At a glance.
- CCTV breach under investigation.
- Scraping for the lulz?
- Pegasus lists.
ICO investigates UK CCTV breach.
Chadwick Lawrence explains that the UK’s Information Commissioner’s Office is investigating a data breach in which someone obtained CCTV footage featuring Matt Hancock, former Secretary of State for Health and Social Care, engaged in physical activity with another individual. The CCTV service provider for the Department of Health and Social Care alleges the images were stolen by an intruder who gained unauthorized access to the system. According to the General Data Protection Regulation, CCTV images in which an individual can be identified are considered personal data, and disclosing this data without the consent of the controller is considered a breach of Section 170 of the Data Protection Act 2018.
For the hacker, LinkedIn scrape was all fun and games.
As the investigation continues into last month’s LinkedIn data scraping incident that resulted in the publication of the personal data of 700 million users, Security Magazine reports that the hacker allegedly responsible says he obtained and released the data “for fun.” The hacker, who calls himself Tom Liner, claims he accessed the data by infiltrating LinkedIn’s application programming interface, and he is selling the scraped data, which accounts for approximately 92% of LinkedIn’s user base, to several buyers for $5,000. While social media platforms insist that scrapes like this one, which assemble data that are largely already publicly available, are not technically data breaches, many experts (and apparently buyers) disagree. Michael Isbitski, Technical Evangelist at Salt Security, explains, “A single piece of data by itself may not be classified as private, but this classification quickly changes as data [are] correlated or identity of an individual can be inferred.”
Who’s who on the Pegasus surveillance list.
Now that the Pegasus Project has released its report on the 50,000 leaked phone numbers connected to NSO’s Pegasus surveillance software, the list of individuals who were targeted — which include political activists and high-ranking government officials — raises questions about how and why government entities were using the spyware. As the Washington Post reports, there were fourteen heads of state or government on the list, and among them, seven are currently still in power: presidents Emmanuel Macron of France, Barham Salih of Iraq, and Cyril Ramaphosa of South Africa; prime ministers Imran Khan of Pakistan, Mostafa Madbouly of Egypt, and Saad-Eddine El Othmani of Morocco; and King of Morocco Mohammed VI. While ownership of the numbers has been confirmed, it’s still unclear whether all of the phones had been infiltrated with Pegasus software. NSO insists it’s possible the list was not linked to surveillance: “The data has many legitimate and entirely proper uses having nothing to do with surveillance or with NSO,” stated Tom Clare, an attorney representing the company.
Also on the list were activists who were potentially targeted by their countries’ governments. The Washington Post reports that several numbers belonged to individuals connected to the Bhima Koregaon case, in which over a dozen Indian activists in opposition to the regime of Prime Minister Narendra Modi were accused of attempting to overthrow the government and were jailed without trial. Researchers confirmed that India, along with ten other countries on the list, were clients of NSO, but the Indian government has not officially disclosed whether they used Pegasus software. When asked whether the government was spying on the activists in question, India’s Ministry of Electronics and Information Technology said the allegation had “no concrete basis or truth associated with it whatsoever.”