At a glance.
- Data breach at California State Bar.
- Pegasus and India's data privacy laws.
- VPN user data leaked on Telegram.
Inadvertent data leak at the California State Bar.
The State Bar of the US state of California has disclosed that over 322,000 confidential attorney discipline records were exposed when the data was erroneously published on public records aggregator Judyrecords as the result of a bug in the State Bar’s case management system. The organization has begun notifying the 1,300 complainants, witnesses, or respondents who were compromised. “The State Bar is committed to transparency, and maintaining the public’s trust in our agency is paramount,” State Bar Executive Director Leah Wilson stated. The San Diego Union-Tribune reports that the vulnerability has been fixed and access to public State Bar records has been restored.
Pegasus and the state of India’s data privacy laws.
Although Spain has been the country recently making headlines in connection to NSO Group's Pegasus spyware, the Register describes the ongoing privacy debate stirred by Pegasus in another country: India. More than three hundred Indian residents, including politicians, activists, and officers of the Tibetan government in exile, appeared on the list of 50,000 alleged Pegasus targets released by Amnesty International and French journalism advocacy organization Forbidden Stories last year. News sources report that Prime Minister Narendra Modi allegedly purchased Pegasus in 2017, but the Indian government has neither confirmed nor denied the acquisition or use of the spyware. Last October India's Supreme Court launched an investigation into the possible abuse of the surveillance software, and the incident has sparked a wider debate over data privacy in India.
In 2017, India’s Supreme Court declared privacy a fundamental right, but the court clarified that a person’s right to privacy could be overridden by lawful interception from the state. The Indian Telegraph Act and Information Technology Act do allow for lawful interception, but were written long before spyware was even a consideration. Sections 43 and Section 66 criminalize cybercrime and the theft of computer resources. Anushka Jain, a lawyer for New Delhi-based digital liberties organization Internet Freedom Foundation, explains, "The Information Technology Act says that hacking is illegal, and Pegasus is essentially hacking because it takes over the entire phone…However, that is a very broad interpretation of that provision, because that is describing hacking of a computer system, and [Indian law doesn't have] any provisions for technology such as Pegasus." The Personal Data Protection Bill, 2019 is currently being debated to address this loophole, but has garnered international criticism because it could exempt the government from data protection regulations. India’s Software Freedom Law Center stated on social media, “The fight for stronger digital rights continues and has taken a sharper turn in the wake of the Pegasus scandal, lack of due stakeholder consultations, and bypassing legislative scrutiny to introduce unfettered technical solutions.”
VPN user data leaked on Telegram.
A Telegram user has dumped the data of 21 million users of several VPNs including GeckoVPN, SuperVPN, and ChatVPN, vpnMentor reports. The data, which includes email addresses, full names, usernames, hashed passwords, and billing details, was initially posted for sale on an underground marketplace in 2021, but has now been offered up for free on the social media platform. Users are being urged to change their VPN account passwords and be on the alert for suspicious SMS messages or emails.