Facebook has been using patient medical information without consent despite promising never to do so. NHS trusts are sharing details about how installing the Meta Pixel on their website is in fact allowing Facebook to use their data, without the website owners knowing.
“Information extracted by Meta Pixel can be used by Facebook’s parent company, Meta, for its own business purposes – including improving its targeted advertising services.”
Here are some examples of how Facebook is exploiting their users’ data:
“Alder Hey Children’s trust in Liverpool, sent Facebook details when users visited webpages for sexual development problems, crisis mental health services and eating disorders. It also shared data when users clicked to order repeat prescriptions.
The Royal Marsden, a specialist cancer center, sent data on patients requesting referrals, viewing information about private care and browsing pages for particular cancer types.” (theguardian)
My thoughts: It’s important to note that the facilities are unknowingly sending this information to Facebook. Considering Meta was recently fined for over $1.3 billion, there is a high probability they will be fined again. How many fines will teach them a lesson?
Managed Care of North America (MCNA) Dental were breached in February 2023. Personal information of almost 9 million people was stolen. The information included addresses, social security numbers, driver’s license number and a lot more. Ransomware gang, LockBit, claimed to be responsible for the attack. They stole 700GB of sensitive data and demanded $10 million in ransom. On April 7, 2023, LockBit released all the information on its website, making it available for anyone to download. (bleepingcomputer)
My thoughts: For those of us who live and breath this daily, breaches and hacks are part of the game. Protecting the enterprise and the data is a very difficult task. Is there a perfect enterprise out there? No. Are there ways to minimize your risk and ensure you are acting responsibly? Yes!
From a personal perspective, share as little data as possible online and be sure to use strong authentication across all your platforms. From an enterprise perspective, know what data you collect, how you collect it, who has access to it and be transparent with those who entrust data with you. At risk of sounding cliché… it’s not if, but when.
In 2022, The Met Opera were hacked, exposing the information of 45,000 patrons and employees.
“For approximately two months, The Met failed to detect an intruder with access to and possession of The Met’s current/former employees and consumers’ data,” the suit said. “It took a complete shutdown of The Met’s website and box office for The Met to finally detect the presence of the intruder.”
It was mentioned that the opera were hit with attacks twice last year. (nydailynews)
My thoughts: I don’t think The Met Opera is going to win this lawsuit. They were already hit with attacks and breached. Why didn’t they increase their vigilance and put the necessary security measures in place? It is a known fact that hackers are likely to hit your organization again, especially when they are successful.
US debt collector, NCB Management Services suffered a ransomware attack in early February 2023, exposing the data of over 1.1 million people. The company discovered the breach three days after the incident, with forensic analysis revealing that financial account numbers, payment card numbers, and their associated security details had been accessed. NCB implied that it paid the ransom, claiming to have "obtained assurances" that the unauthorized party no longer had access to their data. The company is offering two years of free identity theft monitoring services to its users. (techradar)
My thoughts: It's worth noting that paying ransoms is discouraged by many experts including law enforcement. Remember you are negotiating with criminals. There is no guarantee that you will recover your data and that a copy of it wasn’t made to sell on the black market.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.