It’s Time to Dismantle the DEA

For nearly 50 years, the Drug Enforcement Administration (DEA) has fueled mass incarceration, wasted taxpayer money, abused its authority and blocked scientific research.

It’s time for change.

By Every Measure the DEA and its Drug War Have Failed

The DEA was established in 1973 ostensibly to consolidate drug enforcement activities into a “superagency” that would bring together federal drug enforcement resources. In the last 50 years, it’s been a tremendous waste of resources and left a wake of devastation in the United States and abroad.

DEA personnel have repeatedly engaged in unlawful operations, spent lavishly, ignored civil rights, packed federal prisons, and still failed to make a significant impact on drug supply. Meanwhile, Congress has engaged in little scrutiny of the agency, its actions or its budget.

WASTING TAXPAYER FUNDS

The DEA is the central player in the failed war on drugs. When the DEA was created in 1973, it started with less than $75 million. In fiscal year 2020 U.S. taxpayers spent more than $3.1 billion on the DEA. President Trump asked for even more for fiscal year 2021 - a staggering $3.5 billion, with more than $520 million specifically for its international programs.

What has it done with all that money?

It has facilitated the growth of paramilitary forces on U.S. soil, expanded surveillance, and embedded itself in communities throughout the U.S. and abroad. It has directly participated in domestic enforcement at the local level and even conducted its own research and public propaganda campaigns.

Ten percent of its Special Agent and Intelligence Analysts are permanently stationed overseas conducting drug interdiction, including undercover operations, surveillance, money laundering, paying informants, and facilitating arrests. Internationally, the DEA-led drug war has contributed to increased violence in many countries, as well as political and economic instability.

👀 👉🏼 https://www.drugpolicy.org/DEA

#dea #timeforchange #drugpolicy #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Google lists which Firebase SDKs require Google Play Services

Google is a pretty ubiquitous name in the Android space. Not only does the company own and maintain the Android Open Source Project itself, but it’s also in charge of the largest distribution platform on Android: the Google Play Store and the underlying Google Mobile Services (GMS) suite. GMS is the important part here. Firebase, Google’s cross-platform toolkit for things like analytics and crash detection, uses GMS to provide a lot of its functionality.

That’s all well and good if your target devices come with Google apps preinstalled, but what if they don’t? What if a user has unlocked their bootloader and flashed a Google-free ROM? What if someone’s using a Huawei device, or they’ve imported a phone from China? Will the Firebase-dependent parts of your app just not work?

Thankfully, if you’re trying to implement Firebase into your app, you don’t need to guess which SDKs will work on Google-free devices and which won’t. Google has helpfully released a list of all its current Firebase SDKs, and whether or not they depend on GMS. You can use this to tell at-a-glance which SDKs you can safely implement and which you may have to supplement or avoid.

💡 👉🏼 Here’s a table listing the Firebase SDKs and whether or not they have GMS dependencies:
https://www.xda-developers.com/google-list-firebase-sdk-require-google-play-services/

💡 👉🏼 https://firebase.google.com/docs/android/android-play-services

#google #list #firebase #sdk #playservices #dependencies
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The Scene: A Stress Headache That Most Pirates Can Do Without

Many up-and-coming pirates dream of one day being elite enough to become a member of The Scene, hoping to bathe in the collective mystery, kudos and notoriety it exudes. But for most, however, the headaches and stress would probably outweigh the benefits of this exclusive 'club'.

Over the past two weeks ‘The Scene’, the individuals, groups, and entities that are often described as sitting at the top of the so-called ‘Piracy Pyramid’, has been thrust into the mainstream media.

A US Government-led operation, carried out on several continents against the ‘Sparks Conspiracy‘, listed three individuals from the UK, US and Norway as the main targets of a massive investigation. What took place on the ground, however, ended up being something much, much bigger.

While SPARKS and related groups GECKOS, DRONES, ROVERS and SPLINTERS were placed front and center, operations like this don’t and can’t operate in a vacuum. These groups were part of an organic network built up over years and, as such, their activities and members touched huge numbers of disparate yet interconnected individuals involved in the piracy world overall, not just ‘The Scene’ itself.

One of the interesting things about The Scene is that over almost two decades, it has gained almost mythical status as an almost impossible-to-penetrate ‘place’ where only the most elite of pirates hang out. As a result, many people aspire to become a ‘member’ one day, hoping to bathe in the collective mystery, kudos and notoriety.

What the unfolding events of the past two weeks have shown, however, is that The Scene is already much closer to regular pirates than most people might think, touching and even intermingling at some level with private and public torrent sites, streaming platforms, and similar services.

👀 👉🏼 https://torrentfreak.com/the-scene-a-stress-headache-that-most-pirates-can-do-without-200906/

#pirates #piracy #Sparks #GECKOS #DRONES #ROVERS #SPLINTERS #conspiracy‘ #usa #uk #norway
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Locking down Signal

Concerned about the privacy and security of your communications? Follow our guide to locking down Signal.

The encrypted messaging app, Signal, is quickly becoming a newsroom staple for communicating with sources, accepting tips, talking to colleagues, and for regular old voice calls and messages. While it’s a practical tool for anyone concerned with the security and privacy of their conversations, people working in newsrooms are particularly interesting targets, and should benefit from locking down Signal.

💡 (If you’re not yet using it, learn how to get started here.)

Signal makes it easy to have a secure conversation without thinking about it. On its face, it looks and feels identical to your default text messaging app, but security experts so often recommend it because of what it does in the background.

First, Signal offers end-to-end encryption, meaning only conversational participants can read the messages. While regular phone calls or text messages allow your phone company to unscramble your conversations, even the team behind Signal can’t listen to them. You don’t need to take their word for it. Signal is open source, meaning the code is available for anyone to review. This also makes security audits simpler for independent specialists, who have torn apart the code and published findings that everything works as intended. Finally, Signal retains nearly no metadata — information about who spoke to whom, and when. (The developers proved as much in court.)

These are some of the advantages you want in an encrypted messaging app.

Because newsrooms can attract a lot of attention, journalists who already use Signal should consider hardening it against physical access, as well as unwanted remote access and network-based eavesdropping. So let’s talk about how.

👀 👉🏼 https://freedom.press/training/locking-down-signal/

#signal #encrypted #messaging #app #guide
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The growing China black list of the USA

After Huawei, China's largest chip manufacturer SMIC is now also threatened by an embargo by the USA. US companies are then no longer allowed to do business with the contract manufacturer.

The Trump government, at the suggestion of the Ministry of Defense, is considering adding SMIC to its blacklist. The companies listed there have virtually no access to US technology. The list already contains over 300 Chinese companies.

👀 👉🏼 The China-black list of the USA (PDF):
https://www.bis.doc.gov/index.php/documents/regulations-docs/2326-supplement-no-4-to-part-744-entity-list-4/file

#usa #china #blacklist #embargo #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

You have a secret health score and it's as dystopian as it sounds

Insurance companies use big data to predict your health and profitability. Your life choices may easily cost you your coverage or accessibility of treatments.

📺 👉🏼 https://invidious.snopyta.org/watch?app=desktop&v=f6LMp74goVc&quality=dash&dark_mode=true&autoplay=0

#insurance #companies #secret #health #score #surveillance #bigdata #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The Internet’s Biggest Webmaster Forum Had a Data Breach

Another day and another big data leak. On July 1st the WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained records of the internet’s largest webmaster portal. Upon further research it appeared that Digital Point had leaked the data of 863,412 users.

Digital Point claims to be the world’s biggest webmaster forum and marketplace for web related services. The forum lets people buy and sell websites, SEO, and a wide range of services. The site caters to those individuals who maintain or create websites either for themselves or customers.

👀 👉🏼 Data Breach Summary:
https://www.websiteplanet.com/blog/digitalpoint-leak-report/

#digitalpoint #leak #report
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

What’s missing from corporate statements on racial injustice? The real cause of racism.

An analysis of 63 recent statements shows that US tech companies repeatedly placed responsibility for racial injustice on Black people.

On August 31, Airbnb launched Project Lighthouse, an initiative meant to “uncover, measure, and overcome discrimination” on the home-sharing platform. According to the company, Project Lighthouse will identify discrimination by measuring whether a renter’s perceived race correlates with differences in the rate or quality of that person’s bookings, cancellations, or reviews. This project comes amid an outpouring of solidarity statements and policy changes from the tech industry in response to uprisings after the killing of George Floyd by Minneapolis police on May 25.

While these nods toward racial justice may be well-intentioned, they highlight a problem that casts doubt on whether the industry’s efforts to date can truly combat bias: the tendency to position race, not racism, as the cause of discrimination.

This way of thinking about inequality is emblematic of “racecraft,” a term coined by sociologist Karen E. Fields and historian Barbara J. Fields to describe “the mental terrain and pervasive beliefs” about race and racism in America. Though Fields and Fields outline many aspects of the concept, their basic proposition is that the very idea of race arises out of racist practices rather than biological realities. Racecraft, they write, is a “conjuror’s trick of transforming racism into race, leaving black persons in view while removing white persons from the stage.”

A good example can be seen in Airbnb’s introduction to Project Lighthouse, which states that the company was “deeply troubled by stories of travelers who were turned away by Airbnb hosts during the booking process because of the color of their skin.” Were those guests really turned away because of their skin color, or because their prospective hosts were racist?

The same maneuver can be seen in a statement from Adam Mosseri, the head of Instagram, in which he says the platform’s efforts to ensure that Black voices are heard “won’t stop with the disparities people may experience solely on the basis of race.”

👀 👉🏼 https://www.technologyreview.com/2020/09/05/1008187/racial-injustice-statements-tech-companies-racism-racecraft-opinion/

#racial #injustice #statements #tech #companies #racism #racecraft #opinion #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Disney faces second wave of boycott calls for 'Mulan' movie

Disney's latest film Mulan has faced a second round of criticism following its launch in movie theatres and on Disney's streaming platform, Disney+. Netizens on Twitter are calling for the public to boycott the movie with the hashtag "#BoycottMulan", claiming that the lead actress Liu Yi Fei supports police brutality in Hong Kong during its protest.

The call to boycott the Mulan film is not new, first igniting in August 2019. Netizens are appealing to the public not to watch the movie, if they support human rights. A few netizens have also criticised Disney for casting the actress and giving in to the demands of China government while creating the film. Separately, another netizen also pointed out that the publicity department of CPC Xinjiang Uyghur Autonomous Region was included in the film credits, inferring that the filming took place in Xinjiang, where a "cultural genocide" is happening. The netizen is referring to the situation in Xinjiang, where Uyghurs (Muslim ethnic minority) are detained and allegedly tortured. Marketing has reached out to Disney for a statement.

Additionally, an edited image of the Mulan poster has been circulating online. The image featured Liu with a communist sign on her forehead. It also showed her social media comment at the side, with a flag of China in the background.

👀 👉🏼 https://marketing-interactive.com/disney-faces-second-wave-of-boycott-calls-for-mulan-movie

#disney #BoycottMulan #mulan #Xinjiang #Uyghur #cultural #genocide #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Service NSW reveals 738GB of customer data was stolen during email breach

Attack accessed 47 staff email accounts and affected 186,000 customers.

Service NSW has revealed that the personal information of 186,000 customers was stolen because of a cyber attack earlier this year on 47 staff email accounts.

Following a four-month investigation that began in April, Service NSW said it identified that 738GB of data, which compromised of 3.8 million documents, was stolen from the email accounts.

The one-stop-shop agency assured, however, there was no evidence that individual MyServiceNSW account data or Service NSW databases were compromised during the cyber attack.

"This rigorous first step surfaced about 500,000 documents which referenced personal information," Service NSW CEO Damon Rees said.

"The data is made up of documents such as handwritten notes and forms, scans, and records of transaction applications.

"Across the last four months, some of the analysis has included manual review of tens of thousands of records to ensure our customer care teams could develop a robust and useful notification process.

"We are sorry that customers' information was taken in this way."

👀 👉🏼 https://www.zdnet.com/article/service-nsw-reveals-738gb-of-customer-data-was-stolen-during-email-breach

#nsw #email #breach
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

EFF Responds to EU Commission on the Digital Services Act: Put Users Back in Control

The European Union is currently preparing for a significant overhaul of its core platform regulation, the e-Commerce Directive. Earlier this year the European Commission, the EU’s executive, pledged to reshape Europe’s digital future and to propose an entire package of new rules, the Digital Services Act (DSA). The package is supposed to address the legal responsibilities of platforms regarding user content and include measures to keep users safe online. The Commission also announced a new standard for large platforms that act as gatekeepers in an attempt to create a fairer, and more competitive, market for online platforms in the EU.

👀 👉🏼 https://www.eff.org/deeplinks/2020/09/eff-responds-eu-commission-digital-services-act-put-users-back-control

#eff #eu #commission #digital #services #act
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Money from bank hacks rarely gets laundered through cryptocurrencies

SWIFT: "Identified cases of laundering through cryptocurrencies remain relatively small compared to the volumes of cash laundered through traditional methods."

Despite being considered a cybercrime haven, cryptocurrencies play a very small role in laundering funds obtained from bank hacks; the SWIFT financial organization said in a report last week.

"Identified cases of laundering through cryptocurrencies remain relatively small compared to the volumes of cash laundered through traditional methods," said SWIFT, the organization that runs the SWIFT inter-bank messaging system used by almost all banks across the world to wire funds across borders.

These traditional methods include the use of money mules, front companies, cash businesses, and investments back into other forms of crime, such as drug trade or human trafficking.

👀 👉🏼 https://www.zdnet.com/article/money-from-bank-hacks-rarely-gets-laundered-through-cryptocurrencies

#money #laundering #bank #hacks #cryptocurrencies
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Military and Security Developments Involving the People’s Republic of China 2020

Annual Report to Congress - A Report to Congress Pursuant to the National Defense Authorization Act forFiscal Year 2000, as Amended.

👀 👉🏼 (PDF):
https://media.defense.gov/2020/Sep/01/2002488689/-1/-1/1/2020-DOD-CHINA-MILITARY-POWER-REPORT-FINAL.PDF

👀 👉🏼 China ‘eyes four African nations for military bases’:
https://citinewsroom.com/2020/09/china-eyes-four-african-nations-for-military-bases/

#dod #military #power #report #china #usa #afrika #pdf
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Chilean bank shuts down all branches following ransomware attack

All BancoEstado branches will remain closed on Monday, September 7, and possibly more days.

BancoEstado, one of Chile's three biggest banks, was forced to shut down all branches on Monday following a ransomware attack that took place over the weekend.

"Our branches will not be operational and will remain closed today," the bank said in a statement published on its Twitter account on Monday.

👀 👉🏼 https://twitter.com/BancoEstado/status/1302941450695573504

👀 👉🏼 https://www.zdnet.com/article/chilean-bank-shuts-down-all-branches-following-ransomware-attack

#chilean #bank #ransomware #attack
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Google gets lost in its own surveillance system

Arizona's top lawyer is serious and wants to take Google's business model for location-based advertising by the scruff of the neck: it is a violation of the law how the data company misleads users when collecting transaction data. Employee statements and papers from Google crisis sessions support the accusations and show how even Google people cannot turn off the tracking of movement.

It will not surprise anyone that Google tries in every conceivable way to gather information about the geographical position, stays and movements of its users: The business model is called advertising, and it sells better if the advertiser knows where his advertising victim is at the moment. But many users believe that you can at least turn it off so that they don't have to watch you at every turn. That this is just wishful thinking can be read in recently released files of a lawsuit against Google in the US state of Arizona.

The information where users are located is worth cash money for Google. Mobile network usage makes it possible to link advertising to more precise geographical data. The company does not deny that Google turns such transaction data into money. After all, this is not illegal per se and is often the default setting, for example in Google's Android operating system for smartphones. However, the advertising group offers users the option of deactivating the collection of transaction data if they want to decide against this "location tracking".

From partially redacted internal files of the company, however, it appears that even Google's own people believe that the deselection of the collection of transaction data is so veiled and complicated that it is almost impossible to avoid this tracking in practice. Google's employees have also failed in their own attempt to completely disable the collection of transaction data. In internal company meetings, they talked among themselves about how confusing and misleading the settings in their employer's software are.

👀 👉🏼 🇩🇪 (source):
https://netzpolitik.org/2020/problem-geschaeftsmodelle-google-verheddert-sich-im-eigenen-ueberwachungsapparat

👀 👉🏼 🇬🇧 (background-info) Google tracks your movements, like it or not:
https://apnews.com/828aefab64d4411bac257a07c1af0ecb/AP-Exclusive:-Google-tracks-your-movements,-like-it-or-not

#google #DeleteGoogle #surveillance #tracking #thinkabout #why
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Is the web getting slower?

A story on Hacker News recently argued that webpage speeds haven't improved, even as internet speeds have gone up.

This article explains why that conclusion can't be drawn from the original data.

We'll also look at how devices and the web have changed over the past 10 years, and what those changes have meant for web performance.

💡 👉🏼 https://www.debugbear.com/blog/is-the-web-getting-slower

👀 👉🏼 The Need for Speed, 23 Years Later:
https://www.nngroup.com/articles/the-need-for-speed/

#webpage #speed #internet #study #report #thinkabout
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

The HTTP Archive Tracks How the Web is Built.

We periodically crawl the top sites on the web and record detailed information about fetched resources, used web platform APIs and features, and execution traces of each page. We then crunch and analyze this data to identify trends — learn more about our methodology.

💡 👉🏼 View the Reports:
https://httparchive.org/reports

💡 👉🏼 2019 State of the Web Report:
https://almanac.httparchive.org/en/2019/

👀 👉🏼 https://httparchive.org/

#http #archive #reports #internet #websites
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Step-by-step guides and detailed information on secure messaging apps for Android, iOS, Windows, Mac and Linux.

💡 Apps are listed in order of:

✅✅ = "Highly Recommended"
✅ = "Worth a Try"
❌= "Not Recommended"

👀 👉🏼 https://securechatguide.org/centralizedapps.html

#secure #chat #messaging #apps #android #iOS #windows #mac #linux #guide
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Academics find crypto bugs in 306 popular Android apps, none get patched

Only 18 of 306 app developers replied to the research team, only 8 engaged with the team after the first email.

A team of academics from Columbia University has developed a custom tool to dynamically analyze Android applications and see if they're using cryptographic code in an unsafe way.

Named CRYLOGGER, the tool was used to test 1,780 Android applications, representing the most popular apps across 33 different Play Store categories, in September and October 2019.

Researchers say the tool, which checked for 26 basic cryptography rules (see table below), found bugs in 306 Android applications. Some apps broke one rule, while others broke multiple.

The top three most broken rules were:

‼️ Rule #18 - 1,775 apps - Don't use an unsafe PRNG (pseudorandom number generator)
‼️ Rule #1 - 1,764 apps - Don't use broken hash functions (SHA1, MD2, MD5, etc.)
‼️ Rule #4 - 1,076 apps - Don't use the operation mode CBC (client/server scenarios)

These are basic rules that any cryptographer knows very well, but rules that some app developers might not be aware of without having studied app security (AppSec) or advanced cryptography prior to entering the app development space.

👀 👉🏼 https://www.zdnet.com/article/academics-find-crypto-bugs-in-306-popular-android-apps-none-get-patched

#cryptography #bugs #android #apps
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

Russia Proposes a Legal Plan to Restrict Crypto Circulation

The Russian government has issued a proposal to restrict the circulation and transaction of cryptocurrencies

The Russian territory presents a plethora of opportunities as far as the cryptocurrency industry is concerned.

Arguably, a proper legal environment would potentiate Russia’s crypto capacities to become a hub of virtual assets – there’s enough Russian talent to back the industry up.

However, it appears that Russia has lagged behind when it comes to the establishment of crypto hotspots as the lack of proper legal infrastructure happens to be a glaring challenge in the eyes of digital asset enthusiasts.

In recent news, the Russian Ministry of Finance has proposed a move that will create legislation to restrict the circulation of cryptocurrencies within the economy – a decision that will serve as a yardstick for global crypto regulation.

Russian media intimated that the Russian government intends to prescribe amendments to the existing Digital Financial Assets (DFA) law, which was ratified in July and is set to be implemented from the first month of 2021.

Ideally, the DFA law came about as a result of the Russian government’s need to enable transactions involving digital securities and tokens, including well-established cryptocurrencies like Bitcoin and Ether.

At the time of inception, the DFA law was meant to be coupled with a separate piece of legislation targeting the regulation of crypto circulation.

👀 👉🏼 https://tapeucwutvne7l5o.onion/russia-proposes-a-legal-plan-to-russia-crypto-circulation

👀 👉🏼 https://iz.ru/1056107/tatiana-bochkareva-roza-almakunova/zapretnyi-plod-maining-v-rossii-zablokiruiut-oborot-kriptovaliut

👀 👉🏼 https://www.ledgerinsights.com/russia-restrict-circulation-cryptocurrency/

#russia #plan #restrict #cryptocurrency #circulation
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag

A data fail left banks and councils exposed by a quick Google search

Details of more than 50,000 letters sent by banks and local authorities were left online for anyone to see

Private details relating to more than 50,000 letters sent out by banks and local authorities were indexed by Google after a London-based outsourcing firm left its system hopelessly exposed. Details about everything from insolvency to final reminders of unpaid council tax and mortgage holidays were left available for anyone to view since June.

Thousands of names and addresses – and the types of letters they were sent – were left exposed, affecting people in the UK, US and Canada. Virtual Mail Room, the firm responsible for the data breach, worked for clients including Metro Bank, 14 local councils, the publisher Pearson and insolvency specialist Begbies Traynor. The specific content of the letters sent to individuals were not visible.

The privacy breach raises doubts about the due diligence carried out by companies and local authorities using outsourced mailing services to handle sensitive customer data. It also comes at a particularly painful time, with many of the names and addresses contained in the breach belonging to people who have been hit hard financially by the pandemic. Such missteps could fall foul of GDPR, with data controllers and processors potentially facing fines totalling tens of millions of pounds. A spokesperson for the Information Commissioner’s Office, the UK’s data regulator, confirmed it was aware of the incident and was making enquiries.

The details exposed by the breach are hugely personal. Amongst the tranche of exposed personal data were the names and addresses of 6,500 customers of Aldermore Bank. The back-end system left exposed reveals which customers received pre-delinquency and remediation letters. A spokesperson for the bank says it is investigating the issue. Elsewhere, more than 250 Metro Bank customers were identified with their company name and address. A Metro Bank spokesperson says the company has “temporarily suspended sharing data” with Virtual Mail Room as a precautionary measure while its investigation continues.

👀 👉🏼 https://www.wired.co.uk/article/virtual-mail-room-data-breach

#virtual #mail #room #privacy #breach #uk #canada #usa
📡@cRyPtHoN_INFOSEC_DE
📡@cRyPtHoN_INFOSEC_EN
📡@BlackBox_Archiv
📡@NoGoolag