Hacker News with Generative AI: Data Security

White House scraps plan to block data brokers from selling Americans' data (techcrunch.com)
A senior Trump administration official has scrapped a plan that would have blocked data brokers from selling Americans’ personal and financial information, including Social Security numbers.

Privacy, Government Regulations, Data Security, Tech Policy, Consumer Rights

11 points by speckx 10 days ago | 0 comments

Euro execs mull use of US clouds, eyeing American hyperscaler escape hatch (theregister.com)
Amid the economic uncertainty of Trump 2.0, dependence on American tech has become a growing concern for many businesses, and a survey of 1,000 IT leaders claims that data sovereignty is now one of the most pressing issues.

Politics, Technology, Business, Data Security

5 points by rntn 10 days ago | 1 comments

Where hyperscale hardware goes to retire: Ars visits a big ITAD site (arstechnica.com)
"The biggest risk is data escape."

Data Security, Hardware, IT, Recycling, Technology

39 points by rntn 12 days ago | 2 comments

Verizon is sharing customers email addresses (verizon.com)
Our Privacy Policy describes the information we collect, how it is used and disclosed, your choices about uses and disclosure and your rights under certain privacy laws.

Privacy, Verizon, Data Security, Email

12 points by wys2wyg 18 days ago | 2 comments

CFPB Kills Rule to Shield Americans from Data Brokers (wired.com)
The Consumer Financial Protection Bureau (CFPB) has canceled plans to introduce new rules designed to limit the ability of US data brokers to sell sensitive information about Americans, including financial data, credit history, and Social Security numbers.

Privacy, Consumer Protection, Government Regulation, Data Security, Financial Data

21 points by sebastian_z 23 days ago | 4 comments

CFPB Kills Rule to Shield Americans from Data Brokers (wired.com)
The Consumer Financial Protection Bureau (CFPB) has canceled plans to introduce new rules designed to limit the ability of US data brokers to sell sensitive information about Americans, including financial data, credit history, and Social Security numbers.

Consumer Privacy, Data Security, Finance, Government Regulation, US Politics

12 points by spenvo 24 days ago | 0 comments

NSA spied through Angry Birds, other apps: report (2014) (nbcnews.com)
Documents leaked by former NSA contractor Edward Snowden suggest that spy agencies have a powerful ally in Angry Birds and a host of other apps installed on smartphones across the globe.

Surveillance, Mobile Apps, Privacy, Data Security

278 points by __natty__ 32 days ago | 155 comments

Can you smuggle data in an ID card photo? (informatykzakladowy.pl)
Kilka tygodni temu opublikowałem krótki tekst o eDO App, aplikacji mobilnej pozwalającej na użycie tzw. warstwy elektronicznej dowodu osobistego. Mój własny dowód pochodził jednak sprzed pięciu lat i nie zawierał chipa z anteną indukcyjną. Aby dokończyć artykuł, musiałem wyrobić sobie nowy dokument.

Data Security, Privacy, Technology, Government IDs

28 points by edent 33 days ago | 9 comments

Privacy folks – what's your take on using LLMs at work? (ycombinator.com)
Hey everyone! :wave: I’m building a product called Privacy AI, and I’m trying to learn how people think about data privacy when using AI tools at work — especially in industries like finance, healthcare, or anywhere with sensitive data.

Privacy, Artificial Intelligence, Data Security, Finance, Healthcare

13 points by adeebaslam 43 days ago | 20 comments

DOGE worker’s code supports NLRB whistleblower (krebsonsecurity.com)
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March.

Data Security, Whistleblowing, Labor Relations, Government Efficiency, Elon Musk

1013 points by todsacerdoti 45 days ago | 530 comments

5th Circuit Lets AT&T Off the Hook for Major Location Data Privacy Violations (techdirt.com)
For decades, major wireless carriers AT&T, Verizon, and T-Mobile collected vast troves of sensitive user location and movement data, then sold access to any random nitwit with two nickels to rub together.

Privacy, Telecommunications, Lawsuits, Data Security, Location Tracking

13 points by hn_acker 45 days ago | 1 comments

Whistleblower: DOGE Siphoned NLRB Case Data (krebsonsecurity.com)
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity.

Data Security, Labor Relations, Elon Musk, Whistleblower

818 points by whalesalad 46 days ago | 452 comments

Oracle hopes talk of cloud data theft dies off. CISA just resurrected it (theregister.com)
CISA – the US government's Cybersecurity and Infrastructure Security Agency – has issued an alert for those who missed Oracle grudgingly admitting some customer data was stolen from the database giant's public cloud infrastructure.

Cybersecurity, Data Security, Oracle, Cloud Computing, Government

8 points by LinuxBender 47 days ago | 0 comments

Europe's cloud customers eyeing exit from US hyperscalers (theregister.com)
Are customers on the European side of the pond considering a move from US hyperscalers in the wake of recent events? Some of the region's vendors are reporting an uptick in inquiries as organizations mull their options.

Cloud Computing, Europe, Data Security, Business, Technology

23 points by rntn 51 days ago | 2 comments

Whistleblower details how DOGE may have taken sensitive NLRB data (npr.org)
A whistleblower tells Congress and NPR that DOGE may have taken sensitive labor data and hid its tracks. "None of that ... information should ever leave the agency," said a former NLRB official.

Data Security, Labor Relations, Government, Whistleblower

1171 points by rbanffy 53 days ago | 542 comments

Browser extensions put 4M users at risk of cookie exposure (secureannex.com)

Browser Security, Privacy, Data Security, Web Development, Cybersecurity

13 points by speckx 57 days ago | 6 comments

Selling your old laptop or phone? You might be handing over your data too (theconversation.com)
You’re about to recycle your laptop or your phone, so you delete all your photos and personal files. Maybe you even reset the device to factory settings.

Privacy, Data Security, Technology, Recycling

28 points by devonnull 61 days ago | 10 comments

Proton provided user information in 10,368 requests in 2024 (proton.me)
From time to time, Proton may be legally compelled to disclose certain user information to Swiss authorities, as detailed in our Privacy Policy. This can happen if Swiss law is broken. As stated in our Privacy Policy, all emails, files and invites are encrypted and we have no means to decrypt them.

Privacy, Data Security, Switzerland, Law Enforcement

8 points by argilla 65 days ago | 1 comments

23andMe is potentially selling personal survey data, etc., beyond genetic data (theconversation.com)
As soon as the genetic testing company 23andMe filed for bankruptcy on March 23, 2025, concerns about what would happen to the personal information contained in its massive genetic and health information database were swift and widespread.

Privacy, Genetics, Data Security, Health Information, Business

4 points by rntn 66 days ago | 0 comments

UK's GCHQ Intern Transferred Top Secret Files to His Phone (bbc.com)
A former GCHQ intern has admitted risking national security by taking top secret data home with him on his mobile phone.

Cybersecurity, National Security, Espionage, Government, Data Security

20 points by m463 68 days ago | 6 comments

You're protecting your data wrong – Introducing the Protected Query Pattern (vercel.app)
Securing modern full-stack applications can be complex. You have to manage authorizations in many different contexts from UI to data mutation functions.

Data Security, Web Development, Software Engineering, Programming

33 points by jussinevavuori 69 days ago | 21 comments

Kink and LGBT dating apps exposed 1.5M private user images online (bbc.com)
Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists.

Data Security, Privacy, Online Dating, LGBT

31 points by testrun 70 days ago | 8 comments

How to Delete Your 23andMe Data (eff.org)
This week, the genetic testing company 23andMe filed for bankruptcy, which means the genetic data the company collected on millions of users is now up for sale. If you do not want your data included in any potential sale, it’s a good time to ask the company to delete it.

Privacy, Genetics, Data Security, 23andMe

222 points by hn_acker 73 days ago | 120 comments

AI browser assistant extensions probably beaming everything to the cloud (theregister.com)
Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.

Generative AI, Privacy, Browser Extensions, Data Security

10 points by rntn 74 days ago | 1 comments

Ask HN: can Wireless-CarPlay dongles steal your data? (ycombinator.com)
So I recently ordered one of the many wireless Carplay dongles from Aliexpress that work via USB in your car connecting your iPhone to the car's Carplay via Bluetooth (and/or Wifi) to the USB dongle.

Data Security, Car Technology, Wireless CarPlay, Hardware

46 points by concerned_citi 74 days ago | 31 comments

Chunking Attacks on Tarsnap (and Others) (daemonology.net)
Ten years ago I wrote that it would require someone smarter than me to extract information from the way that Tarsnap splits data into chunks.

Security, Encryption, Cloud Storage, Data Security

10 points by todsacerdoti 78 days ago | 1 comments

Chunking Attacks on File Backup Services Using Content-Deﬁned Chunking [pdf] (daemonology.net)

Cybersecurity, Data Security, File Backup, Research, Attacks

123 points by cperciva 78 days ago | 21 comments

Stop letting your RAG chatbot expose sensitive data (osohq.com)
Retrieval-Augmented Generation (RAG) lets you enhance large language model (LLM) applications by supplementing your users’ prompts with context from internal sources.

Data Security

11 points by mathewpregasen 80 days ago | 1 comments

Court filing: DOGE aide broke Treasury policy by emailing unencrypted database (theregister.com)
A now-former DOGE aide violated US Treasury policy by emailing an unencrypted database containing people's private information to two Trump administration officials, according to a court document filed Friday.

Privacy, Data Security, Government, Politics, Law

67 points by rntn 81 days ago | 31 comments

Tell HN: Wise makes all user phone email and name data discoverable by default (ycombinator.com)
Wise makes all user phone email and name data discoverable by default

Privacy, Data Security, Fintech, User Data, Wise

18 points by wise-throwaway 84 days ago | 0 comments