements with a statutory system. Peter Kyle, the shadow technology secretary, emphasized the need for greater transparency from tech companies, particularly in the wake of Brianna Gee’s murder.

Under Labor’s proposals, AI companies would be required to disclose their plans for developing AI systems and ensure safe testing under independent oversight. The testing agreement announced at the Global AI Safety Summit was supported by the EU and other countries, including the US, UK, Japan, France, and Germany.

During a visit to the United States, Kyle emphasized the importance of test results in providing independent scrutiny of cutting-edge AI technology. He stressed the need to ensure the safe development of technology that will have a significant impact on workplaces, societies, and cultures.

Tech companies that have agreed to test their models include Google, OpenAI, Amazon, Microsoft, and Meta. Kyle also highlighted the role of the British AI Safety Association in independently scrutinizing AI development.

“We are moving from voluntary regulations to statutory regulations,” Mr Kyle told BBC One’s Sunday with Laura Kuenssberg. We can find out what they’re testing for, so we know exactly what’s going on and where this technology is taking us.”

At the first Global AI Safety Summit in November, Rishi Sunak announced voluntary agreements with major AI companies such as Google and OpenAI. Under Labor’s proposals, AI companies would be required to disclose their plans for developing AI systems and ensure safe testing under independent oversight.

He added: “Some of this technology will have a profound impact on our workplaces, societies and cultures. And we need to ensure that its development occurs safely.”

Source: www.theguardian.com

Google Commits to Removing Abortion Clinic Visit Location Data Despite Research Findings

Posted on by
Reply

Google made a promise in July 2022 to remove location data of users who visited abortion clinics. However, little progress has been made in fulfilling this promise. This move would make it more difficult for law enforcement to use this information to investigate and prosecute people seeking abortions in states where abortion is banned or restricted. Recent research shows that Google still retains location history data in 50% of cases.

Google originally made this promise shortly after the Supreme Court’s decision to end federal abortion protections. The company stated it would remove entries for locations considered “private” or sensitive, including “health care facilities such as counseling centers, domestic violence shelters, and abortion clinics.” However, as of now, there has been no implementation of this policy. A study conducted by tech advocacy group Accountable Tech found that Google does not mask location data in all cases, even after claiming to prioritize user privacy and implement changes to its location retention policy “as promised” in early 2022.

Accountable Tech’s latest study revealed that while Google’s location retention rates had improved slightly, the company was still not deleting location history in all cases as promised. Google Maps’ Director of Products, Marlo McGriff, disputed this finding and stated that any claims of non-compliance are false.

Researchers used her latest Android device to guide her to an abortion clinic and tested what location data it stored about her trip in the latest study. The study also found that Google still holds data on the location search queries and other criminal data as well, from emails to Google search data. Law enforcement’s use of reverse search warrants and geofence location warrants have raised new concerns about user data privacy.

Recently, Google announced plans to change the way it stores location history data for all its users. This change includes storing location data on users’ devices by default and encrypting and deleting all location data backed up to Google’s cloud storage after three months. However, Accountable Tech remains skeptical of Google’s promises to protect location data, based on its history of unfulfilled commitments.

Source: www.theguardian.com

Unlocking the Power of Your Business Data: 4 Ways Azure Cloud Drives Employee Engagement and Customer Insights

Posted on by
Reply

As organizations move their computing infrastructure to the cloud, they are harnessing the power of data like never before. Cloud-based services use artificial intelligence (AI) to make data easier to access, search, and understand. Instead of data being the property of a team of data scientists and analysts, new cloud-based tools and technologies are opening up this area of expertise to a wider range of employees across the organization.

Leighton Searle, director of Azure Solutions UK at Microsoft, believes there are significant benefits for businesses running their IT infrastructure. microsoft azure cloud platform. “The huge potential of new generative AI technologies has placed a renewed emphasis on the quality and availability of data in organizations,” he says. When companies move their data to the Microsoft Azure cloud platform, they can instantly access tools and services to unlock their value for both employees and customers. This will lead to culture change and deeper embedding of data throughout the business.

Searle identifies four areas where the cloud is accelerating the use of data, empowering employees, and increasing productivity.

1 Empower employees to make data-driven decisions
Searle emphasized that the cloud is helping to democratize data, allowing employees to access data directly in their daily workflows, rather than being locked into administrative reports or separate line-of-business applications. Masu. “To unlock the value of data and realize its potential, data must be accessible to the people who need it,” Searle said. “It provides contact center agents with a scannable overview of all previous customer interactions, transactions, and support calls, as well as instant access to a company-wide knowledge base of specialized information for world-class That could mean providing a better customer experience or enabling mobile mechanics to meet customer needs. Identifying parts and inventory status from a photo taken with a mobile phone.”

Almost every role can benefit from timely, secure and relevant data, Searle says. When staff become responsible for managing data related to their role, they need tools to simplify the process. Data visualization tools help employees create simple representations of data to glean insights and improve customer experiences.For example, Heathrow Airport Microsoft Power BI Use data visualization tools through Microsoft Teams to transform data from management systems into visualizations that are easy for staff to read. These allow employees to see at a glance how airport passenger numbers are changing in real time. Prepare your staff for the peaks and troughs rather than just reacting to them.

2 Breaking down data silos
To achieve a higher degree of data democracy, data must be made available throughout the organization, rather than being locked away in a central repository. “With the right guidance, governance, and guardrails in place, you can enable the rest of your business and provide access to the data you need,” Searle says.

For example, a group of five south London boroughs formed the South London Partnership; Linked with Azure Build a universal data platform. This includes sharing data from “Internet of Things” (IoT) sensors monitoring at-risk populations, and he estimates the partnership has already saved four lives. I am. IoT sensors also monitor air quality and flood risk. “The ability of cloud technology to share data while maintaining data rights and privacy has allowed us to break down data silos,” Searle says.

3 Building AI and modern search to accelerate your business
Customer and employee expectations have changed as AI-driven experiences play a larger role in daily life. Along with a good data foundation and a good data culture, these experiences are quickly becoming critical to both employee and customer retention. Employees can use internal apps to search for data and access historical information in “structured” tables and graphs or in “unstructured” formats from documents, images, and other sources. You need to dig deep into your knowledge.

Mr. Searle points out that: Azure cognitive search The platform and Azure Open AI service allow users to type common natural language queries into the search bar. This is processed by an AI-powered system that looks at all data sources and returns a natural language summary from the most relevant sources. Used for validation or further research. He says this type of his AI-driven experience will help companies derive insights and make data-driven decisions intuitively and at unprecedented speed.

For example, Cambridge and Peterborough NHS Foundation Trust moved its computing infrastructure to the cloud and used Azure Cognitive Search to Make patient records easier to search By the clinician. The trust has uploaded all records to Azure. The records included all kinds of unstructured data, including handwritten notes, doctor's notes, scanned images, and photographs.

Clinicians said they were “blown away” to learn that Azure Cognitive Search enabled them to discover these diverse formats, allowing them to quickly find handwritten notes and records from the previous year.

4 Building a data-driven culture
From frontline workers to boardroom executives, all employees should be open to incorporating data into the way they work, Searle says. He believes they can all learn from and contribute to enriching the data that flows through them. Employees who are involved in managing their own data are also better placed to reduce the risk of bias and incorrect assumptions in data-driven decision-making.

Searle believes that democratizing data requires a significant change in corporate culture. Departments across the organization, such as human resources, marketing, operations, sales, and finance, play a critical role in the data they generate and consume. For example, business users of organizational data are in the best position to set data security and access policies and manage the data so that it can be used with confidence by other parts of the business.

The pace of change can be daunting for leaders at all levels. To help organizations upskill, Microsoft has partnered with European business school Insead to AI Business School.

Searle outlines the steps businesses need to take to get the most out of their data. “We securely bring data into the Microsoft cloud. We lead from the top to build a data-driven culture across the organization and move quickly to projects that deliver business value. This positive experience ripples throughout the business, and this It will help us incorporate data-driven approaches to further scale.”

read more

Source: www.theguardian.com

Hackers in 2023 stole $2 billion worth of cryptocurrencies, reveals data

Posted on by
Reply

Over the course of another year, hackers stole billions of dollars in cryptocurrencies. However, the cryptocurrency security firm says it is on the decline for the first time since 2020.

According to Web3 security firm De.FI, hackers have stolen about $2 billion worth of cryptocurrencies in dozens of cyberattacks and thefts this year. Rekt leaderboard. The site ranks the worst crypto hacks of all time, from the 2022 Ronin network breach, in which hackers stole more than $600 million in crypto, to this year’s big-money hack of Mixin Network. It is attached. The hacker made about $200 million.

“This amount, while spread across a variety of incidents, highlights the persistent vulnerabilities and challenges within the DeFi ecosystem,” De.Fi said in the report, which the company reported on TechCrunch shared. “2023 was a year that demonstrated both the ongoing vulnerabilities and the progress made in addressing them, even though the first half of the year saw a relative lack of interest in the sector due to the bear market. .”

In early December, blockchain intelligence company TRM Labs also announced Announcing estimated value of stolen virtual currency By hackers this year. According to the company, the total amount as of mid-December was approximately $1.7 billion.

Other worst cryptocurrency thefts this year include the hack into Euler Finance, where hackers stole nearly $200 million. Also included were major hacks of Multichain ($126 million), BonqDAO ($120 million), Poloniex ($114 million), Atomic Wallet ($100 million), and more.

Last year, a blockchain monitoring company Chainalysis reported that cybercriminals stole an all-time record of approximately $3.8 billion In code. $1.7 billion of that was stolen by North Korean government hackers known as the Lazarus Group, one of the most prolific crypto theft groups, as part of efforts to fund the regime’s sanctioned nuclear weapons program. .

“It is no exaggeration to say that crypto hacking represents a significant portion of this country’s economy,” Chainalysis said in a report last year.

The previous year, in 2021, hackers stole $3.3 billion. According to Chainalysis,

It is impossible to predict what will happen in 2024. However, given the insufficient security implemented by many cryptocurrencies and Web3 projects and the enormous monetary value they hold, Discussed at TechCrunch Disrupt earlier this yearit is expected that hackers will continue to target growing industries.

Source: techcrunch.com

How to Protect Yourself from Phone Apps Collecting Your Data

Posted on by
Reply

You might be surprised by the number of apps that gather detailed personal data. This includes some of the top apps from the App Store and Google Play Store. As a CyberGuy, my primary goal is to educate people about their power to protect themselves, especially their privacy.

AtlasVPN has published a new report identifying the shopping apps that collect the most data about you. eBay came out on top, with their Android app capturing 28 different data points. The top 10 on the list include eBay, Amazon Shopping, Pay later, Lowe’s, iHerb, Vinted, Home Depot, Alibaba, Poshmark, and Nike. All of these apps collect at least 18 data points about you. Some of that information is related to data performance and app activity, but some apps also collect financial and personal data.

eBay, Amazon, and Home Depot are three apps known to collect personal data. Getty Images

Privacy concerns to consider regarding shopping apps

According to the report, 58% of shopping apps on the Google Play Store share users’ personal information with third-party companies. This includes information like your name, email address, phone number, and even your home address. These companies can use your data in any way they like. Additionally, 52% of shopping apps share your device ID with third-party companies, and over a third of the shopping apps analyzed provide users’ financial data to third parties, including purchase history and payment information.

More than half of shopping apps share device IDs with third-party companies. alamy stock photo

Responses to privacy inquiries

Home Depot responded by stating that they use customer information to improve the customer experience and personalize it. They also have privacy and security controls in place to protect personal information. Amazon also responded, stating that they collect, process, and share personal information only to provide a great shopping experience and do not sell customers’ personal information to others.

Consumers must take their privacy into their own hands when shopping online. Getty Images

7 ways to protect your privacy when using shopping apps

1) Find out what information each app collects before downloading. Check the app’s privacy section in the App Store or Google Play Store.

2) Avoid downloading unreliable apps. If you have any unreliable apps on your phone, delete them immediately to avoid sharing your personal information with third parties.

3) Check app permissions before installing or updating an app. Deny or revoke permissions that are unnecessary or intrusive to your app’s functionality.

Avoiding untrusted apps is a good starting point. Getty Images

4) Use a VPN when browsing or shopping online to encrypt your internet traffic and hide your IP address.

5) Clear your cache and cookies regularly. These files store information about your browsing history, settings, and login details.

6) Use a password manager to create and store strong, unique passwords for each app and website you use.

7) Opt out of personalized ads and data sharing to reduce the amount of data collected and used for ad targeting.

If you often shop online, opting out of data sharing may be an important step. Getty Images

Cart important points

Most apps we use today collect data about us in some way. It’s crucial to understand what information you’re handing over and how to protect your privacy, especially since 75% of shopping apps share your information with third parties.

Source: nypost.com

Snowflake makes a big move into data clean rooms with acquisition of Samooha

Posted on by
Reply

snowflake is buying Samuhaa startup developing a “cross-cloud” data collaboration suite; company announced This morning it was added to the list of big tech acquisitions for the holiday season.

The transaction, which is expected to close by the end of this month and is subject to customary closing conditions, will enable Snowflake to securely share, collaborate on, and gain insights from their own and partners’ data, a well-established data clean technology. Acquire the “Room” platform. Regardless of the underlying data stack.

Samooha, in turn, will receive an undisclosed amount of cash and/or stock, along with support for Snowflake’s extensive technology and engineering infrastructure. All 19 Samooha employees, including CEO Kamakshi Sivaramakrishnan and co-founder Abhishek Bhowmik, will be joining Snowflake in some capacity.

“This acquisition further strengthens our mission to leverage the world’s data by accelerating the built-in capabilities of the Snowflake platform for our customers,” Carl Perry, director of product management at Snowflake, said in an email. told TechCrunch. “Samooha customers will benefit from Snowflake’s many built-in platform features and the powerful network of the Snowflake Data Cloud. Meanwhile, Snowflake customers will be able to use the data clean room where their data already resides within Snowflake. It’s now faster and easier to build, connect, and use directly with .

Los Altos-based Samuha, co-founded by Sivaramakrishnan and Bhowmik in 2022, competes in the increasingly crowded data cleanroom space. AWS has a data clean room product, and so do startups like Herb. However, Samooha differentiates itself by relying heavily on his Snowflake ecosystem. Naturally, Snowflake was an early investor.

Samooha, a Snowflake native app, provides a no-code UI that customers can use to access and build clean room apps.The company went The company specifically targets industries considered to be potentially underserved, including healthcare, financial services, advertising, retail, and entertainment, and its customer base includes several Fortune 500 brands. He claimed that

Buoyed by its customer acquisition momentum, Samooha raised $12.5 million from investors including Altimeter Capital prior to the acquisition. The startup was valued at about $40 million post-money.

“SaMooha’s founding hypothesis was that the latest frontiers in data and AI would be built on a foundation of secure data sharing and collaboration,” Sivaramakrishnan said in an emailed statement. “Samooha joining Snowflake strengthens Snowflake’s ability to enable enterprises to collaborate in a seamless manner, with data governance, privacy, and security at its core. Companies and businesses such as media platforms can now build a powerful edge of value exchange and connectivity across their ecosystems of partners and customers.”

Investing in data clean room technology could be a beneficial decision for Snowflake. Continue to exceed Investor expectations, as a side note, in the long term. according to According to Gartner, 80% of advertisers spending more than $1 billion annually on media will use data clean rooms by the end of the year for applications such as analytics, measuring campaign results, and facilitating data integration. Probably.another poll published In early 2023, 29% of U.S. marketers suggested they would place more emphasis on data clean rooms this year compared to 2022, but given Snowflake’s interest, this prediction is certainly not impossible. there is no.

Source: techcrunch.com

Meta threatened to delete sensitive data if underage users claim to have been exposed to predatory individuals, according to Attorney General.

Posted on by
Reply

New court filings say Meta has stolen sensitive data from test accounts mentioned in a New Mexico bombshell lawsuit that alleges underage Facebook and Instagram users are exposed to child predators. “He threatened to delete it,” he said.

New Mexico Attorney General Raul Torrez said in a Monday filing that Meta had “deactivated” several test accounts used by law enforcement to investigate the popular app.

According to the filing, Torrez will restrain Meta from deleting “any information related to the accounts referenced in the complaint or any information related to any account on which Meta has taken action based on the information in the complaint.” They are seeking a court order.

“The state filed this motion seeking an order requiring Meta to comply with its data retention obligations under New Mexico law,” the filing states.

The attorneys also cited New Mexico court precedent against destroying relevant evidence.

New Mexico Attorney General Raul Torrez said Meta had “deactivated” several test accounts used by law enforcement to investigate Instagram and Facebook. AP

Amazing lawsuit filed last weekAccording to , the test accounts used AI-generated photos that allegedly depicted children under the age of 14, and contained adult-oriented sexual content and content, including “genital photos and videos” and six offers. He said he was bombarded with unpleasant messages from alleged child predators. Pay to appear in porn videos.

Meta subsequently disabled these accounts. This allegedly hindered the ongoing investigation by denying authorities access to critical information “including the usernames of accounts with which investigators interacted, as well as search history and other information about those accounts.” That’s what it means.

It is unclear whether Meta has shut down the Facebook and Instagram accounts of the alleged child offenders.

Meta has been accused by the New Mexico AG’s office of failing to protect underage users. AFP (via Getty Images)

“Of course, we store data in accordance with our legal obligations,” a Meta spokesperson said.

Torres’ office did not comment on Monday’s filing.

In New Mexico, a test account called “Issa Bee” claiming to be a 13-year-old girl living in Albuquerque had more than 6,700 followers on Facebook, most of whom were “males between the ages of 18 and 40.” ” he claimed. -age.

The account has received several disturbing sexual offers, including one from an adult user who allegedly “openly promised $5,000 a week to be his ‘sugar baby’.” was.

According to the state, Meta notified the company on December 7, the day after the lawsuit was filed, that it would disable the test account.

The social media giant said: “Even though the account in question had been operating for several months without any action by Meta, and law enforcement had previously reported unlawful and unlawful content to Meta through reporting channels. Despite this, the company took this action, the filing states.

When the investigator tried to log in, he received a message warning that his account had been “deactivated.”

The message states that you have 30 days to request a review before your account is “permanently disabled.”

State attorneys contacted them the same day and asked for confirmation that Meta would “preserve all data” associated with the account, according to the filing.

Meta’s lawyers reportedly responded that the company “takes reasonable steps to identify the accounts referred to in the complaint and preserve relevant data and information regarding those accounts once identified.”

The state said Meta did not respond to requests for details about what data from accounts it deemed “relevant” and what data it would not keep.

“Given Meta’s refusal to preserve ‘all data’ related to the accounts mentioned in the complaint, a court order is required to preserve this important evidence for trial.” is stated in the submitted documents.

In October, a group of 33 state agencies sued Meta for targeting young users. Getty Images/iStockphoto

Meta CEO Mark Zuckerberg has been named as a defendant in a New Mexico lawsuit.

State officials allege that Mr. Zuckerberg’s product design decisions played a key role in putting underage users at risk.

Meta has not yet responded specifically to the lawsuit’s allegations.

“We use advanced technology, employ child safety experts, report content to the National Center for Missing and Exploited Children, and communicate information and tools with other companies and law enforcement agencies, including state attorneys general. to help root out looters,” Mehta said. Statement to the Wall Street Journal after the lawsuit was filed.

Meta CEO Mark Zuckerberg has been named as a defendant in a New Mexico lawsuit. AP

The New Mexico lawsuit is separate from a larger lawsuit filed by 33 state attorneys general in October.

The states allege that Meta intentionally made the app addictive to trap young users and collected personal data from underage users in violation of federal law.

Mr Mehta has denied any wrongdoing.

Source: nypost.com

23andMe reports that hackers gained access to ‘significant’ data concerning users’ genealogy

Posted on by
Reply

Genetic testing company 23andMe announced Friday that hackers gained access to approximately 14,000 customer accounts in its recent data breach.

In a new filing with the U.S. Securities and Exchange Commission The company announced Friday that based on an investigation into the incident, it determined that the hackers had accessed 0.1% of its customer base. According to the company’s latest annual earnings report.23andMe has “more than 14 million customers worldwide,” so 0.1% is about 14,000 people.

However, the company also said that by accessing these accounts, the hackers were able to access “substantial data, including profile information about other users’ ancestry, that other users choose to share when opting in to 23andMe’s DNA kinship feature.” He said he also had access to several files.

The company did not say what those “significant” files were or how many “other users” were affected.

23andMe did not immediately respond to a request for comment that included questions about these numbers.

In early October, 23andMe disclosed an incident in which hackers used a common technique known as “credential stuffing” to steal the data of some users. In this method, a cybercriminal hacks into a victim’s account using a known password, possibly compromised by another password data breach. service.

However, the damage was not limited to the customers whose accounts were accessed. 23andMe allows users to opt in to the following features: dna relatives. If you opt in to that feature, 23andMe will share some of your information with other users. This means that by accessing her single victim’s account, the hacker was also able to see the personal data of people related to that first victim.

23andMe said in its filing that for its first 14,000 users, the stolen data “generally includes ancestry information, and for a subset of those accounts health information based on users’ genetics.” It contained relevant information.” For some other users, 23andMe said only that the hackers stole “profile information” and posted “certain information” online that was unspecified.

TechCrunch analyzed the set of stolen data released by comparing it to known public genealogy records, including websites published by hobbyists and genealogists. Although the data set was in a different format, it contained some of the same unique user and genetic information that matched genealogy records published online many years ago.

The owner of a genealogy website whose relatives’ information was partially exposed in the 23andMe data breach told TechCrunch that there are about 5,000 relatives discovered through 23andMe, and our “correlation shows that That may be something to consider.”

data breach news surfaced online In October, hackers promoted suspected data on 1 million Ashkenazi Jewish users and 100,000 Chinese users on a popular hacking forum. About two weeks later, the same hacker who first advertised his stolen user data, he also advertised what was claimed to be a record of 4 million people. The hacker was trying to sell each victim’s data for anything from $1 to $10.

TechCrunch discovered that another hacker was promoting more allegedly stolen user data on a separate hacking forum two months before the ad first reported by news outlets in October. In the first ad, the hacker claimed he had stolen 300 terabytes of data from 23andMe users, and if he wanted to sell the entire database he would get $50 million, or for a subset of the data he would get $1,000. He asked for $10,000.

Following the data breach, 23andMe on October 10 forced users to reset and change their passwords and encouraged them to enable multi-factor authentication. And on Nov. 6, the company required all users to use two-step verification, according to a new filing.

After the 23andMe breach, other DNA testing companies Ancestry and MyHeritage began requiring two-factor authentication.

Source: techcrunch.com

McLaren Healthcare discloses ransomware attack resulting in 2.2 million patient data theft

Posted on by
Reply

Michigan-based McLaren Healthcare has confirmed that the sensitive personal and health information of 2.2 million patients was compromised in a cyberattack earlier this year. Later, a ransomware gang took credit for the cyberattack.

in New Data Breach Notification McLaren said in a filing with the Maine attorney general that hackers breached its systems over a three-week period from July 28 to Aug. 23, before the health care company noticed it a week later on Aug. 31. He said that he had done so.

According to McLaren, the hackers accessed a wealth of medical information, including patients’ names, dates of birth, and social security numbers, as well as invoices, billing and diagnostic information, prescription and drug details, and information about diagnostic results and treatments. It is said that he did. Medicare and Medicaid patient information was also collected.

McLaren is a healthcare provider with 13 hospitals in Michigan and approximately 28,000 employees. McLaren, which touts cost-efficiency efforts on its website, made more than $6 billion in revenue in 2022.

News of the incident broke in October when the Alphv ransomware group (also known as BlackCat) claimed responsibility for the cyberattack, claiming that millions of patients’ personal information was stolen. day to day after a cyber attack Michigan Attorney General Dana Nessel warned residents that the breach “could potentially impact a large number of patients.”

TechCrunch has reviewed several screenshots posted by ransomware gangs on dark web leak sites, which show the company’s password manager, internal financial statements, some employee information, and patient-related information such as names, addresses, and phone numbers. Confirmed that it showed access to spreadsheets of personal and health information. , social security number, and diagnostic information.

Alphv/BlackCat claimed in the post that the gang had been in contact with McLaren representatives, but provided no evidence of this.

Contacted via email, McLaren spokesperson David Jones declined to comment beyond the company’s official statement or answer our questions about the incident. A spokesperson declined to say whether the company had received any payment requests or paid the hackers. McLaren’s chief information security officer, George Goble, declined to make him available for an interview.

What McLaren is currently facing is At least 3 class action lawsuits In connection with cyber attacks.

Source: techcrunch.com