The Data Privacy Digest is Californians for Consumer Privacy's weekly round-up of relevant consumer data privacy news. You may subscribe here.
This week, giant corporations continue to show little shame for routinely invading consumers’ privacy. Amazon employees reportedly have access to the intimate data of Alexa users, including home addresses. Facebook announced they expect to face the largest ever civil fine for user privacy and data breaches – followed by a market value boost of $36 billion. Highly sensitive health records of millions of consumers were breached, and it turns out all these breaches have also made Nest home surveillance systems easy for hackers to get into. We’re thinking the power to take back control of our personal information can’t come soon enough.
It’s time for this week’s Data Privacy Digest:
Amazon’s Alexa Team Can Access Users’ Home Addresses
“An Amazon.com Inc. team auditing Alexa users’ commands has access to location data and can, in some cases, easily find a customer’s home address, according to five employees familiar with the program.
While there’s no indication Amazon employees with access to the data have attempted to track down individual users, two members of the Alexa team expressed concern to Bloomberg that Amazon was granting unnecessarily broad access to customer data that would make it easy to identify a device’s owner.
In a new statement responding to this story, Amazon said “access to internal tools is highly controlled, and is only granted to a limited number of employees who require these tools to train and improve the service by processing an extremely small sample of interactions. Our policies strictly prohibit employee access to or use of customer data for any other reason, and we have a zero tolerance policy for abuse of our systems. We regularly audit employee access to internal tools and limit access whenever and wherever possible.”
Facebook Experts to Face Largest Ever Civil Fine for User Privacy and Data Breaches
“Facebook warned investors Wednesday it expects to face the largest ever civil penalty imposed by the Federal Trade Commission on a tech company for its mishandling of user data, a privacy breach that could cost the social media giant as much as $5 billion. The final number is still yet to be determined, but the company said in its first quarter earnings report it had set aside $3 billion in anticipation of a settlement with the FTC. The statement amounted to Facebook’s first public admission that it expects to face a game-changing fine, one that could reset the regulatory framework of Silicon Valley, which has increasingly come under scrutiny from lawmakers following revelations about data breaches to Cambridge Analytica during the 2016 election.”
NBC News reporter Scott Budman: “Facebook yesterday: Sets aside $3 billion for likely FTC fine on privacy violations. Investors this morning: Boost Facebook market value by $36 billion.”
Patient names, treatments leak among millions of rehab records
“It's some of the most sensitive medical information a person could have. Records for potentially tens of thousands of patients seeking treatment at several addiction rehabilitation centers were exposed in an unsecured online database, an independent researcher revealed Friday.
The 4.91 million records included patients' names, as well as details of the treatments they received, according to Justin Paine, the researcher. Each patient had multiple records in the database, and Paine estimates that the records may cover about 145,000 patients.
Paine notified the main treatment center, as well as the website hosting company, when he discovered the database. The data has since been made unavailable to the public. Paine found the data by typing keywords into the Shodan search engine that indexes servers and other devices that connect to the internet.”
How Nest, designed to keep intruders out of people’s homes, effectively allowed hackers to get in
“Software designed to help people break into websites and devices has gotten so easy to use that it’s practically child’s play, and many companies, including Nest, have effectively chosen to let some hackers slip through the cracks rather than impose an array of inconvenient countermeasures that could detract from their users’ experience and ultimately alienate their customers.”
Why is this easy? There have been so many massive data breaches by other companies that result in usernames and passwords floating around – and people reuse passwords.