A company that creates facial recognition technologies should not have cut the salary of its developers…
Law enforcement agencies and federal agencies are investigating a large-scale leak of personal data related to the facial recognition system in bars and clubs across Australia. The incident highlights growing public concerns about privacy, as such technologies are increasingly being used in educational institutions, shopping malls, sporting events and other public places.
The affected party was the company Outabox. Its head office is located in Australia, but there are also representative offices in the United States and the Philippines. During the COVID-19 pandemic, Outabox developed a smart facial recognition system that scanned visitors and measured their body temperature at the entrance. The technology also recognized participants in a special self-exclusion program for people suffering from gambling addiction.
The web site "Have I Been Outaboxed", allegedly created by former employees of the company from the Philippines, recently appeared on the network. On the home page, users are prompted to enter their name to check whether their personal information has been included in the Outabox database. According to the creators of the site, the corporate archive had serious deficiencies in internal security control, and the data was stored in an unprotected form — in a regular table. It is claimed that the attackers had more than 1 million records at their disposal.
"This is an example of the consequences that the use of facial recognition systems that encroach on privacy can lead to," said Samantha Floreani of Digital Rights Watch, a nonprofit organization dedicated to data security issues. "Privacy advocates have long warned of the risks associated with surveillance systems, and leaking personal data is one of them."
According to the website Have I Been Outaboxed, the leak compromised biometric records, scans of driver's licenses, personal signatures, information about club memberships, addresses, birthdays, phone numbers and logs of visits to various institutions. It is also alleged that Outabox exported data from IGT, a supplier of slot machines.
The owners of the site published a photo, signature and edited driver's license of one of the founders of Outabox. They also posted an edited screenshot, which, apparently, shows the internal database of the company.
New South Wales Police declined to share details of the investigation. However, law enforcement officials said that together with federal and regional agencies arrested a 46-year-old man in the suburbs of Sydney. It is expected that he will be charged with extortion, but nothing is known about his identity and involvement in the case.
The resource Have I Been Outaboxed, which at the time of writing this material continues to work, claims that Outabox has stopped paying salaries to its developers in the Philippines. As you know, many companies in the field of AI often attract low-cost labor from other countries, including the Philippines, to maintain their systems.
The site owners urge anyone whose data appears in the leak to contact the relevant institutions with a request to remove the Outabox systems. The site lists 19 institutions that are clients of the organization.
Law enforcement agencies and federal agencies are investigating a large-scale leak of personal data related to the facial recognition system in bars and clubs across Australia. The incident highlights growing public concerns about privacy, as such technologies are increasingly being used in educational institutions, shopping malls, sporting events and other public places.
The affected party was the company Outabox. Its head office is located in Australia, but there are also representative offices in the United States and the Philippines. During the COVID-19 pandemic, Outabox developed a smart facial recognition system that scanned visitors and measured their body temperature at the entrance. The technology also recognized participants in a special self-exclusion program for people suffering from gambling addiction.
The web site "Have I Been Outaboxed", allegedly created by former employees of the company from the Philippines, recently appeared on the network. On the home page, users are prompted to enter their name to check whether their personal information has been included in the Outabox database. According to the creators of the site, the corporate archive had serious deficiencies in internal security control, and the data was stored in an unprotected form — in a regular table. It is claimed that the attackers had more than 1 million records at their disposal.
"This is an example of the consequences that the use of facial recognition systems that encroach on privacy can lead to," said Samantha Floreani of Digital Rights Watch, a nonprofit organization dedicated to data security issues. "Privacy advocates have long warned of the risks associated with surveillance systems, and leaking personal data is one of them."
According to the website Have I Been Outaboxed, the leak compromised biometric records, scans of driver's licenses, personal signatures, information about club memberships, addresses, birthdays, phone numbers and logs of visits to various institutions. It is also alleged that Outabox exported data from IGT, a supplier of slot machines.
The owners of the site published a photo, signature and edited driver's license of one of the founders of Outabox. They also posted an edited screenshot, which, apparently, shows the internal database of the company.
New South Wales Police declined to share details of the investigation. However, law enforcement officials said that together with federal and regional agencies arrested a 46-year-old man in the suburbs of Sydney. It is expected that he will be charged with extortion, but nothing is known about his identity and involvement in the case.
The resource Have I Been Outaboxed, which at the time of writing this material continues to work, claims that Outabox has stopped paying salaries to its developers in the Philippines. As you know, many companies in the field of AI often attract low-cost labor from other countries, including the Philippines, to maintain their systems.
The site owners urge anyone whose data appears in the leak to contact the relevant institutions with a request to remove the Outabox systems. The site lists 19 institutions that are clients of the organization.
