Data in the News – July 2020
At least 39 different organizations hold personal data of the average UK citizen, providing a wide-range of opportunities for hackers to access sensitive information. This is according to Nomidio’s State of Identity 2020 Analysis, which also found that almost a quarter of Brits are unaware of how many organizations hold their personal data.
This growing attack surface has led to a 67% increase in major data breaches since 2014. The problem is exacerbated by the fact that over half (53%) of the UK population use the same password to access multiple accounts.
Unsurprisingly therefore, 77% of those surveyed in Nomidio’s study said they feel vulnerable about multiple organizations holding their data.
The number of businesses, charities and public sector organizations holding personal information is also expected to grow in the wake of the COVID-19 pandemic, with an estimated 3.5 million people believed to have accessed digital services for the first time in the UK during lockdown in areas such as banking and shopping.
The findings suggest a new approach to digital identity is required.
Facebook says it mistakenly let 5,000 developers gather information from people's profiles after a time limit on their rights had expired.
Apps on Facebook are supposed to be prevented from accessing people's personal data if the app has not been used for 90 days. But Facebook said that lock-out had not always worked due to a flaw in how it recorded inactivity. "We fixed the issue the day after we found it," the company said. Facebook has not stated how many users had their personal data scraped.
The data breach at the MGM Resorts hotels took place in summer last year occurred when a hacker broke through the hotel's cloud servers and got access to the data containing information of people who, in the past, had stayed at MGM Resorts hotels.
A revelation of a data breach reported earlier in February this year that said to have affected 10.6 million guests of the MGM Resorts now seems to be just the tip of an iceberg. A hacker has put an ad on a dark web cybercrime marketplace offering to sell the details of as many as 142 million guests of the MGM Resorts hotels. As per a report by ZDNet, the hacker has offered to sell the huge data set for a whopping USD 2,900.
ZDNet report further said that the details of a total of 142,479,937 MGM hotel guests have been offered to potential buyers of the dark web. The hacker has got access to MGM Resorts hotel’s data after they could successfully penetrate into a data leak monitoring service DataViper run by Night Lion Security.
This guidance provides advice for organisations and small businesses that are asked by government to collect and retain customer and visitor information, for a limited time period, for the purposes of a COVID-19 contact tracing scheme.
This guidance is designed for those who have limited experience of collecting and retaining personal data for business purposes.
The UK’s three main political parties are collecting personal data on voters, but much of it is wrong and its use may fall foul of data protection laws.
The UK’s political parties are collecting personal data to create profiles on voters that include attempts to deduce sensitive data such as their religion, political opinions, nationality and income.
Subject access requests made by voters show that the parties obtain data from commercial data brokers and combine it with the electoral register and data gathered from canvassing to build profiles on voters that often contain sensitive personal information.
The Open Rights Group (ORG), which co-ordinated the research, said political parties exploit a legal grey area in data protection law by buying commercial data, processing “special category data” and profiling and inferring their political opinions.
“This leaves most voters in the dark about what political parties do with their personal data,” said Pascal Crowe, the ORG’s data and democracy project officer. “These practices have the potential to seriously undermine trust in the democratic process and damage its integrity.”