A California man impersonated an Apple customer support technician in a socially engineered email campaign that stole people's iCloud passwords to break into accounts and collected upwards of 620,000 private photos and videos. Hao Kuo Chi, 40, of La Puente, has agreed to plead guilty to four felonies, including conspiracy to gain unauthorized access to a computer, in a scam that ultimately aimed to steal and share nude images of young women, according to court records and a report by the Los Angeles Times.
A judge in South Carolina has struck out a number of claims in a consolidated class-action suit alleging cloud CRM provider Blackbaud didn't do enough to prevent a 2020 ransomware attack, but allegations under California's Consumer Privacy Act will move forward. US district judge J Michelle Childs said in a 33-page ruling [PDF] that "Blackbaud's alleged registration as a 'data broker' suggests that it is also a 'business' under the CCPA." The firm had previously argued it did not qualify as a "Business" regulated by the CCPA, California's GDPR-ish data privacy regulations that came into effect in July 2020.
The University of California this week confirmed that personal information was stolen in a cyberattack involving the Accellion File Transfer Appliance service. UC initially confirmed impact from the incident in early April, after the operators of Clop ransomware, which orchestrated the attack on Accellion's service, published on their Tor-based leaks website information allegedly stolen from the university and other entities.
The University of California is warning its students and staff that a ransomware group might have stolen and published their personal data and that of hundreds of other schools, government agencies and companies nationwide. A cybersecurity attack targeted a vulnerability in Accellion, a third-party vendor that is used to securely transfer files, the university said in a statement Wednesday.
Civil liberties activists are suing a company that provides facial recognition services to law enforcement agencies and private companies around the world, contending that Clearview AI illegally stockpiled data on 3 billion people without their knowledge or permission. The lawsuit says the company has built "The most dangerous" facial recognition database in the nation, has fielded requests from more than 2,000 law enforcement agencies and private companies, and has amassed a database nearly seven times larger than the FBI's.
SEE: TechRepublic Premium editorial calendar: IT policies, checklists, toolkits, and research for download. The proposition has ardent supporters and detractors on both sides of the online privacy debate, with some saying it was needed to fill loopholes in the landmark California Consumer Privacy Act and others bashing it for not going far enough or reinforcing dangerous practices. Carmen Balber, executive director of Consumer Watchdog, added in another statement that said "Prop 24 enshrines Californians' privacy rights and safeguards them from legislative assault, adds groundbreaking new protections for sensitive information like our race, sexual orientation and location, and creates a European-style privacy agency to protect our rights."
California voters have backed an initiative expanding a data privacy law criticized by rights watchdogs as having worrying "Loopholes" for firms such as Google and Facebook. The California Consumer Privacy Act become law at the start of this year, the toughest of its kind in the US. Like the European Data Protection Regulation, applied in the European Union since May 2018, the California law guarantees rights regarding control of online data.
The Fitbits on our wrists collect our health and fitness data; Apple promises privacy but lots of iPhone apps can still share our personal information; and who really knows what they're agreeing to when a website asks, "Do You Accept All Cookies?" Most people just click "OK" and hope for the best, says former Democratic presidential candidate Andrew Yang. "The amount of data we're giving up is unprecedented in human history," says Yang, who lives in New York but is helping lead the campaign for a data privacy initiative on California's Nov. 3 ballot.
As students head back to the classroom, the spate of ransomware attacks against schools is continuing. The latest is a strike against a California school district that closed down remote learning for 6,000 elementary school students, according to city officials.