Location data aggregator Gravy Analytics has admitted a data breach that resulted in the theft of millions of people’s precise location data. Gravy Analytics, a subsidiary of tracking company Unacast, told the Norwegian government that it had discovered “unauthorized access to its AWS cloud storage environment” on January 4. This comes from a document published by Norwegian public broadcaster NRK.
Advertisement
The United States should become the heart of AI like the automotive industryUS law firm BakerHostetler wrote in a letter sent on behalf of Gravy Analytics to the Norwegian data protection authority Datatilsinet that they are “working hard” to determine the scope of the incident and the type of information affected. personal data breach notification“Preliminary findings indicate that an unauthorized person obtained certain files that may contain personal information.” At present these are being analyzed. “If personal data is found to be affected, it likely relates to users of third-party services that provide that data to Gravy Analytics.” Company lawyers further stated that Gravy Analytics is currently assessing whether a reportable personal data breach has occurred.
It is said that after the data breach was discovered, the systems were immediately secured, the access keys to the AWS environment were changed, the data processing platform was taken temporarily offline and in collaboration with external cyber security experts a Investigation started. According to Gravy Analytics, data processing services have resumed from January 9.
Data breach speculation
Speculation about the Gravy Analytics data leak emerged last week. On the darknet, Russian-speaking criminals claim to have stolen millions of pieces of location data aggregator data. According to media reports, this apparently includes data from popular mobile games like Candy Crush, as well as dating apps like Tinder and Grindr, pregnancy monitoring apps, and others.
The US Federal Trade Commission (FTC) issued an order against Gravy Analytics and Venntel in December, barring both companies from selling, disclosing, or using sensitive location data in products or services. The FTC wrote at the time that the companies collected data from the apps and sold access to that data to companies or US government agencies.
(AKN)
AI use of protected works: Cultural Council demands fair remuneration
