Zack Whittaker
The U.K. government's secret order demanding that Apple allows access to the cloud-stored encrypted data of any of its customers anywhere in the world is an "emergency," according to critics, and would set a dangerous global precedent that would embolden authoritarian regimes to demand the same.
From @carlypage: https://techcrunch.com/2025/02/10/uks-secret-apple-icloud-backdoor-order-is-a-global-emergency-say-critics/
Zack Whittaker
Hope everyone is having a peaceful weekend. Here's Toby, aka smush face.
Zack Whittaker
If you work in the U.S. government and know more about DOGE and its activities, please reach out. (Anonymity granted.)
Contact me via Signal: zackwhittaker.1337
You can also share files/docs via SecureDrop (using Tor): techcrunch.securedrop.tor.onion
Zack Whittaker
ICYMI from yesterday: The biggest breach of U.S. government data is under way.
"Whether DOGE staffers are bad actors misses part of the point. Acts of subterfuge, espionage, or ignorance could produce the same suboptimal outcome: exposure or loss of the nation’s sensitive datasets."
https://techcrunch.com/2025/02/05/the-biggest-breach-of-u-s-government-data-is-under-way/
Zack Whittaker
New, by me: Elon Musk's DOGE has taken control of large swathes of Americans' private information held by the U.S. government, representing the widest known compromise of government-held data by a private group of individuals — and little has gotten in their way.
https://techcrunch.com/2025/02/05/the-biggest-breach-of-u-s-government-data-is-under-way/
Zack Whittaker
New: Elon Musk's DOGE team was granted "full access" to sensitive Treasury payment systems that control trillions of dollars in payments to Americans, including Social Security checks and tax refunds.
Sen. Ron Wyden said Musk’s access poses a “national security risk.”
The access could also be considered a massive data breach of Americans' personal information in the hands of unelected private individuals.
Zack Whittaker
DeepSeek exposed an internal back-end database to the internet without a password. The database contained chat histories and API keys.
Zack Whittaker
It's worth noting that PowerSchool is represented by crisis communications firm FTI Consulting to handle its PR (read: media inquiries etc.) in the aftermath of its data breach, with the goal of saying as little as possible.
This isn't an uncommon strategy, per se, but it is telling that PowerSchool — which was acquired by a private equity giant for $4 billion only the year earlier — is willing to throw money at protecting its image than investing in basic cybersecurity practices to begin with.
Zack Whittaker
In an updated incident FAQ on its website, PowerSchool says: "We are not sharing specifics around the number of districts and schools we believe were involved" in the data breach.
Here's what else PowerSchool isn't telling affected individuals about its breach.
Zack Whittaker
BREAKING: UnitedHealth has confirmed the ransomware attack and data breach on its Change Healthcare subsidiary in February 2024 now affects around 190 million people — almost double the previous estimate.
Zack Whittaker
It's very cold in New York today.
Zack Whittaker
Just when you think the PowerSchool breach couldn't get worse, Toronto's school district says it lost upwards of 40 years' worth of student data stored in PowerSchool, per @carlypage.
Toronto said it was storing the historical data for responding to former student record requests.
Zack Whittaker
NEW: TechCrunch has learned of a separate security incident involving malware stealing a PowerSchool software engineer's passwords prior to its cyberattack.
While likely unrelated to the breach, it raises further doubts about the ed-tech giant's security practices.
w/ @carlypage: https://techcrunch.com/2025/01/17/malware-stole-internal-powerschool-passwords-from-engineers-hacked-computer/
Zack Whittaker
New, by me: Change Healthcare's ransomware attack last year was the largest known theft of medical data in U.S. history, affecting at least 100 million Americans.
But for months, Change Healthcare has hidden its official data breach notice from search engines, making it far more difficult for anyone searching the web to find it.
Zack Whittaker
We've also included some helpful guidance on what you can do to prevent this kind of advertising surveillance, including at the mobile device level.
“If you disable the app tracking, your data has not been shared,” security researcher Baptiste Robert told TechCrunch.
Ad-blockers are your friend!
Zack Whittaker
NEW, by me: Gravy Analytics, a location data broker, has confirmed it was hacked.
In a statement to TechCrunch, its parent company Unacast said its AWS accounts were breached. A hacker posted a huge trove of location data online containing tens of millions of location data points.
Zack Whittaker
Telegram shared thousands of users' data with authorities in the U.S. over the course of 2024, according to Telegram's latest transparency report numbers. The messaging app also reported a sharp rise in fulfilled requests from authorities in the U.K. and India.
https://techcrunch.com/2025/01/07/telegram-reports-spike-in-sharing-user-data-with-law-enforcement/
Zack Whittaker
Bloomberg's Katrina Manson has a really good story from Guam on the Volt Typhoon threat facing the island's critical infrastructure, which the U.S. military's base there relies on. Very complementary to WSJ's reporting this weekend on the wider threat faced by the U.S. from China over its anticipated future invasion of Taiwan.
Zack Whittaker
Interesting to see AT&T, Verizon, and now Lumen all say that they detect no threat activity or have no evidence of ongoing intrusions by the China-backed Salt Typhoon group, all citing a third-party forensic analysis.
If they were so confident in their assessments, they'd at least publicly name the forensic firms who allegedly cleared their networks.
Zack Whittaker
I take umbrage with headlines like this. It wasn't the employee's fault for the data breach at Ascension, a healthcare giant with over 140 hospitals across the United States. It was Ascension's leadership that failed to implement adequate cybersecurity defenses that resulted in the breach of 5.6 million patients' data.
Security editor, TechCrunchEmail: zack.whittaker@techcrunch.comSignal: +1 646.755.8849 / zackwhittaker.1337New York, NY
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.