Latest news with #dataBrokers
Fast Company
6 days ago
- Business
- Fast Company
LexisNexis breach: Data broker hack exposed trove of sensitive information, including Social Security numbers
Data analytics firm LexisNexis Risk Solutions said it suffered a data breach that could have affected the names, Social Security numbers, driver's license numbers, and contact information of more than 364,000 people. The company said in a filing with Maine's attorney general that an 'unauthorized third party' stole data from a third-party platform used for software development. A spokesperson told TechCrunch, which earlier reported of the breach, that an unknown hacker accessed its GitHub account. The breach dates back to last Christmas, though the company said it only discovered it on April 1. 'Upon learning of the issue, we promptly launched an investigation with the assistance of leading external cybersecurity experts, notified law enforcement and took steps to review and further enhance our security controls,' LexisNexis said in a notice that's being sent out to consumers. 'We also initiated an extensive review of the impacted data to identify personal information that may have been affected.' Their market, your data LexisNexis is part of a massive industry where data brokers collect and sell access to personal and financial data for risk and fraud assessment. That information can have wide repercussions for consumers. For example, the New York Times reported last year that LexisNexis would receive driving data from automakers, which the firm would then sell to insurance companies, potentially leading to higher premiums. LexisNexis also operates a large database of legal documents and public records. The Consumer Financial Protection Bureau (CFPB) said in December that it planned to introduce rules that would limit the ability of data brokers to sell sensitive information on Americans. But the new Trump administration halted those operations, and the CFPB officially scrapped the plans earlier this month. 'The Bureau is withdrawing this NPRM (notice of proposed rule making) in light of updates to Bureau policies,' its listing in the Federal Register said.
Fast Company
15-05-2025
- Business
- Fast Company
Trump just handed data brokers a gift in the form of our data
The Consumer Financial Protection Bureau (CFPB), under acting director Russell Vought, cancelled proposed new rules this week that would have protected Americans' sensitive private data—including financial data, credit history, and Social Security numbers—from being collected by data brokers without consent and sold to advertisers and other third parties. The proposed rules, which were proposed in December by the Biden administration's CFPB director, Rohit Chopra, were aimed at protecting consumers from commercial surveillance practices that 'threaten our personal safety and undermine America's national security,' the proposal stated. (Wired, for example, reported in February that U.S. data brokers were using Google's ad-tech tools to sell access to information about devices linked to military service members and national security decision makers.) Proposed rules clarified that many data brokers are in fact 'consumer reporting agencies,' like the credit bureaus, which already must comply with the privacy and accuracy rules in the Fair Credit Reporting Act (FCRA). For example, under those requirements, data brokers would have to get explicit consent from consumers before collecting and selling their data. But on Tuesday, the Vought-led CFPB quietly announced in the Federal Register that it was withdrawing the proposed rules, stating that they are 'not necessary or appropriate at this time.' The CFPB's argument against the proposed rules revolved around a single comment left during the public comment period about the proposed rules' 'propriety under the plain text of the FCRA.' Data privacy advocates have been fighting for years to make data brokers subject to the FCRA's privacy rules. The withdrawal of the proposal is a victory for large data brokers such as Acxiom and Epsilon, for the consumer websites that sell data brokers, and for the vast digital advertising ecosystem that uses the data to target ads. While many consumers are unaware of the vast personal data marketplace centered around data brokers, privacy advocates immediately saw the death of the proposed rules as a major setback. 'The data broker industry is out of control—data brokers threaten our privacy, national security, physical safety, and economic security every day,' said the Electronic Privacy Information Center law fellow Caroline Kraczon in a statement Tuesday. 'The CFPB's withdrawal of the proposed rules is another attack in the administration's war against consumers on behalf of corporate interests.' At the state level, California, New Jersey, and Vermont have passed legislation giving consumers the right to demand that data brokers delete sensitive personal information about them.
CNA
14-05-2025
- Business
- CNA
Trump administration scraps Biden-era plan to limit sale of Americans' personal data
The U.S. Consumer Financial Protection Bureau is scrapping a proposal issued under former President Joe Biden that would have sharply limited the sale of Americans' private information by "data brokers," according to a Federal Register notice issued Wednesday. The agency also yanked proposals that sought to extend consumer protections to the use of new digital payment technologies including cryptocurrency, and that would have prohibited certain terms in the fine print in consumer finance products. In a statement, Consumer Reports said the withdrawal of the data broker proposal would leave consumers "vulnerable to scams and identity theft." President Donald Trump's administration has moved this year to decimate the CFPB, initially seeking to shut it down entirely and subsequently saying it can meet its legal obligations with about 10 per cent of its current staff. Efforts to fire large amounts of staff are currently on hold as federal courts consider the matter. Senior officials in recent days have continued undoing much of the prior administration's work in regulation and oversight. The agency last week withdrew scores of guidance documents issued across administrations since 2011. In proposing the limits on data brokers in January, former CFPB Director Rohit Chopra said the sale of Americans' private information to data brokers was a "staggering" problem that also jeopardized national security by putting government officials' privacy at risk. The CFPB did not immediately respond to a request for comment. However, in a Federal Register notice, Russell Vought, the current acting CFPB director, said the proposal no longer aligned with the bureau's changed policy objectives and its interpretation of the Fair Credit Reporting Act. "Further, commenters raised numerous concerns related to this proposed rule that the Bureau believes require careful consideration before proceeding with a final rule," he said. These included whether the proposal was at odds with federal law.
CBC
09-05-2025
- Health
- CBC
Millions of Canadians' health data available for sale to pharmaceutical industry, study shows
Going to the doctor can involve sharing your most personal information, including details about your health, medical history and prescriptions. It all ends up in your medical record — but a new study by researchers at Women's College Hospital in Toronto found that in some cases, private companies are accessing parts of that data and selling it to pharmaceutical companies. "This is really an area where we need transparency," said the study's lead author, Dr. Sheryl Spithoff. The study, published in JAMA Network Open, examined how the medical record industry works in Canada and how patient data flows between different private entities. Through a series of 19 interviews, the researchers concluded "chains of for-profit primary care clinics, physicians, commercial data brokers and pharmaceutical companies ... work together to convert patient medical records into commercial assets." Those assets, the study said, are then used to "further the interests of the pharmaceutical companies." Spithoff and her colleagues identified two different models. In one, a private clinic sells data to an outside company, with personal information like names and birth dates removed. The company then offers to sell or analyze that de-identified information for its clients in the pharmaceutical industry. In the other model, the clinic is a subsidiary of the company collecting the data, giving that company even more direct access to patient information. The study said patients were not included in decisions about how their data was used. "We need oversight," Spithoff said in an interview. "What we know from other surveys and interviews with patients is that this is not how they want their data handled." Experts call for updated privacy laws The study's findings suggest these practices could give the pharmaceutical industry more influence over patient care in Canada. Matthew Herder, director of the Health Justice Institute at Dalhousie University in Halifax, said while there may be potential for this kind of data-sharing to help patients, there is also a risk these models will push patient care in a direction that benefits pharmaceutical companies and drives up costs for health-care systems. "All of these things are happening without any degree of transparency," Herder said. "That's why this paper is such an important paper. It's starting to bring to light what's really going on." The Office of the Privacy Commissioner of Canada declined to comment on the study itself, but said organizations subject to privacy laws must follow certain rules around safeguarding personal information. While most provinces and territories have privacy laws specifically related to health records, Lorian Hardcastle, an assistant law professor at the University of Calgary, said they are outdated and need strengthening. As the health-care system moves toward more electronic health records, often managed by private companies, Hardcastle said updates are needed to better protect patient information. "Data being managed not on paper but by third-party entities really demands that policymakers rethink this legislation that was created decades ago when it was still paper records sitting in a doctor's office." Some of the current laws do little to protect patient data from changing hands if personal identifiers have been removed, Hardcastle said. "If the data has been de-identified and it's not reasonable that re-identification would be possible, the law offers quite little protection," she said. "Unfortunately, though, what we thought 10 years ago was de-identified data, now we're realizing with big data with AI can be re-identified." In a statement, the office of the Ontario privacy commissioner said health information custodians have to take reasonable steps to ensure data is protected and secure, and acknowledged health data has become an increasingly valuable commodity. "There needs to be greater accountability around the use and sale of de-identified health data, and what happens to that data after it is sold," it said. The office is advocating for changes to Ontario's privacy legislation to add further guardrails like risk assessments when personal health information is involved. What you can do For patients wondering what might be happening with their health data, Hardcastle said start by asking your clinic for its privacy policy. Beyond that, she said any issues can be reported to a privacy commissioner and concerned patients can push legislators to update privacy laws. "If they're hearing from many members of the public that this is something they're concerned about, that may motivate them to look into this further," she said. Family doctor Dr. Danyaal Raza in Toronto said the study's "stark and dramatic" findings should encourage patients at private, for-profit clinics to ask some hard questions so they can be as informed as possible. As past chair of Canadian Doctors for Medicare, Raza sees this as another risk that comes with private companies delivering health care. Legislative changes are part of the solution, along with further attention paid to primary care, he said.
