Examples of Abuse

Almost everyday a company or government abuses your data. Whether these abuses are intentional or the result of error, we must learn from these abuses so that we can better build tomorrow's policies and technologies. This resource is an opportunity to learn that this has all happened before, as well as a tool to query these abuses.

Please contact us if you think we are missing some key stories.

 

09 Jun 2017
French spy agency Direction Générale de la Sécurité Intérieure in December 2016 for 10 million euros signed a contract buying access to Palantir’s Gotham software. French politicians have voiced concerns over the software as France pushes to become more technologically independent. Publication: EU
15 Jun 2017
In 2017, Amazon was granted a patent has been granted a patent, first filed in 2012, on a mechanism that allows retailers to intercept network requests such as URLs and search terms on in-store wifi and either block shoppers from conducting online price comparisons or offer them discount coupons or
22 Jul 2017
Scientists at MIT have created an algorithm called "EQ Radio" that detects and measures individual heartbeats and therefore individuals' emotions by bouncing radio frequency signals - such as ordinary wifi- off of people. The algorithm works the same as an electrocardiogram but needs no leads to be
31 Jul 2017
In 2017 the Electronic Privacy Information Center filed a complaint with the US Federal Trade Commission asking the agency to block Google's Store Sales Measurement service, which the company introduced in May at the 2017 Google Marketing Next event. Google's stated goal was to link offline sales to
07 Aug 2017
A federal class-action lawsuit filed in California in July 2017 alleges that in violation of the Children's Online Privacy Protection Act (COPPA) and without parental permission, the Walt Disney Company secretly collects personal information about some of its youngest customers and shares it
10 Aug 2017
In October 2017, researcher Brian Krebs discovered that a service provided by Equifax's TALX division, The Work Number, made it possible for anyone equipped with an individual's Social Security Number and date of birth to access that person's detailed salary and employment history. Because of the
11 Aug 2017
In November 2017, an investigation of Equifax's Work Number database, owned by the company's TALX division, found that it contains over 296 million employment records including employees at all salary levels. Every week the database receives current payroll data on about a third of the working US
21 Aug 2017
Sonos, which makes connected home sound systems, has told its customers that they will not be able to opt out of a new privacy policy launched in August 2017 that allows the company to begin collecting audio settings, errors, and other account data. Customers can opt out of sending some types of
22 Aug 2017
In August 2017, it was reported that a researcher scraped videos of transgender Youtubers documenting their transition process without informing them or asking their permission, as part of an attempt to train artificial intelligence facial recognition software to be able to identify transgender
24 Aug 2017
Every Tesla vehicle is a mobile data collector incorporating built-in sensors that constantly record information about the car's environment and the way the driver navigates through it. The result is to inspire established automakers such as General Motors, Volkswagen, and Nissan-Renault to follow
04 Sep 2017
The UK Information Commissioner's Office has published policy guidelines for big data, artificial intelligence, machine learning and their interaction with data protection law. Applying data protection principles becomes more complex when using these techniques. The volume of data, the ways it's
07 Sep 2017
On September 7, 2017, the credit scoring company Equifax announced that between mid-May and July 2017 its database of consumer records had been hacked. Eventually, in a filing with the Securities and Exchange Commission following demands from US senators, the company provided detailed statistics of
07 Sep 2017
Days after Equifax discovered its data breach in July 2017 but before the breach was announced publicly in September, three of its top executives including the chief financial officer sold nearly $2 million worth of shares. The company told the Securities and Exchange Commission that the sales
11 Sep 2017
In September 2017, the Spanish national data protection regulator fined Facebook €1.2 million, alleging that the company collected personal information from Spanish users that could then be used for advertising. The investigation, which took place alongside others in Belgium, France, Germany, and
11 Sep 2017
On September 11, 2017, while Florida residents were evacuating during the approach of Hurricane Irma, Tesla rolled out a real-time software update that increased the battery capacity of some of its Model S sedans and Model X SUVs. The update extended the vehicles' range, enabling drivers to travel
15 Sep 2017
In September 2017, unrelated to the massive data breach the company simultaneously announced, Equifax withdrew its mobile apps from Apple's App Store and Google Play because of security flaws that meant that data transferred between users and Equifax was not encrypted in transmission. Given the
21 Sep 2017
In 2017 a free online service offered by Experian was found to be allowing anyone to request the PIN needed to unlock a previously-frozen consumer credit file. Freezing the file is intended to secure such accounts against tampering and fraud. To get an unlocking number, visitors needed to provide
04 Oct 2017
In 2017, after protests from children's health and privacy advocates, Mattel cancelled its planned child-focused "Aristotle" smart hub. Aristotle was designed to adapt to and learn about the child as they grew while controlling devices from night lights to homework aids. However, Aristotle was only
12 Oct 2017
Some of the Google Home Mini units distributed before release to the tech press and at "Made By Google" events had a defective touch panel. The devices were meant to turn on recording only when the owner woke it up with "OK, Google" or applied a long press to the centre of the touch panels. Instead
12 Oct 2017
In October 2017, the Equifax website was infected by malware that redirected visitors to a page that delivered fraudulent Adobe Flash updates that infected visitors' computers with adware. The company took down the affected pages after it was notified. Investigation showed that the malicious