At a glance.
- Shiny Hunters post more stolen records.
- Contact tracing as a slippery slope to surveillance?
- US Marshals Service breach exposes prisoners' personal details.
- Report: celebrity law firm may have been breached.
Shiny Hunters post more stolen records.
The Shiny Hunters gang has continued to post stolen data for sale on the dark web, according to BleepingComputer. The databases so far on offer contain 73.2 million user records stolen from eleven different companies. More are probably on the way. The companies whose data have so far been exposed include Tokopedia, Homechef, Bhinneka, Minted, Styleshare, Ggumim, Mindful, StarTribune, ChatBooks, The Chronicle Of Higher Education, and Zoosk.
Suspicions of a contact-tracing slippery slope.
An essay in Foreign Policy describes how Germany's push to deploy a contact-tracing app has flagged. A symptom-tracking app produced by the Robert Koch Institute achieved gratifyingly high rates of initial voluntary adoption before falling from favor after researchers belonging to the Chaos Computer Club (an association of independent researchers) reported that the app ran large quantities of private data through centralized servers and data repositories.
The German-led Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) initiative was also initially well-received, but it too fell out of favor after a mid-April open letter from a group of scientists and researchers made a general criticism of contact-tracing apps and their susceptibility to mission creep against the background of European privacy rules. The current position is to default to decentralized exposure notification systems like those jointly developed by Apple and Google.
Thus there's a dilemma: the original, domestic systems touched national sensitivities about surveillance grounded in the experience of both the National Socialist period and the more recent East German Communist system of social control by the Stasi. And defaulting to Apple and Google is seen by many as handing tech leadership over to foreign companies.
There's also a sense that the success stories circulated about automated contact tracing in Singapore and South Korea may have been overstated. Singapore, for one, has found that voluntary adoption rates have been too low for effectiveness. The country will move to a more directive system tomorrow, when, according to ZDNet, a check-in system will become mandatory for access to locations "including workplaces, schools, supermarkets, and healthcare facilities." Australia's contact-tracing app, based on the system piloted by Singapore, has also, the Sydney Morning Herald reports, failed to achieve desired rates of adoption. Privacy advocates continue to warn against the app's implications.
US Marshals Service breached.
A breach of a US Marshals Service "public-facing server" exposed personal data about prisoners who were or had been in the Marshals' custody, TechCrunch reports. A letter from the Justice Department to the Marshals Service indicated that the exposed data included prisoners' address, date of birth and Social Security number. There's no information available about how the server was compromised.
Ransomware attack at celebrity law firm exposes clients' documents.
BleepingComputer reports that New York-based Grubman Shire Meiselas & Sacks (GSMLaw) has sustained a Sodinokibi ransomware attack and that the gang has threatened to expose documents containing information about the law firm's celebrity clients, including contracts, phone numbers, email addresses, personal correspondence, and non-disclosure agreements. To show that they actually had some of the material they claim to have exfiltrated, the gang posted "snippets" of some of the stolen documents.