Search
Content type: Examples
On September 7, 2017, the credit scoring company Equifax announced that between mid-May and July 2017 its database of consumer records had been hacked. Eventually, in a filing with the Securities and Exchange Commission following demands from US senators, the company provided detailed statistics of what was exposed: name, date of birth, and social security number for more than 145.5 million Americans; and further details such as address, gender, phone number, and driver's licence number…
Content type: Examples
In September 2018, Acxiom introduced an open data framework intended to create an omnichannel view of the people in its database. The company claims this "unified data layer" will let customer companies connect their marketing technology and ad technology ecosystems and connect the online world to the offline world,
https://www.mediapost.com/publications/article/325012/acxiom-launches-tool-for-linking-martech-and-ad-te.html
tags: Acxiom, credit scoring, linking, marketing, advertising…
Content type: Examples
In 2017, a group of data brokers led by Acxiom, AppNexus, and MediaMath, and including Index Exchange, LiveIntent, OpenX, and Rocket Fuel,
launched a consortium to make targeted programmatic advertising more widely available. Part of the consortium's goal is to enable the companies involved to compete better with Google's Ad words and Facebook's ad platform, which together account for 48% of all digital advertising spend. The consortium also intended to create a common omnichannel, people-…
Content type: Examples
In December 2012, the US Federal Trade Commission opened an investigation into data brokers' privacy practices, requesting information from nine companies: Acxiom, Corelogic, Datalogix, eBureau, ID Analytics, Intelius, Peekyou, Rapleaf, and Recorded Future. The FTC sought information about: the nature and sources of the consumer information the data brokers collect; how they use, maintain, and disseminate the information; and the extent to which the data brokers allow consumers to access and…
Content type: Examples
In 2003, the Electronic Privacy Information Center, Privacy Rights Clearinghouse, and PrivacyActivism filed complaints with the US Federal Trade Commission alleging that JetBlue Airways and Acxiom engaged in deceptive trade practices by supplying personal information about consumers to the Alabama-based information mining company Torch Concepts without the knowledge or consent of those consumers. EPIC argued that the FTC should investigate and enjoin these activities, which it believed were in…
Content type: Examples
In 2013, 44 years after Acxiom went into business selling consumer data, the company opened a website, aboutthedata.com, to allow Americans to see the data the company holds about them and make it easier to opt out of tracking. However, using the site requires visitors to input a substantial amount of personal information for authentication; the results of these searchers omit many of the data elements Acxoim sells its customers; the privacy policy allows the company considerable latitude in…
Content type: Examples
In 2003, the for-profit privacy company Private Citizen, which helps paying consumers unsubscribe from telemarketers' lists and direct mailing offers, found that Acxiom had begun rejecting the batches of opt-out notices the service sent on behalf of its subscribers. Acxiom insisted that each person was required to contact the company individually, apparently on the basis that each should hear the company's pitch for staying in its database. Aciom's membership of the Direct Marketing Association…
Content type: Examples
In 2012, Acxiom's database was reported to be the largest commercial database on consumers in the world, containing approximately 1,500 data points, or "elements", for each of the 500 million active consumers worldwide and processing more than 50 trillion data transactions per year. Each of the individuals in its database is slotted into one of 70 specific socioeconomic clusters as an attempt to predict what they will buy and what types of persuasion they will respond to. In its latest fiscal…
Content type: Examples
In April 2018, Facebook announced that in six months it would end a programme it called "Partner Categories", in which the social network acted as a bridge between data brokers like Acxiom, Epsilon, and TransUnion and the consumers their customers want to reach. In this deal, Facebook did not actually sell the data it collects; instead, it targeted ads to the lists of people the data brokers uploaded. Facebook users can see the results for themselves by going to their privacy settings and…
Content type: Examples
In 2016, Acxiom announced a deal with the media delivery company Valassis, a subsidiary of Harland Clarke Holdings Corp, intended to provide marketers with better post-campaign analytics. The linkage of the two companies was intended to "provide an integrated view of a consumer's purchase behaviour" by integrating Acxiom's people-based recognition tools with Valassis' services to advertisers, such as targeting its customers' most influential and valuable shoppers.
http://www.valassis.com/about…
Content type: Examples
In 2004, the US Department of Justice investigated the theft of 8.2GB of personal data from File Transfer Protocol (FTP) servers belonging to Acxiom between 2002 and 2003. The case was thought to represent the largest case of data theft at the time. Scott Levine, the owner of the email spamming company Snipermail, was indicated on 144 offences in connection with the attack, and was eventually found guilty of 120 of them and sentenced to jail for eight years. In all, Levine and Snipermail were…
Content type: Examples
In 2014, Acxiom's chief product and engineering officer, Phil Mui, described the system the company had been building to link individuals' activities across the many channels, devices, and applications they use. A single individual may accumulate four different personas via 24 cookies across six different devices; Acxiom's goal was to unify these. The company holds some 5,000 pieces of customer data for each of the 700 million individual consumers in its database.
https://www.mediapost.com/…
Content type: Examples
In 2003, Acxiom announced that law enforcement officials had notified the company that it had been hacked, and that the attacker had intercepted information in transit between the company and some of its clients via a File Transfer Protocol (FTP) server located outside the company's firewall. The hacker, later identified as Daniel Baas and prosecuted, had access to passwords and data files belonging to Acxiom customers for two years, from January 2001 to January 2003.
https://www.…
Content type: Examples
Google announced on October 8 having discovered a vulnerability in the Google+ API which has been open since 2015. This vulnerability allowed third-party developers to access data for more than 500,000 users, including their usernames, email addresses, occupation, date of birth, profile photos, and gender-related information. While Google only retains 2 weeks of activity logs and cannot assert the exact reach of the breach, it believes that up to 438 applications had access to these data.…
Content type: Examples
Facebook-owned Onavo VPN (adertised as a way to block harmful websites, and keep a user's data safe) is pulled from the Apple App Store due to tracking, collecting, and analysing customers' usage data, including from other unrelated apps.
https://arstechnica.com/tech-policy/2018/08/facebook-violates-apples-data-gathering-rules-pulls-vpn-from-app-store/
Author: Valentina Palladino
Ars Technica
Content type: Examples
30 million users had their accounts breached, with a total of 90 million accounts reset after Facebook's "view as" feature leaked unique user account access tokens, allowing attackers to not only trivially impersonate any other user on the platform, but also to potentially automate the attack on a massive scale using their API.
This is of particular concern where these access tokens were used as a "Single Sign On" for third-party services who authenticate against Facebook. The…
Content type: Examples
There has been the spread of the linking of the patient identity cards of HIV positive patients, pushed for by the National Aids Control Organisation. While it is not compulsory, in November 2017 it was reported that some patients reported that they were denied treatment until they gave their Aadhaar number. This linking with Aadhaar has led to some HIV positive people dropping out of antiretroviral treatment programmes, for fear that their status would be leaked. Given that Aadhaar is…
Content type: Examples
In March 2018, a security researcher discovered that the state-owned utility company Indane had access to the Aadhaar database via an API, but they did not secure this way of entry. As a result, anybody was able to use this service to access details on the Aadhaar database about any Aadhaar number including an individual's name, and details of the bank accounts they had. This breach meant that it would be possible for someone to cycle through the trillions of possible Aadhaar numbers,…
Content type: Examples
In September 2018, a software patch was found by journalists to be widely available, that disabled or weakened the security features in the software used to enroll people on the Aadhaar databse, potentially from anywhere in the world. The patch was reportedly widely-available in WhatsApp groups, available for around $35USD. The demand for individuals to access the Aadhaar databse goes back to 2010, when private entities were allowed to enroll people in the Aadhaar database, to encourage…
Content type: Examples
In December 2017, it was revealed that the large telco Bharti Airtel made use of Aadhaar-linked eKYC (electronic Know Your Customer) to open bank accounts for their customers without their knowledge or consent. eKYC is a way of using data in the UIDAI database as part of the verification process, which Airtel made use of for the issuing of SIM cards, and also secretly opened bank accounts with their Airtel Payments Bank. More than 2 million accounts could have been opened, receiving more than…
Content type: Examples
In January 2018, journalists found that, for 500 rupees (around $7USD), they were able to buy on WhatsApp access to a gateway that allowed them to access the personal details connected to any of the entries on the Aadhaar database - by entering any Aadhaar number, they could see details like the name, address, phone number, and photograph of the individual associated with that Aadhaar number. They were also able to purcahse software to enable the printing of Aadhaar cards more than 100,000…
Content type: Examples
AirAsia engaged Palantir as a data science partner focused on “guest experience, inflight sales, route revenue, finance, security, flight operations, network planning, cargo, supply chain management, commercial and people development.”
Publication: AirAsia newsroom
Date: 8 August 2018
Content type: Examples
In 2013, Edward Snowden, working under contract to the US National Security Agency for the consultancy Booz Allen Hamilton, copied and leaked thousands of classified documents that revealed the inner workings of dozens of previously unknown surveillance programs. One of these was PRISM, launched in 2007, which let NSA use direct access to the systems of numerous giant US technology companies to carry out targeted surveillance of the companies' non-US users and Americans with foreign contacts by…
Content type: Examples
In May 2018, Google announced an AI system to carry out tasks such as scheduling appointments over the phone using natural language. A Duplex user wanting to make a restaurant booking, for example, could hand the task off to Duplex, which would make the phone call and negotiate times and numbers. In announcing the service, Google stressed its use of "speech dysfluencies" - that is, non-verbal syllables such as "um" and "er" to make the interaction sound more natural.
The system almost…
Content type: Examples
In 2017 the Electronic Privacy Information Center filed a complaint with the US Federal Trade Commission asking the agency to block Google's Store Sales Measurement service, which the company introduced in May at the 2017 Google Marketing Next event. Google's stated goal was to link offline sales to online ad spending. EPIC argued that the purchasing information Google collected was highly sensitive, revealing details about consumers purchases, health, and private lives, and that Google was…
Content type: Examples
DoubleClick was one of the first companies set up to sell display advertising on the web. Set up in 1996, it went public in 1998, and in 1999 merged with the data collection company Abacus Direct. In response to a 2001 US Federal Trade Commission investigation of the proposed merger, DoubleClick promised to keep those two databases separate; and in 2005 when the private equity firm Hellman & Friedman acquired it, that firm promised to operate the company as two separate divisions. In April…
Content type: Examples
In 2012 the US Consumer Watchdog advocacy group filed a complaint against Google alleging that the company had violated its 2011 consent decree with the US Federal Trade Commission in the case about Google Buzz. The complaint was based on February 2012 revelations that the site was failing to honour do-not-track settings in Apple's Safari web browser. The browser itself was set by default to refuse to accept third-party cookies, as these are often used to track users across the web. Google's…
Content type: Examples
In 2009, Spanish citizen Mario Costeja González objected to the fact that an auction notice from 1998, when his home was repossessed, was still accessible on the website of the Spanish newspaper La Vanguardia and the first thing people saw when they searched for him on Google. When the courts declined to order the newspaper to remove the announcement, Costeja asked Google Spain to stop linking to it in search results on his name. When Google did nothing more than forward the complaint to its…
Content type: Examples
In 2012, Google announced it would condense 70 different privacy policies into a single one that would allow the company to merge the data collected across all its services, including Maps, search, Android, Books, Chrome, Wallet, Gmail, and the advertising service provided by its DoubleClick subsidiary into a single database. The company claimed the purpose was to enable a better, more unified experience - for example, it said it would be able to deliver better search results by combining…
Content type: Examples
In 2010, increasing adoption of social media sites such as blogs, Facebook, Twitter, and Flickr led Google to develop Buzz, an attempt to incorporate status updates and media-sharing into its Gmail service. Users could link their various social media feeds, including Picasa (Google's photo-sharing service) and Reader (Google's RSS news reader), directly into Gmail. Via the integrated feed, Gmail users could see not only the content produced by those they followed, but those they didn't if their…