Subsequently, Italian users were once again able to access OpenAI's ChatGPT service. "OpenAI explained that it had expanded the information to European users and non-users, that it had amended and clarified several mechanisms and deployed amenable solutions to enable users and non-users to exercise their rights," reads the press release. In a press release published April 28, the GPDP confirmed that OpenAI indeed had taken the right measures to comply with the order. The GPDP ended their press release stating that due to OpenAI having a designated representive in the EEA, they would have to comply with the order or risk facing a fine up to €20 million or 4% of the total worldwide annual turnover. ChatGPT is only meant for use by users aged 13 or above, per the OpenAI T&C. They also lashed out at the platform's lack of age verification, stating it "exposes children to receiving responses that are absolutely inappropriate to their age and awareness". ![]() "In its order, the Italian SA highlights that no information is provided to users and data subjects whose data are collected by Open AI more importantly, there appears to be no legal basis underpinning the massive collection and processing of personal data in order to ‘train’ the algorithms on which the platform relies," reads the press release from the Italian data protection authority. This was a result of the GPDP banning the chatbot with immediate effect, back in April.Īt the time, GPDP complained that OpenAI failed to live up to these three requirements: As you may have heard, OpenAI's ventures in ChatGPT were recently blocked from being accessed by Italian users. The issues between OpenAI's ChatGPT and the Italian Data Protection Authority continued this week. Italian OpenAI's issues with GDPR almost resolved But EIGHT times in 5 years really says something about the security, the culture, and the structure of T-Mobile as a company and supposed data protector. Had it just happened once every 3 years, it would have been less of an issue. ![]() If your SOC or SAC didn't detect a threat actor lurking around data for that long, they haven't had proper training, or your company lacks structure to the point where its main threat is itself. Here at LEVEL7, our advice would be to double down on security measures like multi-factor authentication across the board. The fact that they had two breaches in less than three months should be a huge blow to their reputation as a safe, secure provider for telecom. Especially when it comes to communication whether work-related or with your loved ones, security matters. For a phone carrier and company that size, that shows a huge red flag for any potential customers, and even current ones. There isn't much information about how the attack actually took place, which attack vectors or vulnerabilities the actors used, or how they managed to possess the data for that long.īut, it does highlight a bigger issue: T-Mobile have suffered 8 breaches since 2018, including this one. In an attempt to minimize the effect the attack will have going forward, T-Mobile offered all affected customers two years of free credit monitoring, as well as identity theft detection services, through Transunion myTrueIdentity. * Internal codes used by T-Mobile for customer support * Number of lines on the account and plan features * Phone numbers associated with the customer The data leaked varied for each customer, but could include the following: "In March 2023, the measures we have in place to alert us to unauthorized activity worked as designed and we were able to determine that a bad actor gained access to limited information from a small number of T-Mobile accounts between late February and March 2023," T-Mobile explained in letters sent to the individuals affected by the attack. The threat actors, this time around, had personal information of T-Mobile customers for around a month. ![]() ![]() This incident, however, only affected 836 customers, whereas the first one impacted 37 million people through an API data breach. T-Mobile have been hit by data breach attacks twice this year so far. T-mobile hit by 8th data breach attack in 5 years Welcome to LEVEL7’s issue of CYBER2GO - A Weekly Recap, in which we will analyse a few of last week’s Cybersecurity topics, reported by CYBER2GO, and share our perspectives, tools and strategies in English.įollow our LinkedIn page, and subscribe to this newsletter, to not miss out!
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |