Contact Us

    Amit, Pollak, Matalon & Co.

    APM House, 18 Raoul Wallenberg St.,
    Building D, 6th floor, Ramat Hachayal,
    Tel Aviv, 6971915, Israel

    101 Hebron Road
    Beit Hanatziv, Building B, 3rd Floor
    Jerusalem

    Contact

    T. +972-3-5689000
    F. +972-3-5689001
    E. apm@apm.law
    facebook linkedin

    Media Center

    We are drowning in information but starved
    of real knowledge.

    Media Center / Legal Updates

    Technology Giants Duped to Fraudulent Personal Data Requests

    May 2, 2022

    Major technology companies, including Meta, Apple, Google, Snapchat, Twitter, and Discord, have been duped by fraudulent emergency data requests initiated by malicious bodies for harassment and sexual exploitation of women and minors, according to federal law enforcement officials and industry investigations.

    Emergency data requests for sensitive personal data are common among governmental enforcement authorities as part of their fight against imminent danger to data subjects such as suicide, murder, or abductions. However, recently the practice became prevalent among private bodies for financial or malicious interests. Since the requests appear to be from governmental authorities, companies are deficient in detecting such messages’ authenticity.

    Even though the methods used by malicious bodies vary, they tend to follow a general pattern that includes compromising the email system of a law enforcement agency with a forged “emergency data request” to a company pursuing a user’s account data. The user data provided to attackers by the companies is equal to the data provided to law enforcement authorities due to court-order subpoenas and usually includes the name, IP address, and physical and email address. Such data is often used to hack into users’ other online accounts or extort the data subjects.

    In order to minimize the risk from such act we recommend implementing a proper user request response policy which includes, among others, the involvement of a professional DPO when processing user requests.

    This document is intended to provide only a general background regarding this matter. This document should not be regarded as setting out binding legal advice, but rather a practical overview that is based on our understanding. APM &Co. is not licensed to practice law outside of Israel.

    APM Technology and Regulation Team.