Today’s privacy briefing highlights a critical vulnerability in Notion’s AI agent, making it susceptible to data theft via prompt injection. We also cover a significant data breach at Harrods, affecting 430,000 customers, and Akira ransomware’s ability to bypass MFA on SonicWall VPNs. Stay informed about these pressing security threats and how to protect your data.
Top 5 Critical Privacy Alerts
- Abusing Notion’s AI Agent for Data Theft: Notion’s new AI agent is vulnerable to data theft via prompt injection due to access to private data and external communication capabilities. Read more
- Harrods suffers new data breach exposing 430,000 customer records: Hackers compromised a third-party supplier, stealing sensitive e-commerce customer information. Read more
- Akira ransomware breaching MFA-protected SonicWall VPN accounts: Threat actors are successfully logging in despite MFA, possibly via stolen OTP seeds. Read more
- 12 Myths About Automated Decision-Making Systems, per the EDPS: The EDPS issued a TechDispatch addressing common misconceptions about ADM systems. Read more
Privacy Laws & Regulations
- 12 Myths About Automated Decision-Making Systems, per the EDPS: The EDPS issued a TechDispatch addressing common misconceptions about ADM systems. Read more
Data Minimization & User Consent
- ChatGPT tests free trial for paid plans, rolls out cheaper Go in more regions: OpenAI is offering free trials for ChatGPT Plus and a cheaper GPT Go in Indonesia. Read more
Regulatory Fines & Enforcement Actions
- Protecting kids and adults online: The FTC and Utah Division of Consumer Protection announced a settlement with Aylo over distribution of child sex abuse materials. Read more
Security
- Harrods suffers new data breach exposing 430,000 customer records: Hackers compromised a third-party supplier, stealing sensitive e-commerce customer information. Read more
- Can We Trust AI To Write Vulnerability Checks? Here’s What We Found: Intruder tested AI’s ability to write vulnerability checks, finding it helpful but requiring human oversight. Read more
- Akira ransomware breaching MFA-protected SonicWall VPN accounts: Threat actors are successfully logging in despite MFA, possibly via stolen OTP seeds. Read more
AI Vulnerabilities
- Abusing Notion’s AI Agent for Data Theft: Notion’s new AI agent is vulnerable to data theft via prompt injection due to access to private data and external communication capabilities. Read more
- OpenAI is routing GPT-4o to safety models when it detects harmful activities: GPT-4o is routing requests to a safety model when harmful activities are detected. Read more
Phishing & Scams
- Ignore unexpected calls about loans you didn’t apply for: Scammers are sending voicemails about loans you didn’t apply for, hoping you’ll respond. Read more
- No, that’s not an FTC commissioner on the phone: Scammers impersonate FTC officials to get your money, but the FTC will never tell you to move your money. Read more
- Scammers are impersonating the United States Patent and Trademark Office: Scammers are impersonating the USPTO to steal money from business owners. Read more
- Thinking about selling your timeshare? Key steps to avoid scams: Be cautious of easy ways to sell your timeshare, as they could be scams. Read more
- Before you donate, find out where the money is going: The FTC says Kars-R-Us.com, Inc. lied about how donated money would be spent. Read more
- How to spot a job scam: Learn how to identify phony business opportunities, work-at-home scams, and shady employment agencies. Read more
- How to prepare yourself to deal with an emergency and avoid disaster-related scams: Have a plan and know how to spot disaster-related scams to aid recovery. Read more
