Privacy newsletter - June 9, 2020

Welcome to the latest edition of the Privacy Insider Newsletter. Each week we send you the latest news in the world of data privacy.

Here are the top stories from last week you might have missed:

1. Carnegie Mellon conducted a study that found that only 1 in 3 people change their passwords following a data breach. Of the people that did change their passwords, most chose a weak one. If you’re reading this and you don’t use a password manager, today is a great day to set one up. Link
   
   
2. Singapore is planning on rolling out a piece of hardware to all its citizens for contact tracing. There are a handful of companies developing contact tracing wearable tech, but this is the first announcement of tech rolling out rolling out to the public that is not a smartphone app. Novel technology means new privacy risks. Link
   
   
3. This week in data breaches…Amtrak, another popular education app, and Minted.
   
   Amtrak, the US national railroad service, announced that hackers had been accessing accounts with fraudulently obtained credentials. They don’t know how the hackers got the credentials. Link
   
   8Belts, an education app maker, put personally identifiable information of hundreds of thousands of users in an unsecured database. Link
   
   The popular artist marketplace Minted disclosed 5m user records were accessed at the beginning of May and sold online. This is part of the spate of recent attacks associated with the group ShinyHunters, who have made this newsletter numerous times in recent weeks for their exploits. Link
   
   
4. California legislators introduced a bill to regulate facial recognition technology. The bill has already received pushback from the ACLU, arguing that it undercuts privacy protections municipal governments have put in place regarding the technology. This bill will be closely watched given the state’s track record of passing trailblazing privacy legislation. Link
   
   
5. Zoom will exclude free calls from end-to-end encryption. Zoom announced a number of privacy features, including end-to-end encryption, following significant public pressure to improve their privacy practices in recent months. Privacy advocates are miffed that the company is only enhancing privacy if customers pay. Link
   
   
6. A $5 billion class action lawsuit against Google was filed for overstating the privacy protection afforded by Chrome’s Incognito mode. Google is going to fight it, claiming they’re transparent about the privacy Incognito provides. The prosecuting team seeks $5k per user who has used Incognito mode. Link
   
   
7. Video app TikTok has been under scrutiny for violating children’s privacy practices. A group of US senators urged the Federal Trade Commission to investigate TikTok’s failure to take down videos made by children under the age of 13 after promising to do so in 2019. Meanwhile, TikTok hired Kevin Mayer, a Disney executive, as its new CEO. Privacy issues - New hire 
   
   
8. Privacy browser Brave was caught making affiliate commissions from their users. If you'd go to certain cryptocurrency sites with Brave's browser, you'd be redirected to links that earned the company an affiliate commission. They've already released a statement saying they'd stop, but the brand damage has already been done to the upstart browser. Link