At a glance.
- Privacy and proctoring.
- UMass Memorial Health data breach.
- Chaos gang goes after Minecraft players.
- Data broker acknowledges collection without proper permission.
Privacy and remote learning.
The pandemic and resultant reliance on virtual learning heightened the need for digital monitoring of student activities on the web, and though schools have returned to in-person instruction, surveillance platforms are still being employed to prevent students from accessing inappropriate content on school-owned devices. Bloomberg explains that Silicon Valley’s influence over the education sector has been on the rise ever since Obama’s 2013 ConnectEd initiative put school-owned devices into the hands of students across the country. Now, in addition to monitoring and website filtering software, companies like GoGuardian offer artificial intelligence services that analyze online behavior to determine if students are at risk of hurting themselves or others. While some parents and privacy advocates see the software as an invasion, school administrators have not slowed down. With contracts with the education departments of Delaware and West Virginia as well as New York City, GoGuardian’s controversial services could impact up to 23 million students.
Massachusetts health network suffers data breach.
UMass Memorial Health has disclosed that the healthcare network, located in the state of Massachusetts, was hit by a data breach. Security Week reports that an intruder gained unauthorized access to the network’s employee email system, potentially compromising Social Security numbers, insurance information, and medical data of over 200,000 patients. According to Telegram & Gazette, a notice sent to impacted individuals explained, "To help prevent something like this from happening in the future, we have reinforced education with our staff regarding how to identify and avoid suspicious emails and are making additional security enhancements to our email environment, including enabling multifactor authentication.”
Chaos hackers troll Minecraft players.
The Chaos ransomware group is targeting gamers by using the promise of fake Minecraft alt-lists as bait, Bleeping Computer reports. The threat actors are advertising the alt-lists, often used by Minecraft players looking to hijack stolen accounts in order to troll other players without punishment, on Japanese gaming forums. When the victim attempts to access the list, ransomware encrypts their files, leaving a ransom note demanding 2,000 yen (about $17.56) in pre-paid cards. This Chaos strain is particularly destructive, injecting files larger than 2MB with random bytes that render them irretrievable regardless of whether the victim pays up.
Huq acknowledges, corrects, data collection without proper permission.
Huq, a British data collection firm that sells mobile phone location data, has disclosed to BBC News that at least two of its app partners gathered user data without obtaining consent. Huq’s clients include dozens of English and Scottish city councils seeking to collect data on their constituents. Though Huq has rectified the situation with the apps in question and says they’re taking the issue very seriously, the firm admitted that it’s possible other app partners might have permissions issues as well. Indeed, app privacy monitoring firm AppCensus analysed several of the apps working with Huq, and AppCensus co-founder Joel Reardon assessed, "Looking across a dozen or so apps that include Huq, I've noticed large variations in how users are given notice of how their GPS location tracker, along with information about their home wi-fi router, is being collected.” The Danish data authority is investigating whether there is "a legal basis" for Huq’s data processing policies.