Hacker News with Generative AI: Data Security

Privacy folks – what's your take on using LLMs at work? (ycombinator.com)
Hey everyone! :wave: I’m building a product called Privacy AI, and I’m trying to learn how people think about data privacy when using AI tools at work — especially in industries like finance, healthcare, or anywhere with sensitive data.

Privacy, Artificial Intelligence, Data Security, Finance, Healthcare

13 points by adeebaslam 23 hours ago | 20 comments

DOGE worker’s code supports NLRB whistleblower (krebsonsecurity.com)
A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk’s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency’s sensitive case files in early March.

Data Security, Whistleblowing, Labor Relations, Government Efficiency, Elon Musk

991 points by todsacerdoti 3 days ago | 530 comments

5th Circuit Lets AT&T Off the Hook for Major Location Data Privacy Violations (techdirt.com)
For decades, major wireless carriers AT&T, Verizon, and T-Mobile collected vast troves of sensitive user location and movement data, then sold access to any random nitwit with two nickels to rub together.

Privacy, Telecommunications, Lawsuits, Data Security, Location Tracking

12 points by hn_acker 3 days ago | 1 comments

Whistleblower: DOGE Siphoned NLRB Case Data (krebsonsecurity.com)
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity.

Data Security, Labor Relations, Elon Musk, Whistleblower

809 points by whalesalad 4 days ago | 452 comments

Oracle hopes talk of cloud data theft dies off. CISA just resurrected it (theregister.com)
CISA – the US government's Cybersecurity and Infrastructure Security Agency – has issued an alert for those who missed Oracle grudgingly admitting some customer data was stolen from the database giant's public cloud infrastructure.

Cybersecurity, Data Security, Oracle, Cloud Computing, Government

8 points by LinuxBender 4 days ago | 0 comments

Europe's cloud customers eyeing exit from US hyperscalers (theregister.com)
Are customers on the European side of the pond considering a move from US hyperscalers in the wake of recent events? Some of the region's vendors are reporting an uptick in inquiries as organizations mull their options.

Cloud Computing, Europe, Data Security, Business, Technology

23 points by rntn 9 days ago | 2 comments

Whistleblower details how DOGE may have taken sensitive NLRB data (npr.org)
A whistleblower tells Congress and NPR that DOGE may have taken sensitive labor data and hid its tracks. "None of that ... information should ever leave the agency," said a former NLRB official.

Data Security, Labor Relations, Government, Whistleblower

1168 points by rbanffy 11 days ago | 542 comments

Browser extensions put 4M users at risk of cookie exposure (secureannex.com)

Browser Security, Privacy, Data Security, Web Development, Cybersecurity

13 points by speckx 15 days ago | 6 comments

Selling your old laptop or phone? You might be handing over your data too (theconversation.com)
You’re about to recycle your laptop or your phone, so you delete all your photos and personal files. Maybe you even reset the device to factory settings.

Privacy, Data Security, Technology, Recycling

28 points by devonnull 18 days ago | 10 comments

Proton provided user information in 10,368 requests in 2024 (proton.me)
From time to time, Proton may be legally compelled to disclose certain user information to Swiss authorities, as detailed in our Privacy Policy. This can happen if Swiss law is broken. As stated in our Privacy Policy, all emails, files and invites are encrypted and we have no means to decrypt them.

Privacy, Data Security, Switzerland, Law Enforcement

8 points by argilla 22 days ago | 1 comments

23andMe is potentially selling personal survey data, etc., beyond genetic data (theconversation.com)
As soon as the genetic testing company 23andMe filed for bankruptcy on March 23, 2025, concerns about what would happen to the personal information contained in its massive genetic and health information database were swift and widespread.

Privacy, Genetics, Data Security, Health Information, Business

4 points by rntn 24 days ago | 0 comments

UK's GCHQ Intern Transferred Top Secret Files to His Phone (bbc.com)
A former GCHQ intern has admitted risking national security by taking top secret data home with him on his mobile phone.

Cybersecurity, National Security, Espionage, Government, Data Security

20 points by m463 25 days ago | 6 comments

You're protecting your data wrong – Introducing the Protected Query Pattern (vercel.app)
Securing modern full-stack applications can be complex. You have to manage authorizations in many different contexts from UI to data mutation functions.

Data Security, Web Development, Software Engineering, Programming

33 points by jussinevavuori 26 days ago | 21 comments

Kink and LGBT dating apps exposed 1.5M private user images online (bbc.com)
Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists.

Data Security, Privacy, Online Dating, LGBT

31 points by testrun 27 days ago | 8 comments

How to Delete Your 23andMe Data (eff.org)
This week, the genetic testing company 23andMe filed for bankruptcy, which means the genetic data the company collected on millions of users is now up for sale. If you do not want your data included in any potential sale, it’s a good time to ask the company to delete it.

Privacy, Genetics, Data Security, 23andMe

222 points by hn_acker 31 days ago | 120 comments

AI browser assistant extensions probably beaming everything to the cloud (theregister.com)
Generative AI assistants packaged up as browser extensions harvest personal data with minimal safeguards, researchers warn.

Generative AI, Privacy, Browser Extensions, Data Security

10 points by rntn 32 days ago | 1 comments

Ask HN: can Wireless-CarPlay dongles steal your data? (ycombinator.com)
So I recently ordered one of the many wireless Carplay dongles from Aliexpress that work via USB in your car connecting your iPhone to the car's Carplay via Bluetooth (and/or Wifi) to the USB dongle.

Data Security, Car Technology, Wireless CarPlay, Hardware

46 points by concerned_citi 32 days ago | 31 comments

Chunking Attacks on Tarsnap (and Others) (daemonology.net)
Ten years ago I wrote that it would require someone smarter than me to extract information from the way that Tarsnap splits data into chunks.

Security, Encryption, Cloud Storage, Data Security

10 points by todsacerdoti 35 days ago | 1 comments

Chunking Attacks on File Backup Services Using Content-Deﬁned Chunking [pdf] (daemonology.net)

Cybersecurity, Data Security, File Backup, Research, Attacks

123 points by cperciva 36 days ago | 21 comments

Stop letting your RAG chatbot expose sensitive data (osohq.com)
Retrieval-Augmented Generation (RAG) lets you enhance large language model (LLM) applications by supplementing your users’ prompts with context from internal sources.

Data Security

11 points by mathewpregasen 38 days ago | 1 comments

Court filing: DOGE aide broke Treasury policy by emailing unencrypted database (theregister.com)
A now-former DOGE aide violated US Treasury policy by emailing an unencrypted database containing people's private information to two Trump administration officials, according to a court document filed Friday.

Privacy, Data Security, Government, Politics, Law

67 points by rntn 39 days ago | 31 comments

Tell HN: Wise makes all user phone email and name data discoverable by default (ycombinator.com)
Wise makes all user phone email and name data discoverable by default

Privacy, Data Security, Fintech, User Data, Wise

18 points by wise-throwaway 41 days ago | 0 comments

Data Broker Brags About Highly Detailed Personal Info on Most All Internet Users (gizmodo.com)
The owner of a data brokerage business recently put out a creepy-ass video in which he bragged about the degree to which his industry could collect and analyze data on the habits of billions of people.

Privacy, Data Security, Internet, Personal Data

7 points by rntn 42 days ago | 1 comments

Privacy Is Also Protecting the Data of Others (privacyguides.org)
In privacy, we talk a lot about how to protect our own data, but what about our responsibility to protect the data of others?

Privacy, Data Security, Ethics

9 points by jonaharagon 44 days ago | 0 comments

We stopped trusting clouds and started encrypting our data (vas3k.com)
Remember the situation: you want to send that fresh dank meme to your friend (let's say) Greg. You open your favorite messenger, find the chat with Greg, attach the meme and hit send.

Privacy, Encryption, Data Security, Communication

21 points by namanyayg 44 days ago | 1 comments

Civil servants quit Elon Musk's DOGE citing security risks over US data (abc.net.au)
About 21 civil servants from Elon Musk's Department of Government Efficiency have resigned saying they will not use their skills to jeopardise the sensitive data of Americans.

Elon Musk, Government, Data Security, Privacy

16 points by Aeolun 45 days ago | 0 comments

Allstate Insurance sued for delivering personal info in plaintext, to anyone (theregister.com)
New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it.

Data Security, Privacy, Lawsuits, Insurance, Cybersecurity

8 points by rntn 46 days ago | 1 comments

Microsoft unveils finalized EU Data Boundary as European doubt over US grows (theregister.com)
Microsoft has completed its EU data boundary, however, analysts and some regional cloud players are voicing concerns over dependencies on a US entity, even with the guarantees in place.

Microsoft, Cloud Computing, Data Security, Geopolitics

7 points by nemoniac 53 days ago | 0 comments

Banking's critical functions are vanishing into the cloud (ft.com)
It’s 9pm — do you know where your data is?

Cloud Computing, Banking, Data Security

8 points by anigbrowl 53 days ago | 2 comments

Research Finds 12,000 'Live' API Keys and Passwords in DeepSeek's Training Data (trufflesecurity.com)
Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data

Data Security, Cybersecurity, Artificial Intelligence, Machine Learning

7 points by bathtub365 54 days ago | 2 comments