At a glance.
- Australian energy provider experiences data breach.
- WhatsApp clone spies on Indian users.
- Texas AG hits Google with data privacy lawsuit.
Australian energy provider experiences data breach.
Cybercriminals continue to pummel Australia with cyberattacks, and EnergyAustralia has become the latest victim to suffer a customer data breach. The electricity company on Friday disclosed that over three hundred residential and small business customers had been impacted in the incident, the result of an intruder gaining unauthorized access to the MyAccount customer portal in September. The Guardian reports that the potentially compromised data include customer names, street addresses, email addresses, phone number, electricity and gas bills, and the first six and last three digits of their payment card numbers. “There is no evidence that customer information was transferred outside EnergyAustralia’s systems, and importantly, identification documentation, such as driver’s licences or passports, and banking information, are not stored on My Account,” EnergyAustralia stated. In response, the company will now require customers to reset their passwords, increasing the number of required characters from eight to twelve. As 7NEWS notes, the attack comes amidst a surge of data breaches in Australia, starting with the massive ransomware attack of telco giant Optus, the second-largest mobile provider in the country.
WhatsApp clone spies on Indian users.
Inventiva reports that a clone of leading messaging app WhatsApp has been monitoring users and recording their data. The Facebook-owned platform is one of the most popular apps in India, with 400 million users in the country. The unauthorized third-party clone, called GB WhatsApp, allows users some of the functions of the real thing, but according to researchers at ESET, it is also spying on users’ conversations and has the ability to record video and audio. Because such clones are not offered at the Google Play store, they are not monitored for security protocols, leaving users at the mercy of the app developers.
Texas AG hits Google with data privacy lawsuit.
On Thursday, Texas Attorney General Ken Paxton activated the state’s biometric privacy law, which has remained mostly dormant since its establishment in 2009, to bring a suit against tech giant Google. Paxton alleges that Google’s data practices violate the 2009 Capture or Use of Biometric Identifier (CUBI) Act, which states that users must be informed if records of their biometric identifiers are being captured and stored. The Record by Recorded Future explains that Google uses a facial recognition system to identify individuals depicted in Google Photos, and also employs face matching and voice recognition in its Nest smart home devices. The suit states, “Google records—without consent—friends, children, grandparents, and guests who stop by, and then stores their voiceprints indefinitely…Ultimately, Google has turned Texans’ desire to take, store, and share photos and videos into a testing ground for AI and other products in its ever-growing, advertising-revenue stream. And, Google has enlisted the friends and family members of those Texans as non-consenting, unknowing participants in Google’s scheme.” The suit could cost Google a pretty penny, as CUBI authorizes penalties of up to $25,000 per violation. Paxton is also seeking an injunction barring Google from collecting or maintaining biometric data in Texas without appropriate consent.
Google spokesperson José Castañeda said the Attorney General was “once again mischaracterizing” the company’s products, noting that the facial recognition feature is visible only to users of that account and can be deactivated by the user, He added that Google doesn’t use the content for advertising purposes. The case highlights the important role states can play in keeping tech giants’ customer data practices in check, an area in which federal lawmakers have struggled. In addition to Texas, states like California, New York, and Illinois have also used their influential economies and large populations to bolster their impact in tech regulation, setting standards when federal bodies have come up short. Electronic Frontier Foundation senior attorney Adam Schwartz told The Record, “States are leading the effort to protect biometric privacy, because Congress has failed to do so.”