Examples of Abuse

Almost everyday a company or government abuses your data. Whether these abuses are intentional or the result of error, we must learn from these abuses so that we can better build tomorrow's policies and technologies. This resource is an opportunity to learn that this has all happened before, as well as a tool to query these abuses.

Please contact us if you think we are missing some key stories.

 

27 Dec 2018
In 2014, when the the far-right party of French politician Marine Le Pen needed cash, the loan of €9.4 million came from First Czech-Russian Bank, which was founded in the early 2000s as a joint venture between a Czech state bank and a Russian lender and went on to come under the personal ownership
28 Dec 2018
In December 2018, the Institute for Policy Research and Advocacy (ELSAM) warned that data misuse and voter behavioural targeting and micro-targeting could prove factors in the 2019 Indonesian general elections. Researcher Wahyudi Djafar cited examples from Kenya, where Cambridge Analytica had sent
28 Dec 2018
A November 2018 breach of a government-funded resettlement agency's database in South Korea allowed hackers, believed to be North Korean state security officials, to copy the personal information belonging to 997 North Koreans living in South Korea. Escaping to South Korea is considered an act of
08 Jan 2019
It was already known that law enforcement agencies can track phones to within 500 metres if they show service providers a warrant, but in January 2019, it became clear that the same real-time location data was being sold to a wide range of third parties, including car salesmen, property managers
09 Jan 2019
The US government created a database of more than 50 journalists and immigrant rights advocates, many of whom were American citizens, associated with the journey of migrants travelling from Central America to the Mexico-US border in late 2018. Officials from Customs and Border Protection (CBP)
09 Jan 2019
On January 9, 2019 the UK Information Commissioner's Office fined SCL Elections, also known as Cambridge Analytica, £15,000 for failure to comply with an enforcement notice the ICO issued in May 2018 ordering the company to respond in full to a subject access request submitted by US-based academic
10 Jan 2019
The miniature security camera maker Ring, which was acquired by Amazon in 2017 for a reported $1 billion, has a history of inadequate oversight of the data collected by those cameras on behalf of its customers. In 2016, it reportedly granted virtually unlimited access to its Ukraine-based research
14 Jan 2019
Despite Facebook's October 2018 rules intended to provide greater transparency about political ads, the sources of funding for UK political ads remained obscure in early 2019. when a network of hard-Brexit and people's vote campaigning groups spent more than £1 million on Facebook ads in the lead-up
15 Jan 2019
A vulnerability in Amadeus, the customer reservation system used by 144 of the world's airlines, was only superficially patched after a team reported the vulnerability in 2018. As a result, an attacker could alter online strangers' Passenger Name Records, which contain all the details of the
16 Jan 2019
In January 2019, Facebook announced it would extend some of the rules and transparency tools it developed for political advertising for upcoming spring elections in Nigeria, Ukraine, India, and the EU. In Nigeria, the site will bar electoral ads from advertisers outside the country where the
17 Jan 2019
In January 2019 Twitter revealed that it had discovered a security flaw in that meant that Android users who updated the email address linked to their account between November 2014 and January 2019 had inadvertently turned off the "protected" setting on their accounts so that their tweets could have
17 Jan 2019
In January 2019, Facebook' announced it had removed multiple pages, groups, and accounts coordinating inauthentic behaviour on Facebook and Instagram that were set up by two unrelated operations originating in Russia. One of these operated 364 pages and accounts was active in the Baltics, Central
22 Jan 2019
The vast majority of public benefits programs in the United States—Supplemental Security Income, Temporary Assistance for Needy Families, Medicaid, Children’s Health Insurance Program, Supplemental Nutrition Assistance Programs, the Earned Income Tax Credit, and Housing Assistance—do not take the
24 Jan 2019
By January 2019, more than 100 million women worldwide were using smartphone apps that began as period-tracking apps but were beginning to branch out into tracking other types of health data - and also to broaden their use of the data they collect in search or profit. Unlike medical establishments
27 Jan 2019
In January 2019, the British transparency NGO WhoTargetsMe, Mozilla, and the US investigative journalism site Pro Publica reported that recent changes in the social network's code were restricting their ability to monitor political ads on Facebook. The company said the changes were part of a
28 Jan 2019
As part of its planning for the 2020 Olympic Games, due to be held in Tokyo, Japan approved a law that would allow the government to conduct a survey to identify vulnerable Internet of Things devices. The National Institute of Information and Communications Technology staff who carry out the survey
29 Jan 2019
In January 2019 Apple briefly disabled the group functionality in its FaceTime video calling application after bug was discovered that allowed users to listen on the people they were calling when they did not pick up the call and also allowed some callers to see video of the person they were calling
31 Jan 2019
In late 2018, researchers at SINTEF Digital Norway, ETH Zurich, and Berlin's Technical University discovered a new and serious vulnerability in several generations of the cellular mobile communications protocols: 3G, 4G, and the upcoming 5G. The flaw affected Authentication and Key Agreement, which
31 Jan 2019
In January 2019, researchers reported finding two huge data dumps. Collection #1 contained passwords and usernames relating to nearly 773 million email addresses spread across about 2.7 spreadsheet rows in 12,000 files. Collection #2.5 contained 845GB of data and more than 25 billion records that
01 Feb 2019
In February 2019 the UK Information Commissioner's Office issued fines totalling £120,000 against the EU referendum campaign Leave.EU (£15,000 and £45,000) and Eldon Insurance (£60,000), trading as Go Skippy Insurance, for serious breaches of electronic marketing laws. The ICO also said it would