?? 2024-W42: Study Finds ChatGPT Can Perform Biometric Tasks, French News Agency AFP Hit by Cyber Attack, ICO fined Northern Ireland Police and more
Eli Atanasov, CIPP/E, PhD
?? I help businesses put their privacy compliance on autopilot, saving them time and money in the process.
Hi privacy navigators,
Here is the latest from the ???Privacy Navigator ?- your one-stop destination for everything privacy. Another week full of news and resources passed by.
In today’s edition:
Study Finds ChatGPT Can Perform Biometric Tasks: A Closer Look at Privacy Risks
What happened
A new study has revealed that ChatGPT can perform facial recognition, age estimation, and gender detection tasks with notable accuracy. The research was conducted by teams from the Idiap Research Institute, Mizani Research Institute, and the Norwegian University of Science and Technology (NTNU).
While ChatGPT is programmed to avoid answering prompts involving sensitive biometric information, such as facial data, the researchers were able to bypass its safeguards using crafted prompts.
This allowed them to test ChatGPT’s ability to recognize faces, estimate ages, and detect gender. According to their findings, ChatGPT showed considerable accuracy in distinguishing between two facial images and performed reasonably well in age estimation and gender detection.
The model was trained on datasets containing thousands of real and synthetic images, enabling it to handle biometric tasks like facial recognition. However, the researchers emphasized that the study also demonstrated the ease with whichprompt engineering can overcome the privacy safeguards embedded in ChatGPT.
This finding points to potential vulnerabilities in LLMs when it comes to protecting sensitive data like biometric information.
Read more here .
PRO TIP OF THE WEEK
Did you know that Privacy Navigator gives you much more than news in your inbox?
Research any topic using the Privacy Navigator in three easy steps:
Click the advanced search button below the search bar. If you want to make your search quicker you can start typing directly in the search bar.
2. Narrow down your search
For this example, let’s research data protection impact assessments [1]. After briefly browsing the resources, you can narrow them down by keyword [2], or resource type [3]. You can always reset the filters [4].
In this case, let’s show only guidelines.
3. ?Check the latest DPA decisions
To complete your research, you can find DPA decisions across the EU and the UK by using our Fine Tracker . Simply Select the country [1], sector [2], or the type of violation [3]. If you want a broader search, you can skip some of the filters.
The last step is to open the file by clicking “see more” [4].
All the above research tools are completely free. No subscription, no registration.
Swedish Bank Penalized €1.3 million for Transferring Customer Data to Meta
The French news agency Agence France-Presse (AFP) was hit by a cyber attackthat disrupted its content delivery infrastructure and file transfer systems.
AFP, which operates in multiple languages and employs over 2,400 people globally, has stated that while its core news coverage systems were unaffected, the attack impacted systems used for delivering real-time news feeds to its clients.
The breach involved unauthorized access to some clients’ FTP credentials, and AFP has urged its clients to reset their credentials to prevent further access. The motive for the attack remains unclear, though it could involve data theft, extortion, or disruption of operations.
AFP is working closely with the French National Agency for IT Systems Security (ANSSI) and law enforcement to investigate the incident and restore its systems.
While no direct link has been established, news agencies like AFP have previously been targets of state-sponsored attacks, particularly given France's firm stance on international issues like the conflict in Ukraine.
Read more here .
ICO Hits Northern Ireland Police with Fine Over Employee Data Breach
What happened
The Police Service of Northern Ireland (PSNI) was fined £750,000 by the Information Commissioner’s Office (ICO) following a significant data breach.
The breach occurred when PSNI mistakenly released a spreadsheet that exposed the personal details of all 9,483 officers and staff, including their surnames, initials, ranks, and roles. This sensitive information was made public in response to a freedom of information request.
The ICO's investigation revealed that PSNI’s failure to follow basic security procedures led to the data leak. These simple measures could have prevented the exposure of highly sensitive data, which caused great fear among officers and staff.
The ICO stressed that even under financial pressures, PSNI had a duty to protect its employees' personal information.
Despite the financial constraints PSNI cited in contesting the fine, the ICO insisted that negligent data handling must be punished. Without the reduction due to PSNI’s public sector status, the fine could have been £5.6 million.
Read more here .
Major US Telecoms Hacked by Chinese Group, Federal Surveillance System Compromised
What happened
A group of Chinese hackers, known as “Salt Typhoon”, has been implicated in a major cyberattack targeting US telecoms, including Verizon, AT&T, and Lumen.
The hackers allegedly gained access to a federal wiretapping systemused for lawful surveillance of suspected criminals, and may have had access to this system for months before being detected.
The breach allowed the hackers to gather information on Chinese surveillance targets tracked by US agencies. The scope of the breach is still under investigation, but it is believed that the attack may have also involved other internet service providers.
The hackers exploited zero-day vulnerabilities in telecom infrastructure, including unpatched Cisco routers, to carry out the attack. While the exact extent of the data accessed remains unknown, it is feared that the hackers may have gathered more than just surveillance data.
The FBI, along with security teams from Microsoft and Google’s Mandiant, is actively working to mitigate the breach and assess the full impact.
Read more here .
That's all for now, see you next week!
Eli
email:?[email protected]