Hacker News with Generative AI: Data Security

White House scraps plan to block data brokers from selling Americans' data (techcrunch.com)
A senior Trump administration official has scrapped a plan that would have blocked data brokers from selling Americans’ personal and financial information, including Social Security numbers.
Euro execs mull use of US clouds, eyeing American hyperscaler escape hatch (theregister.com)
Amid the economic uncertainty of Trump 2.0, dependence on American tech has become a growing concern for many businesses, and a survey of 1,000 IT leaders claims that data sovereignty is now one of the most pressing issues.
Where hyperscale hardware goes to retire: Ars visits a big ITAD site (arstechnica.com)
"The biggest risk is data escape."
Verizon is sharing customers email addresses (verizon.com)
Our Privacy Policy describes the information we collect, how it is used and disclosed, your choices about uses and disclosure and your rights under certain privacy laws.
CFPB Kills Rule to Shield Americans from Data Brokers (wired.com)
The Consumer Financial Protection Bureau (CFPB) has canceled plans to introduce new rules designed to limit the ability of US data brokers to sell sensitive information about Americans, including financial data, credit history, and Social Security numbers.
CFPB Kills Rule to Shield Americans from Data Brokers (wired.com)
The Consumer Financial Protection Bureau (CFPB) has canceled plans to introduce new rules designed to limit the ability of US data brokers to sell sensitive information about Americans, including financial data, credit history, and Social Security numbers.
NSA spied through Angry Birds, other apps: report (2014) (nbcnews.com)
Documents leaked by former NSA contractor Edward Snowden suggest that spy agencies have a powerful ally in Angry Birds and a host of other apps installed on smartphones across the globe.
Can you smuggle data in an ID card photo? (informatykzakladowy.pl)
Kilka tygodni temu opublikowałem krótki tekst o eDO App, aplikacji mobilnej pozwalającej na użycie tzw. warstwy elektronicznej dowodu osobistego. Mój własny dowód pochodził jednak sprzed pięciu lat i nie zawierał chipa z anteną indukcyjną. Aby dokończyć artykuł, musiałem wyrobić sobie nowy dokument.
Privacy folks – what's your take on using LLMs at work? (ycombinator.com)
Hey everyone! :wave: I’m building a product called Privacy AI, and I’m trying to learn how people think about data privacy when using AI tools at work — especially in industries like finance, healthcare, or anywhere with sensitive data.
DOGE worker’s code supports NLRB whistleblower (krebsonsecurity.com)
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March.
5th Circuit Lets AT&T Off the Hook for Major Location Data Privacy Violations (techdirt.com)
For decades, major wireless carriers AT&T, Verizon, and T-Mobile collected vast troves of sensitive user location and movement data, then sold access to any random nitwit with two nickels to rub together.
Whistleblower: DOGE Siphoned NLRB Case Data (krebsonsecurity.com)
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity.
Oracle hopes talk of cloud data theft dies off. CISA just resurrected it (theregister.com)
CISA – the US government's Cybersecurity and Infrastructure Security Agency – has issued an alert for those who missed Oracle grudgingly admitting some customer data was stolen from the database giant's public cloud infrastructure.
Europe's cloud customers eyeing exit from US hyperscalers (theregister.com)
Are customers on the European side of the pond considering a move from US hyperscalers in the wake of recent events? Some of the region's vendors are reporting an uptick in inquiries as organizations mull their options.
Whistleblower details how DOGE may have taken sensitive NLRB data (npr.org)
A whistleblower tells Congress and NPR that DOGE may have taken sensitive labor data and hid its tracks. "None of that ... information should ever leave the agency," said a former NLRB official.
Browser extensions put 4M users at risk of cookie exposure (secureannex.com)
Selling your old laptop or phone? You might be handing over your data too (theconversation.com)
You’re about to recycle your laptop or your phone, so you delete all your photos and personal files. Maybe you even reset the device to factory settings.
Proton provided user information in 10,368 requests in 2024 (proton.me)
From time to time, Proton may be legally compelled to disclose certain user information to Swiss authorities, as detailed in our Privacy Policy. This can happen if Swiss law is broken. As stated in our Privacy Policy, all emails, files and invites are encrypted and we have no means to decrypt them.
23andMe is potentially selling personal survey data, etc., beyond genetic data (theconversation.com)
As soon as the genetic testing company 23andMe filed for bankruptcy on March 23, 2025, concerns about what would happen to the personal information contained in its massive genetic and health information database were swift and widespread.
UK's GCHQ Intern Transferred Top Secret Files to His Phone (bbc.com)
A former GCHQ intern has admitted risking national security by taking top secret data home with him on his mobile phone.
You're protecting your data wrong – Introducing the Protected Query Pattern (vercel.app)
Securing modern full-stack applications can be complex. You have to manage authorizations in many different contexts from UI to data mutation functions.
Kink and LGBT dating apps exposed 1.5M private user images online (bbc.com)
Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists.
How to Delete Your 23andMe Data (eff.org)
This week, the genetic testing company 23andMe filed for bankruptcy, which means the genetic data the company collected on millions of users is now up for sale. If you do not want your data included in any potential sale, it’s a good time to ask the company to delete it.
AI browser assistant extensions probably beaming everything to the cloud (theregister.com)
Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.
Ask HN: can Wireless-CarPlay dongles steal your data? (ycombinator.com)
So I recently ordered one of the many wireless Carplay dongles from Aliexpress that work via USB in your car connecting your iPhone to the car's Carplay via Bluetooth (and/or Wifi) to the USB dongle.
Chunking Attacks on Tarsnap (and Others) (daemonology.net)
Ten years ago I wrote that it would require someone smarter than me to extract information from the way that Tarsnap splits data into chunks.
Chunking Attacks on File Backup Services Using Content-Defined Chunking [pdf] (daemonology.net)
Stop letting your RAG chatbot expose sensitive data (osohq.com)
Retrieval-Augmented Generation (RAG) lets you enhance large language model (LLM) applications by supplementing your users’ prompts with context from internal sources.
Court filing: DOGE aide broke Treasury policy by emailing unencrypted database (theregister.com)
A now-former DOGE aide violated US Treasury policy by emailing an unencrypted database containing people's private information to two Trump administration officials, according to a court document filed Friday.
Tell HN: Wise makes all user phone email and name data discoverable by default (ycombinator.com)
Wise makes all user phone email and name data discoverable by default