This week:

3 – Deepfake video and voice costs ARUP $25 million.

2 – Dell data breach may have impacted 49 million customers.

1 – Slack’s lax T&Cs cause a loss of trust and goodwill.


 

3 – Deepfake video and voice costs ARUP $25 million.

“A British multinational design and engineering company behind world-famous buildings such as the Sydney Opera House has confirmed that it was the target of a deepfake scam that led to one of its Hong Kong employees paying out $25 million to fraudsters.”

This is according to a recent report by CNN. Apparently “a finance worker was duped into attending a video call with people he believed were the chief financial officer and other members of staff, but all of whom turned out to be deepfake re-creations. According to police, the worker had initially suspected he had received a phishing email from the company’s UK office, as it specified the need for a secret transaction to be carried out. However, the worker put aside his doubts after the video call because other people in attendance had looked and sounded just like colleagues he recognized.”

So what?

Everyone, especially people working in a finance role or with access to company funds, needs to be made aware of these deepfake scams. And every payments process needs to require the involvement of at least two people, so one person is not the only thing between the scammer and the cash.

 


 

2 – Dell data breach may have impacted 49 million customers.

“We are investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell.”

According to a report on TechCrunch, this is an extract of an email sent to Dell customers in recent days. “Dell wrote that the information accessed in the breach included customer names [and] physical addresses”. However, “the breached data did not include email addresses, telephone numbers, financial or payment information, or any highly sensitive customer information”. Meanwhile, and perhaps coincidentally, someone on a hacking forum has claimed to now possess the customer information of 49 million customers of Dell.

So what?

Regulations like GDPR do not regard a person’s physical address as sensitive (aka ‘special category’) data. However, I’m not sure how many of the 49 million people impacted by this breach would be happy that their physical address is now in the hands of cyber criminals.

 


 

1 – Slack’s lax T&Cs cause a loss of trust and goodwill.

“With ongoing concerns about how big tech companies use data for AI training, Slack users are increasingly upset with the Salesforce-owned chat platform’s approach to its AI initiatives.” 

According to this report on The Tech Times, there is ongoing confusion about if or how Slack uses customer data (e.g. data, messages, files, content) to train its main AI system, and why the platform defaults to an opt-in or an opt-out. The article links to the ongoing discussion on Hacker News, and various press releases and responses from the organisation. To be honest, I gave up trying to figure out exactly what is really going on with Slack.

So what?

If you are using any AI tool, you need to be crystal clear about if / how sensitive data (including customer data) could be at risk. And you then need to manage those risks.

Spider-Man didn’t know much about AI. But his Uncle Ben knew that “with great power comes great responsibility”.