Privacy News Online | Weekly Review: January 8, 2021

Featured: Privacy News Online – Week of January 8th, 2021

Police are increasingly using digital vehicle forensics to solve cases

Police departments around the country have been solving cases by pulling valuable information off of vehicles left at crime scenes. This is done with third party software offered by a Maryland based company called Berla Corp. You might not realize this but cars store a lot of potentially useful private information, including recordings of voice commands, information from synced phones, and much much more.

Man sues police after incorrect facial recognition match leads to wrongful arrest

Nijeer Parks was wrongfully arrested in February, 2019 due to an incorrect facial recognition match. He is now suing the New Jersey Police Department and Prosecutor for violating his civil rights, false arrest, and false imprisonment. Parks was in jail for ten days, and even once he was released, the charges against him weren’t dropped until November, 2019. This is the third known instance of facial recognition technology leading to a wrongful arrest.

Bill and Melinda Gates Foundation backed project suffers data breach, 930,000 children affected

Get Schooled, an educational non profit created by the Bill and Melinda Gates Foundation, Viacom, and AT&T, has suffered a data breach which affects 930,000 students. Breached information includes physical address, school name, phone number, email address, and more. The breach was discovered by a British cybersecurity firm called TurgenSec and like too many data breaches before it, was the result of an exposed server.

More Privacy News This Week:

Neopets Is Still A Thing And Its Exposing Sensitive Data

The virtual pet game from your childhood is the latest company to suffer a data breach. Security Ledger reports that two security researchers used a security scanning tool on NeoPet’s website to discover a misconfigured server which exposed employee emails, user IP addresses, user database credentials, and the entire Neopets codebase. On their end – NeoPets has acknowledged the exposed server, removed it, and told reporters that no user or account information was accessed.

Some UK Stores Are Using Facial Recognition to Track Shoppers

Co-Op, a grocery chain in the United Kingdom, has been trialing real time facial recognition to try and identify shoplifters for at least the last eighteen months. The real time facial recognition augments existing CCTV installations and is provided by a London based company called FaceWatch. Co-Op didn’t make a public announcement of the facial recognition trial, choosing instead to only put signs up at the stores that are part of the program.

A backdoor account has been discovered in more than 100,000 Zyxel firewalls, VPN gateways, and wireless access point controllers

Security researchers have found a hard coded username and password in Zyxel firmware. Logging into an affected Zyxel device can grant an attacker full root level access to the hardware. This flaw could be exploited by anyone from run of the mill cyber criminals to state sponsored threat actors. While patches are available for most affected Zyxel hardware, the company’s NXC series wireless controllers aren’t expected to be patched until April. If you use affected hardware, patch it as soon as possible or implement controls to block unauthorized user access.

Brought to you by Private Internet Access

Privacy News Online is brought to you by Private Internet Access, the world’s most trusted VPN service.

Special thanks to Intego

Thank you to Josh Long, our cybersecurity correspondent from Intego, makers of award-winning security software.