TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

61% Positive

Analyzed from 1708 words in the discussion.

Trending Topics

#data#government#things#need#number#security#france#governments#email#leaked

Discussion (73 Comments)Read Original on HackerNews

hk__2•about 1 hour ago
> the data stolen in the breach could include full names, dates and places of birth, mailing and email addresses, and phone numbers on an undisclosed number of citizens

Nothing really new here sadly, this information about me have leaked half a dozen of times in the past 2-3 years or so. These things will never change if the only penalty the company/agency gets is "send a message to your users saying you are sorry and that it won’t happen again".

throwup238•about 1 hour ago
Wait, you don’t even get a month of free credit monitoring?
tcgv•about 1 hour ago
My full name, phone number, and address were leaked by TAP Air Portugal about five years ago, along with the details of my parents who were on the same booking. Since then, my dad has been targeted by those types of scams where a fraudster impersonates me to ask for money.

I never received a notification from TAP; I only found out a year later through my Google One security feature. I certainly didn't get an apology—much less a free travel ticket!

ghm2180•42 minutes ago
I do use an email alias everywhere. But I don't believe you can do the same with phone numbers. I tried using my twilio rented number and there is a way systems use to figure out if that is a real number for a person or a VoIP one. Though it is sometimes successful in use for signups and hence spam reduction.
tiagod•about 1 hour ago
That TAP data was leaked on a tor hidden service, in multiple files, and download was extremely slow on the days following the leak. One of the files was much smaller, and my friend had the bad luck to have his data in that one.

His phone was spammed so incessantly he had to change his number almost immediately.

VadimPR•about 1 hour ago
I'm dissatisfied about the TAP leak as well! I was affected, and like you, didn't even receive a notification - nevermind compensation for having leaked my personal data to the dark web enabling all sorts of shenanigans that make my personal life difficult.
gus_massa•about 1 hour ago
I'm not sure about France, but here in Argentina all this info is assumed to be public. If you want a credit at a bank or shop, they ask for a physical copy of the national ID [1], probably a photocopy too, an electricity or water bill and perhaps other paperwork that is hard to get (verified phone number???).

[1] Do you want my number? It's inside this list:

  for i in range(1E9):
    print (i)
lioeters•about 1 hour ago
Here's all my personal info: π
Traubenfuchs•about 1 hour ago
If you are that unconcerned, why do you not provide us with your information right here and now?
sofixa•about 1 hour ago
There is no such thing in France (or most countries for that matter). It's a pretty absurd system that gamifies and profits off heuristics, and results in a Kafkaesque nightmare where you can't get a job, rent a place or get a loan because of an arbitrary value assigned by a company with a profit motive. One that has no incentive to get things right or even get the right person.

How things work in France is much simpler and better. When you apply for a loan, the lender checks with Banque de France (national bank) if you have outstanding debts and if you've defaulted on any debts in the past 5 years. That's it, that and your proof of revenue is all they need.

Ales375•44 minutes ago
GDPR has solid fines for data breaches, but this doesn't work for government agencies. Just someone else's money going from one government pocket to another. What they need is an automatic firing of the head of the government agency that suffered a breach. No question asked.
ge96•about 1 hour ago
> Nothing really new here sadly

Facts at Equifax

shevy-java•about 1 hour ago
Not disagreeing with you, but:

> These things will never change if the only penalty the company/agency gets is

I do not think penalties can prevent these situations. Perhaps they may be less frequent; perhaps people would get more compensation, but ultimately I do not think these can be prevented. The first consideration is why the data has to be stored in the first place. Naturally one can say "the government needs to know who is a citizen and who is not", and I can understand this rationale to some extent, but even then I wonder whether this has to be correct. Perhaps we could have a global society without any requirement to be an identifiable citizen per se. Things such as mandatory age verification-sniffing to never become an issue, because it is not needed and not possible and nobody would have an addiction-need to sniff for that data (we know Meta and co want that data, this is why their lobbyists run rampage via the "but but but somebody protect the children" lie).

loupol•about 2 hours ago
I received the email telling me I am impacted today.

Ironically it changes nothing for me as that same data had already been leaked by the French government agency that handles unemployment benefits a couple years ago. Silly me had not bothered deleting that account even after it was no longer necessary due to finding a new job.

pixel_popping•about 1 hour ago
A copy of it would be nice for record purpose (so Anthropic and OpenAI can have it in their dataset :))
rawgabbit•about 1 hour ago
It seems to me we must move away from worrying about ransomware, data breach, data protection as that ship has already sailed and everyone's PII has already been stolen. We should think of how to verify people's identities online (for things like government benefits etc). I have heard of the Dutch and the Japanese using national digital identity systems although I am unclear how they work. India is doing biometrics. I am curious what the US will eventually land on.
afarah1•about 1 hour ago
Biometrics is just something else to get leaked, terrible idea because it's even more sensitive (can be used to track you through cameras for example, like used in the Iran war).

This problem has long been solved with federated IdPs and MFA - something you own like OTP device/physical token besides something you know like SSN/tax id/password.

Most governments prefer biometrics of course because citizen privacy is the opposite of what they want.

whyagaindavid•about 1 hour ago
I would not go that far to say all govts are like that. The main problem is majority of citizens cannot easily remember such things. Even simple PIN that is included in EU ID cards - most people don't remember or use. people want frictionless use.
yladiz•about 1 hour ago
> Most governments prefer biometrics of course because citizen privacy is the opposite of what they want.

Or... it's something that you always have on you which is incredibly hard to fake.

rawgabbit•about 1 hour ago
Maybe in the future, our driver licenses will become a physical token?
anonym29•about 1 hour ago
Biometrics are the only credential you can't roll after compromise.
deltoidmaximus•about 1 hour ago
Based on how things are, I feel like the US solution is just going to end up with me requiring a retinal scan to buy pants from Target online and then that scan will end up on the dark web along with my voice print and a scan of a my driver's license.
tomjen3•38 minutes ago
I can make a new password, hard to get a new eyeball.
sofixa•44 minutes ago
> We should think of how to verify people's identities online

France already has that, in multiple ways.

There is the France Connect SSO, which is kind of a federated SSO. You need at least one account which is physically proven (it could be with the Post Office which send you a letter with a code to confirm your address and idenntity / ask you to physically come to a post office for an ID inspection; the tax authority where there are also multiple physical verification hoops, the social security system, same), and can use that via the SSO to authenticate to all government services.

Separately, there is an app proposed that scans your physical ID's NFC chip with your biomettrics, compares that to a selfie you take, and uses that identity to authenticate you to stuff.

kleene_op•about 1 hour ago
I find it especially ironic that they would leak all my data, given the fact that they would ask of me to forward them every piece of id imaginable whenever I needed to forge or amend a new one (when adding a mention on my driver's license for instance).

Like they didn't have access to it anyway.

yladiz•about 1 hour ago
They do have to prove who you are, and to do that you need to show your ID(s) and they need to check it in their system. I don't understand your comment.
kleene_op•about 1 hour ago
I already have to log to their website with 2 factor authentification. I had to walk and physically present my id card, install the numerical identity app. That should be enough.

Also, apart from reuploading IDs, they ask for information such as age, name, place of living, and a thousand more things that they already have and doesn't need to be provided to establish that you really are you.

amelius•about 1 hour ago
If governments are treating my personal data as if it is worth nothing, then I'm not going to treat copyrighted works as if they are worth something.

If you want to build a society on information, then you cannot forget the most important group.

duncangh•41 minutes ago
It’s kind of interesting that this happens so shortly after they proudly announced how easily they would’ve able to migrate all systems from Microsoft and US firms. Maybe next year will be the year of the Linux desktop
ahigherugliness•about 2 hours ago
19 millions de Français! Et moi, et moi, et moi.
hmokiguess•about 1 hour ago
C’est la vie.
ChrisArchitect•about 1 hour ago
Better link? https://www.bleepingcomputer.com/news/security/french-govt-a...
cynicalpeace•about 1 hour ago
A possible outcome of AI-assisted hacking is that companies, governments, and people become more resistant to using software, and software adoption actually declines.
shevy-java•about 1 hour ago
Governments may just be incompetent. Still, the lobbyists will never give up for mandatory age verification in the future.
Advertisement
Zealotux•about 2 hours ago
Great, now scammers can steal my identity directly from the government. I hope they release a tool to check if I'm impacted or at least email me about it.
Avamander•about 1 hour ago
Why would those pieces of data (DOB, full name, address) ever be sufficient for identity theft?

If that's sufficient to achieve anything then those systems are built on top of hopes and dreams.

rationalist•40 minutes ago
It's good enough for health insurance fraud.
john_strinlai•about 1 hour ago
>I hope they release a tool to check if I'm impacted or at least email me about it.

"ANTS stated that it is currently in the process of notifying those identified as impacted."

realusername•about 1 hour ago
With the number of leaks the French administration had everywhere, you don't need a tool, you are guaranteed to be impacted.
psychoslave•about 1 hour ago
"Our government successfully achieved wide distribution of valuable assets in the era of digital information."
doublerabbit•about 2 hours ago
Alternatively, hackers can now be used as a method of age identification.
Oras•about 2 hours ago
are govs required to comply with GDPR and data breaches laws?
nxm•about 2 hours ago
Yes, but unelected bureaucrats only impose fines on the private sector.
whyagaindavid•about 1 hour ago
Do you mean fines for tiny companies?
nick486•about 1 hour ago
what would be the point of the government fining itself though?

Now that I'm thinking of it, it would create the need for an extra gaggle of bureaucrats to oversee the process,so I suppose someone might see a point to it ...

infamouscow•about 1 hour ago
There are carve-outs to allow for governments to make exceptions, but it's besides the point.

If the government were to hold themselves to account, they would fine themselves some amount N, and pay itself N using your taxes. It also wastes other finite resources for all the paperwork and legal action involved that could be used for something else.

Speaking pragmatically, there's no point trying to hold the government itself to it's own laws. The only time citizens do hold the government accountable, it's always done in the form of hangings, or the guillotine in France's case.

zh_code•about 1 hour ago
Use Mythos!
SilverElfin•about 1 hour ago
Yet another example why NO ONE should trust age verification laws or companies like Anthropic forcing you to verify identity with shady companies like Persona (https://news.ycombinator.com/item?id=47872608). Whatever info you give up, it’ll be exposed one day.
_the_inflator•about 1 hour ago
I trust Google more than any government with my data. One needs security to survive the other couldn’t care less.

Google selling data? So far no one came to blackmail me for certain dispositions, while the other does as they want, IRS, foreign governments, social security whatever.

Google can be sued while the other gives itself a pass.

Who is the baddie?

In Germany the administration put massive duties on IT providers and added punitive damage as a looming consequence.

Fast forward and the government with its “Ha, we are so digital!” and “Europe is better than US in CS!” suddenly has to swallow some brutal medicine I guess.

I stick to my guns: Silicon Valley and especially Google is art regarding code and CS evolution. Same for FAANG etc.

EU is hubris to say the least.

Every time someone says “Let’s build our own Google/Cloud/…” a penguin dies.

E Invoice will be a brutal boomerang, XRechnung the greatest backdoor of all times.

Your data, time to shift everything into the EU.

whyagaindavid•about 1 hour ago
I don't understand the downvotes. Literally every single German email provider took like 5 years to implement 2FA. Even now lots of security issues with many German providers that claim privacy. Even so-called DE-mail was sham. Still somehow people assume FAANG is crap in data security. (Yes, I am not demanding privacy from ANY MultiNational company)