Three privacy headlines

Three separate privacy stories landed within days of each other, and all three hit the same nerve: your phone can leak value even when it is sitting still, your lender can lose your identity data in one employee mistake, and your “encrypted” chat app can become a public trust fight overnight. (classaction.org; techcrunch.com; cybernews.com) The Google case is about cellular data, which is the paid internet connection your phone uses when it is not on Wi‑Fi. Plaintiffs said Android devices sent information back to Google in the background even when the phone was idle, apps were closed, and a Wi‑Fi connection was available. (courthousenews.com; theclassactionlawsuit.com) Google agreed to pay $135 million to settle that lawsuit in federal court in California, and reports say the deal could cover more than 100 million Android users in the United States outside California. The case is Taylor v. Google LLC, filed as 5:20-cv-07956 in the Northern District of California. (bloomberglaw.com; classaction.org) That story is not about a hacker breaking in. It is about a company allegedly using a resource customers already bought from Verizon, AT&T, or T‑Mobile, the way a parked car could still burn your gas while you sleep. (courthousenews.com; openclassactions.com) The Figure Lending story is the opposite kind of privacy failure: not quiet background transfers, but a direct breach. Figure said attackers got in after an employee was hit with a social engineering attack, which is a scam that tricks a person instead of cracking software. (techcrunch.com; securityweek.com) Security researchers and breach notices put the Figure total at about 967,000 user records. Reported exposed details include names, dates of birth, email addresses, postal addresses, phone numbers, and in some notices Social Security numbers, loan account numbers, and loan information. (securityweek.com; prnewswire.com; oag.ca.gov) The alleged attacker group was ShinyHunters, and multiple reports tied the intrusion to a wider campaign aimed at Okta single sign-on accounts. Single sign-on is the one master key employees use to open many internal systems at once, so one stolen login can unlock a lot of doors. (techcrunch.com; securityweek.com) Then came WhatsApp, where the immediate issue was not a confirmed breach but a trust battle over end-to-end encryption. End-to-end encryption is supposed to work like a sealed envelope that only the sender and the recipient can open, not the app company carrying it. (cybernews.com) A California class action accused WhatsApp, Meta, and Accenture of intercepting and accessing private messages despite marketing the service as secure. Elon Musk answered with “Can’t trust WhatsApp,” and Telegram founder Pavel Durov called WhatsApp’s encryption claims “the biggest consumer fraud in history.” (cybernews.com; timesofindia.indiatimes.com) WhatsApp’s response was flatly different. The company said the lawsuit’s claims were “categorically false and absurd” and said WhatsApp has used the Signal protocol for a decade so messages cannot be read by anyone except the sender and recipient. (cybernews.com) Put together, the three stories show three different pressure points on the same device in your hand. One case says the phone may spend your data allowance in the background, one says a lender tied to that phone can spill your identity records, and one says even the app you use for private conversations can become a courtroom argument over whether the envelope was ever sealed. (classaction.org; securityweek.com; cybernews.com)