Texas Department of Insurance clarifies the facts surrounding the data incident. US senators are calling for an investigation into the facial recognition company. A South African pharmacy suffers a data breach of its customers. A high school student denounces a leak of student data.

In one look.

  • Texas Department of Insurance clarifies the facts surrounding the data incident.
  • US senators are calling for an investigation into the facial recognition company.
  • A South African pharmacy suffers a data breach of its customers.
  • A high school student denounces a leak of student data.

Texas Department of Insurance clarifies the facts surrounding its data incident.

The Texas Department of Insurance (TDI) distributed a fact sheet which clarifies a data incident suffered by the agency earlier this year: “In January 2022, TDI discovered that the problem was caused by a programming code error that allowed the Internet to access a protected area of ​​the application. TDI promptly disconnected the web application from the Internet. After correcting the programming code, TDI brought the web application back online. The forensic investigation could not conclusively rule out that certain information of the web application had been viewed outside of TDI. This does not mean that all information has been viewed by persons outside of TDI. We could not exclude access, we have taken steps to inform those who may been hit.” Although the data may have been accessed by unauthorized personnel, TDI investigated and found that “there is no evidence to date that there has been any misuse of the information.”

US senators are calling for an investigation into the facial recognition company.

A group of US Senate Democrats has sent a letter to the Federal Trade Commission (FTC) urging it to investigate ID.me, an identity verification company whose founder allegedly made “misleading claims” regarding personal data. facial recognition collected on behalf of Internal Revenue. department (IRS). KrebsOnSecurity Explain that until recently, the IRS required anyone seeking a new IRS account online to provide a live video selfie to ID.me for identity verification. collected. The main concern is the difference between “one-to-one” verification, which compares a video selfie to an image (e.g., driver’s license), and “one-to-many”, which compares the face to a database. potential matches. The senators’ letter explains that “the use of one-to-many recognition means that millions of innocent people will have their photos endlessly interrogated as part of a digital ‘queue.’ Not only does this violate individuals’ privacy, but the inevitable mismatches associated with one-to-many recognition can result in applicants being wrongly denied services they desperately need for weeks or even months as they attempt to have their case reviewed.

The senators also note that flaws in the facial recognition algorithm disproportionately impact people of color. Although the IRS announced in February that it would no longer require biometric data from taxpayers seeking to create an account on the agency’s website and pledged to delete all data previously shared with ID.me , the agency is still offering new account applicants the option to use ID. me for verification. In response to the senators’ letter, ID.me released a statement highlighting its successful support of government agencies. “Five state workforce agencies have publicly credited ID.me with helping prevent $238 billion in fraud,” the statement said. “We look forward to cooperating with all relevant government agencies to clear up any misunderstandings.”

A South African pharmacy suffers a data breach of its customers.

Dis-Chem, South Africa’s second largest pharmacy retailer, has disclosed that a data breach exposing the personal data of more than 3.6 million customers resulted from an unauthorized party gaining access to a third-party database. Infosecurity Magazine Explain that Dis-Chem hired the third-party service provider to manage certain managed services, and that the provider created the database to store some of the customer data it processed. “It came to our attention on May 1, 2022 that an unauthorized party had gained access to the contents of the database. Upon being made aware of the incident, we immediately initiated an investigation into the matter and to ensure appropriate steps were taken to prevent any further incidents,” the Dis-Chem statement read. Compromised data includes first and last names, email addresses and mobile phone numbers.

A high school student denounces a leak of student data.

A US high school newspaper uncovered a data breach in which thousands of student data files were inadvertently exposed to students and employees. Chamblee High School senior Keegan Brooks said that by using Microsoft 365 he found he was able to access student information such as school records, class transcripts, records disciplinary records, medical forms, social security numbers, and standardized test scores from DeKalb County schools. District (DCSD). Brooks reported the issue to school newspaper The Blue and Gold and notified the district in March, but said school officials were slow to resolve the issue. “More than two months later, there are still issues that are unresolved, still widely accessible things that shouldn’t be,” Brooks said. The district says a subsequent investigation found the breach was caused by employees’ mishandling of data, and they hired an outside vendor to assess the full extent of the problem. “If it is determined that stakeholders have had – or may have had – access to their information by unauthorized individuals, DCSD will promptly notify such individuals as required by law,” the district said. Told the Atlanta Journal-Constitution.