Complaint filed against OpenAI for alleged GDPR violations

A privacy and security researcher from Poland filed a complaint with Poland’s data protection authority against OpenAI for allegedly violating several articles of the General Data Protection Regulation. The complaint mentions that the company’s generative AI-based chatbot ChatGPT violates the EU GDPR in several dimensions like privacy by design, data access rights, and transparency. Read more

Hackers create Signal Imposter for surveillance

An imposter to private messenger application, Signal found its way into Google’s Play Store and Samsung’s Galaxy store and is reportedly linked to Chinese hackers. The fake version, Signal Plus Messenger, functions similarly to the original app and is intended to spy on user communications through the real app. The fake application was removed from Google Play. Read more

PurFoods’ data breach affected the financial, personal, and medical data of 1.2M customers

PurFoods, a US food delivery service, disclosed details of a potential breach that affected the personal, medical, and financial information of more than 1.2 million people. Reports suggest that the data might have included the customers’ names, payment card numbers, security codes, passwords, and Social Security Numbers. A statement from the company read that no evidence of misusing the personal information had been found. Read more

NOYB accuses Fitbit of GDPR violations

NOYB, the privacy advocacy group, filed complaints against Google’s Fitbit in Italy, Austria, and the Netherlands for violating the EU GDPR. The complaint from the digital rights group alleges that the users are forced to give consent for data transfers outside the EU, and no provision was provided for them to withdraw their consent. NOYB wants Fitbit to allow the applications’ use without having to give consent for data transfers. Read more

Medical records from ransomware attacks found on the dark web

Medical records reportedly extracted from the recent ransomware attack on Prospect Medical Holdings are put on sale on the dark web. The attack on August 3rd disrupted 17 hospitals and 166 outpatient clinics of the health system. Rhysida dark leak site, last week, claimed to be responsible for the attack. The sale notification also included an auction announcement of data comprising more than 500 million passport details, social security numbers, patient records, and driver’s licenses. Read more