data

A ‘great leap forward’

But Schwartz told Al Jazeera that the trend towards government data consolidation has continued in the decades since, under both Democratic leaders and Republicans.

“Surveillance is bipartisan, unfortunately,” he said.

With Trump’s second term, however, the process hit warp speed. Schwartz argues that the Trump administration’s actions violate laws like the Privacy Act, marking a “dangerous” shift away from Nixon-era protections.

“The number-one problem with the federal government in the last year when it comes to surveillance is the demolition of the Watergate-era safeguards that were intended to keep databases separated,” he said.

Schwartz noted that Trump’s consolidation efforts have been coupled with a lack of transparency about how the new, integrated data systems are being used.

“Just as the current administration has done a great leap forward on surveillance and invading privacy, so it also has been a less transparent government in terms of the public understanding what it is doing,” Schwartz said.

Already, on March 20, Trump signed an executive order that called on government agencies to take “all necessary steps” for the dissolution of what he called “data silos”.

Shortly afterwards, in April, US Immigration and Customs Enforcement (ICE) inked a deal with the IRS to exchange personal information, including the names and addresses of taxpayers.

The memo was seen as an effort to turn private taxpayer data into a tool to carry out Trump’s goal of deporting immigrants.

A federal court in November paused the agencies’ data-sharing agreement. But other efforts continue.

In June, the Supreme Court ruled in favour of giving DOGE access to sensitive Social Security data. And just this month, the Trump administration pressured states to share information about the recipients of food assistance, or else face a loss of funding.

While immigrants appear to be one of the main targets of the data consolidation project, Venzke said that Americans of all stripes should not be surprised if their personal information is weaponised down the line.

“There is no reason that it will be limited to undocumented people. They are taking a system that’s traditionally limited to non-citizens and vastly expanding it to include all sorts of information on US citizens,” Venzke said.

“That was unthinkable just five years ago, but we’re seeing it happen now, and consequently, its potential abuses are widespread.”

Dec. 26 (Asia Today) — South Korea’s Ministry of Science and ICT (MSIT) said Thursday it had lodged a strong protest after Coupang unilaterally disclosed what it called investigation results into a customer data breach, stressing that the claims have not been verified by the ongoing joint probe.

In a press release, the ministry said a public-private joint investigation team is still closely examining the type, scale and cause of the data leak. “The assertions made by Coupang have not been confirmed by the joint investigation team,” MSIT said.

Earlier in the day, Coupang posted a notice on its website stating that it had identified the leaker and secured all devices and hard disk drives used in the breach. The company claimed that, based on its investigation to date, the leaker stored customer information limited to about 3,000 accounts and subsequently deleted all of it.

Coupang also said it used forensic evidence, including “digital fingerprints,” to identify a former employee responsible for the leak, adding that the individual confessed to all actions and provided a detailed account of how customer information was accessed.

MSIT reiterated that any conclusions regarding the incident must come from the joint public-private investigation, cautioning against premature disclosures that could mislead the public while the probe remains underway.

–Copyright by Asiatoday

SEOUL, Dec. 26 (UPI) — Shinhan Card, one of the country’s top credit card issuers, reported a massive data leak Tuesday.

The Seoul-based company said more than 190,000 cases of potential data exposure have been identified that involve merchant partners’ personal and business information.

The incident seems to stem from employee actions rather than an external cyberattack. Against this backdrop, Shinhan Card CEO Park Chang-hun issued a formal apology.

“We would like to express our deepest apologies,” he said. “Upon discovering the incident, we immediately took measures to block any further leaks and completed a thorough review of our internal processes.”

“To ensure the protection of personal information in the future, we will conduct a full investigation into the cause and circumstances of the leak and strictly discipline the employees involved,” he said.

Despite the steps, criticism intensified as a series of security failures have taken place throughout this year.

In late November, the country’s leading online retailer, Coupang, acknowledged that the names, email addresses, phone numbers and delivery addresses of 33.7 million customers had been leaked.

The New York Stock Exchange-listed corporation could face fines amounting to a maximum of 3% of its related revenue, which is levied by the state-run Personal Information Protection Commission.

Since Coupang logged sales of some $28 billion in 2024, potential fines could surpass $800 million.

Earlier this year, SK Telecom admitted that a cyberattack had breached its network, exposing sensitive data and compromising critical information of about 23 million subscribers.

As a result, the top mobile operator was fined $92 million and ordered to suspend adding new customers for nearly two months, in accordance with government guidelines.

Criticizing companies that failed to protect customer information, Prime Minister Kim Min-seok vowed to more than triple the fines for similar violations.

“Urgent legislative tasks, such as the introduction of punitive administrative fines, will be swiftly advanced so that they can be passed as soon as possible,” Kim said at a government meeting Wednesday.

“For repeated and serious violations, we will introduce punitive fines of up to 10% of a company’s total revenue and strengthen the obligation to notify individuals of personal data breaches,” he said.

When corporate data leaks are reported, the South Korean government is quick to lash out at companies. However, critics argue that the government and state-operated organizations have failed to adequately protect their own data.

In 2021, the Atomic Energy Research Institute, the state-run outfit responsible for nuclear power research, was breached by a suspected North Korean state-backed group through a virtual private network server.

Last year, police found that North Korean hackers had stolen data from the National Court Administration during June 2021 and January 2023. The compromised data exceeded 1 terabyte, equivalent to more than 1.5 billion pages of documents, including personal information.

Despite these threats, the government is reluctant to spend more money to mitigate cybersecurity risks.

For example, the Seoul administration cut the 2026 budget for the operation and maintenance of integrated security control centers run by local governments by almost 30% compared with this year.

It also reduced the 2026 budget for reinforcing security and protection facilities at government complexes by more than 40%.

This contrasts with the 8.1% year-on-year increase in the national budget for 2026.

“When hacking incidents occur, harsh penalties are imposed on private enterprises. For government agencies, however, it seemingly ends up with only a slap on the wrist. Such asymmetric punishments are not difficult to understand,” economic commentator Kim Kyeong-joon, formerly vice chairman at Deloitte Consulting Korea, told UPI.

“Moreover, the government is required to strengthen the country’s cybersecurity infrastructure. And leaks of public data or documents are even more dangerous when they are related to national defense. I wonder whether our government is doing enough in these areas,” he said.

Park Tae-hwan, head of the AhnLab CyberSecurity Center, called for stronger efforts to counter online threats and data breaches. AhnLab is the country’s leading cybersecurity vendor.

“Following a series of cyber intrusion incidents of late, regulations centered on bigger fines and punitive measures have come to the forefront, raising the burden on companies,” Park told UPI.

“To enable a meaningful shift in perception, a parallel policy approach is needed, like one that provides incentives to companies with strong security practices, thus encouraging greater voluntary investment in cybersecurity by the private sector,” he said.

Dec. 23 (UPI) — A judge in Oregon ruled Tuesday that the Trump administration cannot require states to account for how deportations have affected their populations in order to receive emergency or disaster preparedness funds.

U.S. Magistrate Judge Amy Potter’s ruling came in response to a lawsuit from 11 states challenging new requirements from the Federal Emergency Management Agency, which they argued created undue burdens on access to hundreds of millions of dollars that could be used to prepare for floods, storms, acts of terrorism and other potential catastrophes.

The ruling is a setback for President Donald Trump as he has sought to remake the federal agency that is central to responding to disasters after earlier calling for it to be dissolved.

The ruling concerned a new FEMA policy that shortened the duration of grants to states from three years to one. The agency argued that the shorter period would allow it to better gauge the effectiveness of how states were using the money.

FEMA also required states to provide updated figures on their populations to reflect the Trump administration’s aggressive deportation efforts. Population counts have traditionally been the responsibility of the U.S. Census Bureau.

A group of 11 states – including Michigan, Oregon, Arizona, Colorado, Hawaii, Maine, Maryland, Nevada, New Mexico, Wisconsin and Kentucky – sued in response to the new requirements.

They argued that the requirements violated the Administrative Procedures Act and imperiled funding used for outreach programs in Hawaii, the deployment of emergency management personnel in North Carolina during tropical storms and staff to respond to flash floods in Maryland.

“This abrupt change in policy is particularly harmful to local emergency management,” wrote Potter.

In Oregon, affected funds were used to help cover the expenses of local emergency managers across the state, she wrote.