Behold the #SocialSecurity Administration’s #AI #Training Video
Social Security workers are being asked to use an AI #chatbot. An animated video on how to do so failed to mention that the chatbot can’t be trusted with personally identifiable information.
#pii #privacy #security #ssa #ssn
https://www.wired.com/story/social-security-ai-training-video/
Shopify faces privacy lawsuit for collecting customer data https://www.malwarebytes.com/blog/news/2025/04/shopify-faces-privacy-lawsuit-for-collecting-customer-data #jurisdiction #Privacy #Shopify #News #PII
#DOGE Is Just Getting Warmed Up
DOGE has tapped into some of the most sensitive and valuable data in the world. Now it’s starting to put it to work.
#pii #privacy
https://www.wired.com/story/doge-is-just-getting-warmed-up-data-immigration/
Does #PalUpNow! keep my #profile anonymous?
Yes. Your personal #data (PII) remains #private until you're matched. #PII means "Personally Identifiable Information", like name, email, phone, age range, and pronouns.
#privacy
#answers #data #security
GDPR Update From DPO Office: General Data Protection Regulation
https://palupnow.com/blogs/f/gdpr-update-from-dpo-office-general-data-protection-regulation
#Microsoft raising #Insecurity AGAIN
TOTAL #RECALL ^2
#Arstechnica #DanGoodin raises a good point, it is not only YOUR computer that you need worry about but anyone else who processes your #PII or anything you send them and isnt willing or able to opt out.
Its the same crap as when Whatscrapp was all the rage and no one gave a damn about it harvesting their address books.. but on a much larger and insidous scale.
What a nightmare..
Why you should use full-disk encryption
If any of the arguments I make below apply to you, you should use full-disk encryption. I am pretty sure the first argument applies to everyone. The second argument applies at least to everyone in the EU and the US state of California. The third argument applies to everyone again.
You will fail to delete drives properly
Storage media get lost. Most people do not know how to properly delete hard disk content before selling them, or they forget it. In the case of flash drives, or SSDs, standard tools like shred don't work. hdparm may do the trick, but this is not well known. If you are lucky, the manufacturer of you SSH provides a Windows app that lets you delete it securely. Your server does not run on Windows of course.
The law demands it
#GDPR and similar data protection and privacy laws require you to store no #PII (personal data) permanently. You have to anonymize PII or delete it after a few weeks. IP addresses are PII. All servers store IP addresses by default. The GDPR also demands that you use state-of-the-art technology to protect sensitive data. Full disk encryption is the state of the art.
Law enforcement makes "mistakes"
I'm a board member of @Artikel5eV, an organisation that runs relays on the Tor network, including exit relays. Running Tor relays is perfectly legal in Germany. Nevertheless, law enforcement agencies have raided the homes of Artikel 5 e.V. board members twice. Illegally so, as a court confirmed recently. I won't run Tor relays in my home, but there is a good chance that my home will be raided one day unless all police officers and prosecutors decide to obey the law.
There is also a possibility that the rule of law might collapse in your country sooner or later. We are just witnessing it in the USA.
You already mentioned that ordinary thieves can also be a problem.
Encryption is available for free
So what is your case against disk encryption? It is obvious that it alone does not solve all IT security issues, but it is an important building block. #LUKS is reliable free and open-source software for HD encryption. If you are not using Linux, check out #VeraCrypt. The Raspberry Pi 5 comes with hardware acceleration for AES, so there no longer is a noticeable performance penalty for encryption.
Years ago, before the massive increase in #data harvesting of #PII I told people they need to keep a lid on their data.
I told them they don't know how it will be used in years to come, I said it could be used for profiling.
This is the same reason to not get a #DNA test
Well here it is. The worst #profiling has to offer.
This is #minorityreport level crime prediction.
You can bet this will be on the #police internal record, "Suspected likely murderer".
At #PalUpNow! #Rides
, we anonymize profiles to keep your #data #private.
While we allow #search, #sort and #filter on our anonymized profiles, your #PII (Personally Identifiable Information, like name, email, phone, age group and pronouns) don't float around on the web.
#help
#data #privacym...PalUpNow! Rides - Ride Pals Help With Rides and Life Essentials
https://palupnow.com/blogs/f/buddy-up-with-a-ride-buddy
Threat Actor Claims to Leak 600K Records from Spanish Robinson Database https://dailydarkweb.net/threat-actor-claims-to-leak-600k-records-from-spanish-robinson-database/ #corporatedata #DataBreaches #PersonalData #sortmuni #Company #Spain #PII
#DOGE accesses federal #payroll system and punishes employees who objected
The system at the #Interior Department gives DOGE "visibility into sensitive employee information, such as #SocialSecurity numbers, and the ability to more easily hire and fire workers,"
#ssn #privacy #interiordepartment #pii
An MSPAINT malicious actor is possibly selling data from an Ecuadorian university on a hacking forum.
Personal data of students, former students, and professors is being sold for 200 XMR (Monero).
What do you have to say, Oracle?
Oracle has reportedly suffered 2 separate breaches exposing thousands of customers‘ PII
Security-focused people … my friend was recently in a maternity hospital and the hallway was covered in cute leaf and flower decals, each containing the full name and birthdate of a child who'd been born there.
… is this a good idea?
Anyone who has applied to #NYU in the past 15 years should be aware that their #PII has been #leaked earlier today; see https://nyunews.com/news/2025/03/22/nyu-website-hacked-data-leak/. The public release includes names (not redacted despite claim otherwise), place of birth, city of residence, racial and immigration markers, past education, as well as programs and decisions; addresses and #SSN's are redacted which implies possession by the hacker as well. FREEZE YOUR CREDIT NOW!
In an interview Fri, Dudek argued that the judge’s ruling was *overly broad* & that a reference to “DOGE affiliates” could apply to all employees who access personally identifiable info, or #PII, because they are obligated to cooperate w/ #DOGE.
Dudek said the agency plans to file an affidavit as soon as Fri asking Hollander to clarify language in her ruling….
“Everything in this agency is PII. Unless I get clarification, I’ll just start to shut it down. I don’t have much of a choice here.”
@briankrebs is there any evidence that #DOGE is releasing citizens #PII intentionally or otherwise that is being used by #cybercriminals to engage in #identitytheft?
APIs often handle vast amounts of Personally Identifiable Information (#PII), which makes them prime targets for API data exfiltration. 
So, it's no surprise that #API-based attacks with the aim of stealing sensitive data have increased over time. Many orgs also lack visibility into which APIs are handling PII, which leaves them with massive #security blind spots. 
What should orgs do about this? Let's take a closer look at:
The growing risks of PII exposure in API traffic
The methods attackers use to exfiltrate data
How the new release of Graylog API Security 3.7 can help
https://graylog.org/post/apis-the-silent-highway-for-sensitive-data/ #APIsecurity #APIs #cybersecurity
'Uber for nurses' exposes 86K+ medical records, PII via open S3 bucket
