When you think about a company that partners with law enforcement, you assume that security would be their top priority. In this case, Clearview AI, a startup company that stores photos to be used with facial recognition technology, has come up short. A data breach occurred earlier this week, allowing hackers to steal the company’s entire client list. While this mishap is concerning to both law enforcement agencies and consumers, this is not the first time the company has been in the limelight for its lack of security.
In the Hot Seat for Privacy
Clearview AI claims to have scraped or extracted over 3 billion photos from the internet. This includes sites like Facebook, Instagram, Twitter, and YouTube. The company’s facial recognition technology allowed law enforcement agencies to match photos of unknown faces to the images that Clearview found online. Law enforcement officials claim that the technology made it easier for them to identify children who are victims of sexual abuse.
While this may be a breakthrough in terms of digital policing in the 21st century, many platforms felt their users’ rights were violated. Twitter, Google, and Facebook sent in cease and desist letters to Clearview AI. The New York Times wrote about Clearview AI’s practices in January and stated that the company retains the photos they scrape in a database, even after internet users delete them from a platform or make an account private.
Basics of the Breach
In this case, the photos on a database were not accessed during the breach. Clearview AI’s attorney, Tor Ekeland, said that the servers were never accessed and the perpetrators didn’t obtain any search histories from customers.
The breach did, however, allow the attackers to gain unauthorized access to the company’s client list, which includes police forces, banks, and law enforcement agencies. The attacker also accessed the number of user accounts the customers set up, and the number of searches the customers conducted.
Clearview AI’s customers were informed of the breach and the company reiterated in their statement that their systems and network remained unscathed. The breach occurred due to an unspecified security flaw that the company claimed has since been fixed.
An Ounce of Prevention is Worth A Pound of Cure
The vulnerability that led to the breach was not specifically named, but if the company was able to patch it themselves, how easy could it have been to catch before it led to a breach? In our blogs at SecureData, we commonly post the steps companies and individuals can take to increase their security against breaches. Some of these have included:
Ekeland said that “unfortunately, data breaches are a part of life in the 21st century.” While this malicious phenomenon has no doubt grown along with the evolution of the digital era, privacy breaches don’t have to become commonplace.
The SecureDrive products are a hardware encrypted storage solution for both individual users and enterprise level consumers. The devices can be accessed with either a complex PIN or through a wireless secure app. The user can authenticate with facial recognition or fingerprints on the BT models and SecureData does not store any of your data on our servers. Your data remains on the device, protected by layers of encryption. Learn more about how these devices can keep unauthorized parties from accessing your information at 1-800-875-3230.