Examples of Abuse

Almost everyday a company or government abuses your data. Whether these abuses are intentional or the result of error, we must learn from these abuses so that we can better build tomorrow's policies and technologies. This resource is an opportunity to learn that this has all happened before, as well as a tool to query these abuses.

Please contact us if you think we are missing some key stories.

 

In a study of COMPAS, an algorithmic tool used in the US criminal justice system , Dartmouth College researchers Julia Dressel and Hany Farid found that the algorithm did no better than volunteers recruited via a crowdsourcing site. COMPAS, a proprietary risk assessment algorithm developed by
In November 2018, a UK Gambling Commission audit found that the number of problem gamblers aged 11 to 16 had quadrupled to 55,000 over two years, 70,000 children were at risk, and 450,000, or one in seven, children aged 11 to 16 bet regularly, spending, on average, £16 a week on fruit machines
In 2015, IBM began testing its i2 Enterprise Insight Analysis software to see if it could pick out terrorists, distinguish genuine refugees from imposters carrying fake passports, and perhaps predict bomb attacks. Using a scoring system based on several data sources and a hypothetical scenario, IBM
In 2015, The Intercept obtained documents showing that the Mall of America in Bloomington, Minnesota used a fake Facebook account to friend and monitor local Black Lives Matter activists, and collect their personal information and photographs without their knowledge. The account was discovered in a
Researchers at Princeton University have shown that a vulnerability identified 11 years ago in the password managers built into web browsers can be exploited to allow third parties to track users across more than a thousand websites. The attack depends on the managers' autofill capability, and works
After the January 6 insurrection at the US Capitol, the Department of Homeland Security expanded its monitoring of online activity and set up a new intelligence branch to counter domestic terrorism, including tracking platforms that have been linked to threats and “narratives known to provoke
Two of the most notorious malware outbreaks of 2017 were the ransomware WannaCry and the wiper malware NotPetya. Both relied on the NSA's EternalBlue exploit of the Microsoft Server Message Block, which was leaked online by the hacker group The Shadow Brokers. Along with EternalBlue, The Shadow
13 Jan 2000
In 2000, Experian entered into a consent decree with the Federal Trade Commission and agreed to pay $1 million to settle charges that the company blocked and delayed incoming phone calls from consumers wishing to discuss the contents of and possible errors in their credit reports. Under the Fair
03 Mar 2003
In 2003, the New Hampshire Supreme Court ruled that information brokers and private investigators may be liable for the harms caused by selling information. In the case in question, Amy Boyer, a young woman, was murdered by Liam Youens, a stalker. Youens obtained her information from Docusearch
30 Jul 2003
In 2000, and then again in 2003, the US Federal Trade Commission fined Equifax for blocking phone calls from consumers trying to get information about their credit or discuss their reports or making them wait for extended periods of time in violation of the Fair Credit Reporting Act. In 1996
08 Aug 2003
In 2003, Acxiom announced that law enforcement officials had notified the company that it had been hacked, and that the attacker had intercepted information in transit between the company and some of its clients via a File Transfer Protocol (FTP) server located outside the company's firewall. The
23 Sep 2003
In 2003, the Electronic Privacy Information Center, Privacy Rights Clearinghouse, and PrivacyActivism filed complaints with the US Federal Trade Commission alleging that JetBlue Airways and Acxiom engaged in deceptive trade practices by supplying personal information about consumers to the Alabama
17 Nov 2003
In 2003, the for-profit privacy company Private Citizen, which helps paying consumers unsubscribe from telemarketers' lists and direct mailing offers, found that Acxiom had begun rejecting the batches of opt-out notices the service sent on behalf of its subscribers. Acxiom insisted that each person
21 Jul 2004
In 2004, the US Department of Justice investigated the theft of 8.2GB of personal data from File Transfer Protocol (FTP) servers belonging to Acxiom between 2002 and 2003. The case was thought to represent the largest case of data theft at the time. Scott Levine, the owner of the email spamming
01 Jan 2005
As early as 2005, Experian began suggesting that its Mosaic consumer classification system, used by retail chains to tailor their stock for local populations could be used by political parties for campaigning. Based on work by Richard Webber, a visiting professor at University College London, Mosaic
21 Feb 2007
In 2007, Experience agreed to pay $300,000 to settle a Federal Trade Commission complaint that the company's ads for a "free credit report" failed to explain clearly enough that consumers who signed up would be enrolled in a credit-monitoring programme costing $79.95 per year. The FTC alleged that
01 Apr 2007
DoubleClick was one of the first companies set up to sell display advertising on the web. Set up in 1996, it went public in 1998, and in 1999 merged with the data collection company Abacus Direct. In response to a 2001 US Federal Trade Commission investigation of the proposed merger, DoubleClick
20 May 2009
In May 2009, University of Cambridge computer science researcher Joseph Bonneau discovered as part of his research that many social network respond to user requests to delete photographs by hiding them while remaining them on their servers. Among the worst offenders were Facebook, MySpace, Bebo, and
23 Nov 2009
The rise of social media has also been a game changer in the tracking of benefits claimants. Back in 2009, the case of Nathalie Blanchard a woman in Quebec who had lost her disability insurance benefits for depression because she looked “too happy” on her Facebook pictures had made the news. https:/
08 Feb 2010
In 2010, customers of the online shoe retailer Zappos, which was acquired by Amazon in 2009, began noticing that recommendations for products they had viewed on the site were following them around the web. The culprit was a then-new practice known as "retargeting", which uses cookies to identify