US college Michigan State University (MSU) has revealed that it was affected by data breaches at National Student Clearinghouse (NSC) and Teachers Insurance and Annuity Association of America (TIAA) as a result of the recent large-scale hack targeting the MOVEit file transfer application. In response, NSC and TIAA will be providing MSU with a list of students and retirees who may have been impacted by the breaches. NSC has created a webpage for students seeking more information, while TIAA’s partner, Pension Benefit Information, has also set up a similar site for retirees. Attorney General Dana Nessel has urged anyone concerned about their personal information to contact the consumer protection team in her office.
Amid increased scrutiny of its data privacy practices, popular videoconferencing software Zoom has backtracked on recent changes to its terms of service. In March, Zoom quietly updated its terms to state that it had the rights to users’ video, audio, and chat data for its artificial intelligence (AI) programs. This led to widespread concerns and criticism from users, with some comparing Zoom’s actions to those of “dystopian overlords.” In response to the backlash, Zoom has revised its terms to state that it will not use customer content to train its AI models without user consent. Despite this, legal experts argue that this shift is merely an attempt to appease the public and does not address the underlying data privacy concerns.
Police Service of Northern Ireland (PSNI) recently announced that the personal data of all 10,000 serving officers and staff had been accidentally leaked. The breach occurred when an employee mistakenly included detailed personal information in response to a public freedom of information (FoI) request. The spreadsheet containing officers’ names, ranks, and locations was published on a public FoI website before being taken down. It is unclear how many people accessed the data during the two-and-a-half hour window before it was removed. The leak is particularly concerning given the ongoing threat of violence targeted at Northern Ireland police due to conflicts over British rule in the region.
This breach comes just a day after a cyberattack on the UK Electoral Commission, raising questions about the effectiveness of cybersecurity measures in the country. Information Commissioner John Edwards has stated that it is too early to discuss penalties and that it is essential to allow PSNI to conduct its investigation before taking further action. The leak may have severe consequences for officers working with the UK’s security service MI5, as some might have to change jobs or relocate in order to protect themselves from the fallout of the breach. Officers stationed at MI5’s Northern Irish headquarters could be forced to leave their positions, as their roles were previously confidential.
In addition to the data leak, a PSNI-issued laptop and documents containing personal information on officers and staff were also stolen last month. This incident is currently under investigation by the police, and the Information Commissioner’s office has been informed.
The Russian government has launched a renewed campaign against virtual private networks (VPNs), which allow users to maintain privacy and bypass state-imposed censorship. Despite being illegal in Russia since 2017, VPNs remain popular as they enable users to access unbiased international news sources. In response, Russian authorities have increased efforts to disrupt citizens’ access to VPNs, rendering many of the most popular ones unusable in certain regions. The Russian state has also launched a public information campaign, attempting to discourage citizens from using VPNs by claiming they put personal data at risk.
Finnish and Norwegian regulators have warned that data transfers to Russia may violate privacy regulations. Ride-hailing service Yango, owned by “the Russian Google” Yandex, has been specifically instructed to cease transferring customer data to Russia. This issue raises concerns about the accessibility of data collected by Yandex to Russia’s intelligence agency, FSB. Yandex has denied any improper data handling practices and has stated that it complies with all applicable laws and regulations.