At a glance.
- Google expels ToTok from the Play store, again.
- 13 million Britons lost data in the Equifax hack.
- Canadian Federal agencies responsible for compromising personal data.
- California's Attorney General offers clarification of key points in the California Consumer Privacy Act (CCPA).
- Improperly configured AWS S3 bucket exposes PhotoSquared user data.
Google gives ToTok a second strike.
ToTok, the messaging app alleged to be laced with spyware installed on behalf of the Emirati government, was quietly removed from Google Play Friday. 9to5Google noticed the disappearance and reached out to Mountain View for clarification. Google did confirm, to TechCrunch, that the company had removed the app, but little additional information was provided, beyond a statement that the removal wasn't an action taken to comply with any external direction or request. This means, TechCrunch observes, that this wasn't a US Government enforcement action, but rather a decision taken by Google itself, probably because of policy violations.
This is the second time ToTok has been kicked out of Google Play. The messaging app was first ejected in December, quietly restored on January 4th, and now it's out again. Android Central has an account of ToTok's history. They note that Apple also removed ToTok from the App Store in December, and that, unlike Google, Apple has never let it back in. ToTok's statement at the time of the December removals put the actions down to a campaign of defamation, and denied that the app behaved improperly.
An appreciation of the Equifax data breach's effect on the UK: 13 million Britons' data lost.
The effects of US credit bureau Equifax's data breach weren't confined to the US. The Times observes that some 13 million people in the UK also had their data stolen. The British concern is the same as that of their US counterparts: the information could be used in the traditional way of intelligence services, to compromise people working in sensitive positions. On February 10th the US Department of Justice announced the indictment of four People's Liberation Army officers on charges of committing the breach, which the US asserts was a cyberattack carefully planned and executed by Chinese intelligence services.
Canadian Federal agencies compromised thousands of individuals' data over the past two years.
The CBC reports that Canada's Office of the Privacy Commissioner responded to an order paper question filed by Conservative MP Dean Allison with an acknowledgement that the Federal government had "mishandled" the personal information of 144 thousand individuals over the last two years. The response also said that the Office of the Privacy Commissioner had found "strong indications of systemic under-reporting" on the part of the agencies. The victims have little recourse beyond filing a complaint with the Privacy Commissioner; the law as it stands doesn't provide for compensation.
A bit more clarity on the California Consumer Privacy Act.
Cooley has a rundown of clarifications California's Attorney General has offered concerning the CCPA. The clarifications cover:
- "Definitions of 'personal information' and other key terms"
- "Privacy policy requirements"
- "Consumer requests"
- "Updated CCPA service provider obligations"
- "Additional recordkeeping requirements"
Unsecured AWS S3 bucket exposes photo app users.
Researchers at vpnMentor found an improperly configured AWS S3 bucket belonging to PhotoSquared, an app available to both Android and iOS users that allows them to upload photos that PhotoSquared converts to lightweight photoboards. The exposed data, which has now been secured, included:
- Users' full name.
- Home or delivery addresses.
- Photos uploaded for editing.
- USPS shipping labels for delivery of photo tiles.
- Order records and order values.