Mixcloud data breach exposes over 20 million user records

A data breach at Mixcloud, a U.K.-based audio streaming platform, has left more than 20 million user accounts exposed after the data was put on sale on the dark web. The data breach happened earlier in November, according to a dark web seller who supplied a portion of the data to TechCrunch, allowing us to…

European parliament’s NationBuilder contract under investigation by data regulator

Europe’s lead data regulator has issued its first ever sanction of an EU institution — taking enforcement action against the European parliament over its use of US-based digital campaign company, NationBuilder, to process citizens’ voter data ahead of the spring elections. NationBuilder is a veteran of the digital campaign space — indeed, we first covered…

Twitter to add a way to ‘memorialize’ accounts for deceased users before removing inactive ones

Twitter has changed its tune regarding inactive accounts after receiving a lot of user feedback: It will now be developing a way to “memorialize” user accounts for those who have passed away, before proceeding with a plan it confirmed this week to deactivate accounts that are inactive in order to “present more accurate, credible information”…

A 10-point plan to reboot the data industrial complex for the common good

A posthumous manifesto by Giovanni Buttarelli, who until his death this summer was Europe’s chief data protection regulator, seeks to join the dots of surveillance capitalism’s rapacious colonization of human spaces, via increasingly pervasive and intrusive mapping and modelling of our data, with the existential threat posed to life on earth by manmade climate change.…

Microsoft announces changes to cloud contract terms following EU privacy probe

Chalk up another win for European data protection: Microsoft has announced changes to commercial cloud contracts following privacy concerns raised by European Union data protection authorities. The changes to contactual terms will apply globally and to all its commercial customers — whether public or private sector entity, or large or small business, it said today.…

‘Magic: The Gathering’ game maker exposed 452,000 players’ account data

The maker of Magic: The Gathering has confirmed that a security lapse exposed the data on hundreds of thousands of game players. The game’s developer, the Washington-based Wizards of the Coast, left a database backup file in a public Amazon Web Services storage bucket. The database file contained user account information for the game’s online…

California’s new data privacy law brings U.S. closer to GDPR

The requirements aren’t insignificant, and the fines could add up Dimitri Sirota 9 hours Dimitri Sirota Contributor Dimitri Sirota is CEO and cofounder of data protection and privacy software company BigID. Sirota is an established serial entrepreneur, investor, mentor, and strategist in the technology and cyber security space. Data privacy has become one of the…

A network of ‘camgirl’ sites exposed millions of users and sex workers

A number of popular “camgirl” sites have exposed millions of sex workers and users after the company running the sites left the back-end database unprotected. The sites, run by Barcelona-based VTS Media, include amateur.tv, webcampornoxxx.net, and placercams.com. Most of the sites’ users are based in Spain and Europe, but we found evidence of users across…

Google has used contract swaps to get bulk access terms to NHS patient data

New Scientist has obtained a legal agreement between Google’s health division and the UK National Health Service (NHS) that includes provision to pass five years’ worth of patient data in bulk as part of a contract novation process. If you’re feeling a sense of deja vu that’s quite right: Back in 2016 it emerged —…

EU contracts with Microsoft raising “serious” data concerns, says watchdog

Europe’s chief data protection watchdog has raised concerns over contractual arrangements between Microsoft and the European Union institutions which are making use of its software products and services. The European Data Protection Supervisor (EDPS) opened an enquiry into the contractual arrangements between EU institutions and the tech giant this April, following changes to rules governing…