Yazılar

Australia’s Privacy Regulator Sues Optus Over Massive 2022 Data Breach

/in /tarafından

Australia’s privacy regulator, the Australian Information Commissioner (AIC), has filed a lawsuit against Optus, the Singapore Telecommunications-owned carrier, alleging violations of the Privacy Act 1988 related to a 2022 cyberattack that compromised personal data of nearly 9.5 million customers.

The lawsuit names both Singtel Optus Pty Ltd and Optus Systems Pty Ltd as defendants. The AIC claims a separate breach for each affected customer, with potential fines up to A$2.2 million per breach. However, the regulator has not disclosed the total fine amount sought. Optus is currently reviewing the claims but has not yet assessed the financial impact.

The September 2022 cyberattack is considered one of the worst data breaches in Australia’s history, exposing sensitive information including home addresses, passport details, and phone numbers. Around 10 million Australians—about 40% of the population—were affected, and many experienced a significant disruption to mobile, broadband, and landline services.

The breach sparked calls from Prime Minister Anthony Albanese for stronger privacy laws and faster breach notifications, especially to banks. Optus has also faced ongoing criticism due to a 12-hour nationwide network outage in 2023, leading to the resignation of then-CEO Kelly Bayer Rosmarin.

In addition to this legal action, Optus was taken to court by Australia’s domestic media regulator earlier in 2024 over the same cyberattack.

Judge Rejects Class Action Lawsuit Over Google Chrome Privacy Claims

/in /tarafından

A U.S. federal judge ruled on Monday that people alleging Google illegally collected their personal data from Google Chrome browsers without syncing with Google accounts cannot proceed with a class action lawsuit against Alphabet’s unit.

U.S. District Judge Yvonne Gonzalez Rogers in Oakland, California, agreed with Google that claims should be handled individually to determine if millions of Chrome users understood and consented to the company’s data collection policies.

“Inquiries relating to Google’s implied consent defense will overwhelm the damages claims for all causes of action,” the judge wrote. She dismissed the proposed damages class action with prejudice, barring it from being filed again. Additionally, Chrome users were denied the ability to seek policy changes as a group.

Google’s Vice President of Litigation, Sandi Knight, said the company appreciated the decision and noted that Chrome Sync includes clear privacy controls. Plaintiffs’ lawyer David Straite declined to comment.

The ruling follows a 2024 federal appeals court decision instructing Judge Rogers to assess whether reasonable Chrome users consented to Google collecting their data during browsing. Plaintiffs argued that Chrome’s privacy notice misled users by stating they “don’t need to provide any personal information to use Chrome” and that Google would only collect data if users enabled the sync feature.

Judge Rogers had previously dismissed the case in December 2022 but continues to oversee two other privacy lawsuits against Google with different claims. The appeals court decision came after Google agreed in 2023 to destroy billions of data records to settle a lawsuit related to tracking users in Incognito mode.

Case: Calhoun et al v Google LLC, 9th U.S. Circuit Court of Appeals, No. 22-16993.

Meta’s Lawsuit Against NSO Unveils Rare Details of Global Spyware Industry

/in /tarafından

Meta’s $168 million court victory against Israeli spyware maker NSO Group has not only concluded a protracted six-year legal battle but also offered an unprecedented look into the shadowy world of cyberespionage, where elite surveillance tools come with multimillion-dollar price tags and state-level buyers.

A California federal jury found NSO guilty of unlawfully hacking WhatsApp servers to target users on behalf of foreign intelligence agencies, awarding Meta both compensatory and punitive damages. The lawsuit, first filed in 2019, became a landmark case for digital privacy advocates and a rare legal showdown against a prominent spyware firm.

Top-Tier Spyware Comes at a High Cost

Testimony revealed that NSO charged European clients about $7 million for access to its spyware platform capable of hacking up to 15 devices simultaneously. For additional capabilities—like hacking phones outside of a client’s national borderscustomers paid up to $2 million more, according to Sarit Bizinsky Gil, NSO’s VP of global business operations.

Meta’s attorney Antonio Perez called the software highly sophisticated” and “extremely expensive,” underscoring the elite and dangerous nature of such tools.

Thousands of Devices Compromised

Between 2018 and 2020, NSO broke into thousands of devices, according to Tamir Gazneli, the company’s VP of R&D. He downplayed the term “spyware,” insisting the tools were used for “intelligence gathering,” not spying on people. In a tense exchange, Perez asked, You don’t consider the targets people, Mr. Gazneli?”a question that revealed how NSO distances itself from the ethical weight of its clients’ actions.

U.S. Agencies Paid Millions

Court records showed that the CIA and FBI collectively paid NSO $7.6 million. While prior media reports suggested U.S. involvement, this trial provided the first official financial confirmation, including a CIA-backed spyware purchase for Djibouti and FBI testing efforts.

NSO Continued Hacking During Litigation

Meta alleged that NSO continued to target WhatsApp servers even after the lawsuit was filed, saying the firm poses a significant threat of ongoing and prospective harm.” Meta is now seeking a permanent injunction to block NSO from accessing its platforms.

This case has not only highlighted the legal vulnerabilities of spyware vendors but also peeled back layers of secrecy surrounding government surveillance contracts, client relationships, and the massive scale of digital intrusions involved.