News Alerts and Breach Report for Week of July 17, 2023
New Generative AI Tool For Hackers Launches
According to The Hacker News, a new generative AI cybercrime tool called WormGPT allows bad actors to quickly generate malicious code, and automate the creation of convincing phishing emails tailored to individual victims. This increases the amount of people who can execute a cyberattack with little experience. Threat actors are also making “jailbreaks” for ChatGPT—specialized prompts and inputs designed to get ChatGPT to disclose sensitive information, produce inappropriate content, and execute harmful code. And research conducted by security firms like Mithril Security has produced additional models for malicious generative AI. Hacker News that the advent of WormGPT comes as researchers from Paris-based Mithril Security “modified an existing open-source AI model known as GPT-J-6B to make it spread disinformation and uploaded it to a public repository like Hugging Face such that it could then integrated into other applications, leading to what’s called an LLM supply chain poisoning.”
US ITA Launches Compliance Website For EU-US Framework
This week, following the adoption of the EU-U.S. Data Privacy Framework, The U.S. Department of Commerce launched the Data Privacy Framework (DPF) program website to guide U.S. companies in cross-border data transfers. According to the release, the website allows eligible companies to achieve self-certification with the framework, and offers guidance around expectations, noting that, “Companies that participate in the EU-U.S. Privacy Shield may begin relying immediately on the EU-U.S. DPF to receive personal data transfers from the European Union/European Economic Area but will need to self-certify to the EU-U.S. DPF by October 10.”
META Could be Fined $100k Per Day in Norway
The Norwegian Data Protection Authority (DPA) is planning to fine Meta $100k a day starting August 4—and continuing for every day that Meta doesn’t address privacy violations for the three month span between August 4 and November 3. The Norwegian DPA alleges that Meta’s practice of tracking users on Facebook and Instagram then using that data for marketing purposes—known as behavioral advertising—without their consent, violates Norwegian privacy law.
Senator Schumer Reveals Innovation Framework for AI
Though privacy regulators have scrambled to mitigate the privacy risks presented by AI, innovation has continued at breakneck speed. That’s why last month, Senator Chuck Schumer, D-N.Y., revealed his SAFE Innovation framework for AI. The framework is designed to serve as a bipartisan guideline for developing AI regulations, with four principles at its core: Security, accountability, foundations, and explainability. These are fairly self-explanatory, except for foundations—which represents a commitment to balancing innovation against maintaining America’s foundational values. Read his announcement here.
Court Blocks CPPA Enforcement in California
A California court has blocked the California Privacy Protection Agency (CPPA) from enforcing new privacy regulations until March 2024, after the California Chamber of Commerce sued. The conflict comes down to a technicality. Businesses are supposed to get one year from the date of finalization for amendments to the California Privacy Rights Act (CPRA). Though that was supposed to happen in July 2022, it didn’t happen until March 2023, pushing back the enforcement deadline.
BREACH REPORT:
* * * * * * *
To read our latest article on the EU’s Artificial Intelligence Act, click here.
Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!
Our most recently released and a NEW episode:
(NEW) 93 | SolarWinds and SEC: CISOs Back in the Crosshairs (With Guest Mark Rasch)
92 | Interview With Tom Kemp, Silicon Valley Privacy Advocate and Author of Containing Big Tech
To browse our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.
