jm + pii   7

cryptoshredding
A way to handle immutable blockchains and GDPR: "have an encryption key for each user (stored outside of this ledger) and encrypt all PII with that key. Throw away the key if the user wants you to delete their data."
pii  gdpr  privacy  data-protection  crypto  cryptoshredding  deletion  coding 
18 days ago by jm
Data Protection Mishap Leaves 55M Philippine Voters at Risk
Every registered voter in the Philippines is now susceptible to fraud and other risks after a massive data breach leaked the entire database of the Philippines’ Commission on Elections (COMELEC). While initial reports have downplayed the impact of the leak, our investigations showed a huge number of sensitive personally identifiable information (PII)–including passport information and fingerprint data–were included in the data dump. [....]

Based on our investigation, the data dumps include 1.3 million records of overseas Filipino voters, which included passport numbers and expiry dates. What is alarming is that this crucial data is just in plain text and accessible to everyone. Interestingly, we also found a whopping 15.8 million record of fingerprints and a list of people running for office since the 2010 elections.

In addition, among the data leaked were files on all candidates running on the election with the filename VOTESOBTAINED. Based on the filename, it reflects the number of votes obtained by the candidate. Currently, all VOTESOBTAINED file are set to have NULL as figure.

fingerprints  biometrics  philippines  authentication  data-dumps  security  hacks  comelec  e-voting  pii  passports  voting 
april 2016 by jm
User data plundering by Android and iOS apps is as rampant as you suspected
An app from Drugs.com, meanwhile, sent the medical search terms "herpes" and "interferon" to five domains, including doubleclick.net, googlesyndication.com, intellitxt.com, quantserve.com, and scorecardresearch.com, although those domains didn't receive other personal information.
privacy  security  google  tracking  mobile  phones  search  pii 
november 2015 by jm
Epsilon Interactive breach the Fukushima of the Email Industry (CAUCE)
Upon gaining access to an ESP, the criminals then steal subscriber data (PII such as names, addresses, telephone numbers and email addresses, and in one case, Vehicle Identification Numbers). They then use ESPs’ mailing facility to send spam; to monetize their illicit acquisition, the criminals have spammed ads for fake Adobe Acrobat and Skype software.

On March 30, the Epsilon Interactive division of Alliance Data Marketing (ADS on NASDAQ) suffered a massive breach that upped the ante, substantially.  Email lists of at least eight financial institutions were stolen. 

Thus far, puzzlingly, Epsilon has refused to release the names  of compromised clients. [...] The obvious issue at hand is the ability of the thieves to now undertake targeted spear-phishing problem as critically serious as it could possibly be.
cauce  epsilon-interactive  esp  email  pii  data-protection  spear-phishing  phishing  identity-theft  security  ads 
march 2015 by jm
Apple Pay suffering fraud problems
Fraud in Apple Pay will in time, come to be managed – but the fact that easily available PII can waylay best in class protection should give us all pause.
fraud  apple  apple-pay  pii  identity-theft 
january 2015 by jm
ACS Law, MediaCAT ruling could kill the [UK Digital Economy Act]
'offenders must be identified by their IP address. In his judgement, Birss cast doubt on the accuracy with which this link could be made, due to the problem of unauthorised users gaining access to a unsecured networks.' wow, the judgement that keeps on giving
ip-addresses  pii  privacy  torrents  acs-law  dea  uk  law  from delicious
february 2011 by jm
P2P investigations now illegal in Switzerland
'The country's Federal Data Protection and Information Commissioner, Hanspeter Thür, took Logistep to court and this week won a major victory. The Federal Supreme Court ruled that IP addresses are in fact personal information and that companies like Logistep can't go about slurping them up for mere civil cases like file-swapping lawsuits. Logistep must cease all current copyright infringement data collection.'
p2p  privacy  ip-addresses  pii  logistep  switzerland  piracy  from delicious
september 2010 by jm

Copy this bookmark:



description:


tags: