This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

This week we are looking at 270GB of sensitive police data exposed, the High Court challenged on facial recognition and Twitter apologies for data breach. Welcome to the Hut Six Infosec Round-Up.

270GB of US Police Data Leaked

Hundreds of thousands of American police files, dating back 24 years and belonging to over 200 departments, have been published online.

Disseminated by an organisation named Distributed Denial of Secrets, the illegal collection of data reportedly contains both police and FBI reports, email addresses and images of suspects.

Having traced the hack back to a Texas based data centre, authorities are yet to publicly state who they believe to be behind the attack.

Thought to be related to the ongoing protests against police misconduct, former assistant secretary of policy at the U.S. Department of Homeland Security Stewart Baker noted that given the nature of the information, the so-called BlueLeaks data is unlikely to provide any insight into this matter.

Stating: “With this volume of material, there are bound to be compromises of sensitive operations and maybe even human sources or undercover police, so I fear it will put lives at risk.”

“Every organized crime operation in the country will likely have searched for their own names before law enforcement knows what’s in the files, so the damage could be done quickly.”

High Court Challenged on Facial Recognition

A UK based liberties group has formally challenged a 2019 High Court ruling over the lawfulness of automatic facial recognition technology.

The controversial technology was originally questioned by Cardiff resident, Ed Bridges, who had noticed the cameras whilst attending an arms protest in the city centre.

With support from civil liberties organisation Liberty, Bridges challenged the lawful basis of such technology, in part, under the grounds that it constituted a violation of a right to privacy.

Lawyer at Liberty, Megan Goulding noted: “It is time that the government recognised the danger this dystopian technology presents to our democratic values and banned its use.”

Though originally upheld, with many high-profile facial recognition programs recently being abandoned, Bridges’ November appeal may go a different way.

Twitter Apologises for Data Breach

Twitter has contacted business clients regarding a flaw which left personal information accessible to other device users.

The social media giant has this week emailed business customers, including on-site advertisers, with a warning that their information may have been compromised when improperly stored in browser cache files.

In the company’s latest security incident, the potentially information exposed included email addresses and phone numbers, as well as the last four digits of clients’ credit card numbers.

Though Twitter has stated that they do not believe this issue has led to any known misuse, the company has not acknowledged how many users have been affected.

A spokesperson for Twitter stated, “as soon as we discovered this was happening, we resolved the issue and communicated to potentially impacted clients to make sure they were aware and informed on how to protect themselves moving forward.”

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.