Happy Halloween! Whilst everyone’s been running about getting their Instagram snaps in pumpkin patches, pretending they like those autumn spiced lattes (seriously, why are they THAT sweet?), and picking up fun-sized Mars bars for the kids, The Data Lab team have been reading up on true tales of horror … the scariest data stories from across the news.
Here are a few of the most terrifying headlines we’ve seen over the past year …
“Instagram owner Meta fined €405m over handling of teens’ data”
User registration systems at Instagram weren’t what they should have been when the DPC (Data Protection Commission) took a look under the hood. Users aged between the ages of 13-17 were not only allowed to operate business accounts on the platform, but their accounts were also defaulting to “public” view. These accounts showed the users’ phone numbers and email addresses and it was noted that teenagers were not being properly cared for under the brand’s privacy settings.
“UK investigators told to stop mass collection of personal data in rape cases”
Around one in ten rape victims said they had attempted suicide as a result of their assault (1), so it was almost unbelievable when we learned that, following a sexual assault report, one of the first things they were asked to do is fill in a form confirming consent for police and prosecutors to access any information they want. The lack of thought behind the victim’s experience was a low priority.
With victims at risk of being subjected to higher levels of interrogation about their personal information than the suspects they accuse, police were instructed to make changes or face being fined by the UK’s data watchdog.
“Government concerns over China-owned CCTV company embedded in UK”
Chinese state-owned Hikvision has more than 1 million CCTV cameras across the UK – many used by public bodies, including councils across the UK, secondary schools in England, and NHS Trusts. However, the US have already blacklisted the company over its links to “re-education” camps in Xinjiang and the suppression of Uyghur Muslims in northern China.
Parliamentarians have called for “an urgent and fully independent review of surveillance in Britain.”
“Former Uber security chief found guilty of concealing data breach”
Fired from Uber in 2017, Joe Sullivan was found guilty of criminal obstruction for “failing to report a 2016 cybersecurity incident to authorities.” The former security chief not only concealed the breach, but also deliberately took steps to prevent the hackers from being caught. When Uber finally came clean about their findings in 2018, they paid £130million in settlement claims after the breach affected the data of 57 million passengers and drivers.
“Why US women are deleting their period tracking apps”
If you’re using a period tracking app, chances are you have already heard about this one. Period tracking apps have been a helpful addition for people trying to work around their monthly cycle, but this year many have ditched the apps due to concerns about what was being done with their data – especially in America where it was feared it could be used against them in future criminal cases in states where abortion has become illegal.
But is there any base for this concern? Reports suggest yes! It’s not uncommon for tracking apps to store and share some of their user’s data at times. The British Medical Journal (BMJ) published in 2019 that “79% of health apps that were related to medicine, including apps that help manage drugs, adherence, medicines, or prescribing information, regularly shared user data and were “far from transparent”.”(2)
“Hacker leaks phone numbers and email addresses of 5.4 million Twitter accounts”
A bug introduced to the social media giant in 2021 allowed an attacker to build and publish a database of the email addresses and phone numbers of millions of users. The hacker was able to obtain data such as usernames, locations, profile photos, bios and display names. The breach affected the data of 6.7M unique email addresses and spanned across both active and suspended accounts. In August 2022 elaborated in the report and advised that affected users had been notified.
(Thanks to TDL Community member George V for sharing the source of this headline after a call out for scary data stories).
Did we miss any you’d seen? Share them with us in the comments below.
Sources:
(1) – Investigation and prosecution of rape – Report Summary
(2) – Tracking apps statements
Leave a Reply