At a glance.
- Report: Internet Society data exposed in the cloud.
- New York privacy laws.
- Guilty plea in WhatsApp spyware case.
Internet Society data left unprotected in cloud storage database.
Researchers at digital security firm Clario report having discovered a data breach impacting American nonprofit advocacy organization the Internet Society (ISOC). An unsecured Microsoft Azure blob repository was found containing millions of files of ISOC member data. It’s unclear how long the database was left unprotected or if it was accessed by intruders, but the compromised data includes full names, login credentials, social media tokens, email and street addresses, and genders. The ISOC was immediately notified and the blob was subsequently secured.
New York employee privacy laws focus on automated decision-making software.
New York city and state lawmakers have passed two new laws regarding employee privacy, and the experts at Cooley offer a breakdown of what this new legislation will entail. The first applies to the use of automated decision-making tools in hiring and promotion decisions. Such software uses machine learning, statistical monitoring, data analytics, or artificial intelligence to screen job candidates or assess current employee performance. In an effort to prevent bias, the law will require employers or employment agencies to complete a bias audit before using such tools and give the applicant or employee the option to request an alternative selection process. The law will come into effect in 2023, and a first violation could result in a civil penalty of up to $500. The second law, which comes into effect this May, will require employers to notify employees of electronic monitoring of their telephone or email communications or internet access or usage.
Suspect pleads guilty to selling WhatsApp hacking tools.
Businessman Carlos Guerrero has pleaded guilty to selling spyware tools capable of hacking communications on messaging platform WhatsApp. Guerrero says the hacking tools were obtained from Italy and Israel and sold to government and private customers in the US and Mexico, including a Mexican mayor looking to tap into the email and social media accounts of a political rival. Guerrero worked as a distributor for an Italian company that is unnamed in the indictment, but TechCrunch reports that it is believed to be Hacking Team, a now-shuttered Milan-based company that developed offensive intrusion tools. Ironically, Hacking Team was hacked itself in 2015, and the attackers published internal emails that included references to Guerrero. Guerrero is also accused of importing spyware developed by Israeli companies to Mexico. Though the identities of the Israeli spyware makers have not been disclosed, NSO Group’s Pegasus has been documented as one of the most active hacking tools used in Mexico. NSO spokesperson Liron Bruck, however, denies any connection to this case: “NSO does not sell to private persons or entities, and [Guerrero] is not associated with our company in any way.”