This Week's InfoSec Newsletter - Nov. 4

Nov 4, 2021 10:00:00 AM | Weekly Report This Week's InfoSec Newsletter - Nov. 4

The world just can't get enough of your face.

From Sydney to Menlo Park, it's got company's changing their names and governments slapping wrists. What's all the fuss about, and what do all these changes mean for you? Let's get into it.

🇬🇧 Party time

The UK's Labour Party announced earlier this week that the personal details of its supporters and 430,000 members were compromised after an alleged ransomware attack on a third-party data provider. In its official statement, the Labour Party made it clear that the attack was "significant", and that investigations are ongoing with the appropriate government agencies. This is as good a reminder as any to always carefully vet your subprocessors.

Read the full story

 

🏥 Invasive procedure

More than 200,000 patients of the UMass Memorial Health hospital system have had their personal data compromised after a slew of cyberattacks against employee email accounts that took place between June 2020 and January 2021. Information potentially accessed includes medical and health insurance records as well as Social Security and driver's license numbers. The extensive delay in disclosing the breach was due to HIPAA restrictions. The hospital has set up a helpline to assist those impacted.

Read the full story

 
👥 To face, or...

Facebook announced yesterday that it is shutting down its facial recognition system and removing over 1 billion scans of its users. The controversial feature introduced in 2010 faced immense societal and regulatory pressure over the years that simply proved to be too much. This is big news for the social network, but what does it mean for the metaverse? Apparently, not much. Facebook's newly-announced parent company Meta will heavily rely on biometrics as it builds a virtual world, and will even retain ownership of Facebook's DeepFace algorithm. Doesn't seem like much of a metamorphosis after all.

Read the full story

 

🇦🇺 ...not to face

Clearview AI, a New York-based facial recognition company that claims to have the world's largest facial scan database, has been ordered by the Australian government to destroy all biometric data it has collected of Australian residents. The Office of the Australian Information Commissioner (OAIC) brought forth this order upon determining that Clearview AI's practices violate Australia's Privacy Act of 1988. The question remains: how many other companies are doing the same thing?

Read the full story

 

Want to receive this newsletter weekly? Subscribe for the latest news on data breaches and privacy legislation.