PrivSec:Report Weekly Roundup

privsec, weekly roundup, news

Each week, PrivSec:Report presents the top 5 headlines from the week’s news and upcoming events in the privacy and security industry. This week YouTube was fined for a data privacy violation that affected children, and it’s been discovered that Google has been dodging GDPR privacy protections.

Do as you’re told
This week started with fraudsters manipulating AI software to impersonate a UK energy firm owner to transfer money to an offshore account. The software they used had accurately mimicked the prominent business leader’s voice and style of speaking, which managed to fool the CEO into doing as he was told. Read the full story here.

Shouldn’t children’s safety be a priority?
The safety of children has become a major concern again this week as a UK cyber-charity issues warning over websites’ harvesting of children’s data, in the same week that YouTube had been fined $170m for collecting data on children under the age of 13 without parental consents being in place. Since the exposure, Google and YouTube have agreed to stop using previously collected personal data of minors. Read the full story here.

Bad news for Android users
A vulnerability within Android-based smartphones, making them susceptible to advanced phishing attacks has been discovered this week; Sony, Samsung, Huawei and LG among those devices affected. It is said that a remote agent can trick users into accepting new phone settings, such as routing all Internet traffic through a proxy that is controlled by the agent. The researchers also discovered that anyone connected to a cellular network could be targeted, and not just users connected to a Wi-Fi network. Read the full story here.

You’ve been rumbled, Google
New evidence submitted to the Irish Data Protection Commission prooves that Google has been infringing GDPR in a workaround that evades their own publicly stated GDPR data safeguards. However, the evidence submitted by Brave, revealed that “Google allowed not only one additional party, but many, to match with Google identifiers. The evidence further reveals that Google allowed multiple parties to match their identifiers for the data subject with each other,” explained Brave in a blog post. Read the full story here.

It’s a steal!
Finally, The city of New Bedford has revealed that cyber-criminals were holding its data ransom. The ransomware had spread through the city’s network and had proceeded to encrypt files on 158 work stations, accounting for 4% of the city’s PCs. The hackers demanded $5.3 million in Bitcoin to release a decryption key but ended up with nothing because the major decided to restore the system from backups due to the low number of infected systems. Read the full story here.



Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.