- Gravy Analytics is being sued for failing to guard private knowledge
- The go well with comes after 17TB of data have been allegedly stolen from the agency
- The hack on an information dealer has sparked 4 lawsuits to this point
A criticism has been filed within the federal courtroom of Northern California outlining allegations that knowledge dealer Gravy Analytics has didn’t correctly safeguard huge quantities of non-public knowledge, which can now have been stolen.
That is the fourth such lawsuit since January 2025, when screenshots have been posted to Russian cybercrime discussion board XSS fuelling fears {that a} staggering 17TB of data have been swiped from the analytics agency’s AWS S3 storage buckets.
This breached data places the privateness of hundreds of thousands in danger, and descriptions the large threat when private knowledge is harvested and saved by personal corporations.
This week’s go well with alleges an enormous archive of geo-locations from smartphone gadgets – right here’s what we all know to this point.
Inadequate knowledge safety
Arguing the agency had an obligation to guard the information it collected and saved, the lawsuit factors to the danger of identity theft for anybody whose data was compromised.
The newest criticism, reported by The Register, alleges “the hacked Gravy Analytics knowledge included tens of hundreds of thousands of cell phone coordinates of gadgets contained in the US, Russia, and Europe, obtained by people’ use of main cellular functions resembling Tinder, Grindr, Sweet Crush [and more”.
The first breach was reported in early January 2025 after a hacker threatened to publish stolen location data, customer lists, and personal information harvested by Gravy Analytics and stolen in a huge hack.
Gravy Analytics has since been banned by the FTC from selling sensitive location data, alongside its subsidiary Venntel, after the FTC alleged the two violated the FTC Act by ‘unfairly selling sensitive consumer location data, and by collecting and using consumers’ location data without obtaining verifiable user consent for commercial and government uses.’
There are plenty of popular apps which collect your data, and often this is sold on to brokers for profit. Because a lot of this collection occurs through the ‘advertising ecosystem’ rather than a code the app creators themselves develop, this data collection is ‘likely happening without users’ or even app developers’ knowledge’.
The collection of personal information by the data broker industry comes with some serious risks and the industry is largely unregulated in the US, so the protections provided by laws like GDPR don’t apply.
The specific details of the hack aren’t yet known, but keeping your organization safe is about anticipating and preparing for a potential attack, says Pierre Noel, Field CISO EMEA at Expel.
“The solutions to prevent a major security incident are well known- adequate protection, detection, and swift incident response. However, the real challenge lies in human nature: we instinctively believe cyberattacks only happen to others, rather than ourselves”.
Take control of your data
If you regularly use the internet, unfortunately, it’s pretty likely that your information has fallen into the hands of a third party, whether it’s a company you use and gave permission to, appeared in a data breach, or whether it’s been sold on legally to a broker.
“Data Privacy Day serves as a crucial reminder to safeguard sensitive information in an era where data dominates” comments Dr Ellison Anne Williams, CEO and founder of Enveil.
“As we navigate an increasingly interconnected world and transformative technologies such as AI grow their foothold in the digital economy, finding ways to protect data privacy and mitigate risk will be essential.”
Because of this, a market has opened up for the best personal data removal services, which can be a really powerful tool in helping you scrub you or your employees safe by removing your information from data brokers.
If you’re in the EU or UK and are protected by GDPR but still want to completely disappear your online persona – we still have some tricks for you.
The first is to delete your social media accounts. As much as you might enjoy scrolling, the Cambridge Analytica scandal told us that social media platforms have been used to harvest your data and map out your personal relationships and personality – so if you really value your privacy, the socials have to go.
Once those are gone, you’ll need to scour through your other accounts. Innocuous accounts like shopping sites or dating profiles will more than likely be monitoring your purchases or selling your demographic information, so removing these is also key. A great tip is to search your inbox for ‘sign-up’ or related phrases to get a reasonably accurate list to work from.
Going forward, staying anonymous online will be much easier with a Virtual Private Network (VPN). These essentially encrypt your internet traffic so that your browsing history isn’t recorded, and hides your IP address, so your location can’t be shared. We’ve listed the best VPN services to keep yourself safe.
You might also like
Source link
