Privacy
Incidents Harmed By
Incident 84216 Report
Reportedly Hacked AI-Powered Robot Vacuums Allegedly Used for Surveillance and Harassment
2024-05-24
Hackers reportedly exploited a vulnerability in Ecovacs’s Deebot X2 robot vacuums, gaining unauthorized access to camera and microphone controls. Users reported privacy invasions and offensive language broadcasted through the devices. Although Ecovacs claimed to have resolved the security flaw, researchers suggest vulnerabilities remain that could potentially leave users exposed to surveillance and harassment through their AI-enabled devices.
MoreIncident 107515 Report
New Orleans Police Reportedly Used Real-Time Facial Recognition Alerts Supplied by Project NOLA Despite Local Ordinance
2025-05-19
According to reporting by The Washington Post, New Orleans police received real-time facial recognition alerts from a privately operated surveillance network run by Project NOLA, reportedly leading to dozens of arrests. This purported use of AI surveillance appears to conflict with a 2022 city ordinance that restricts facial recognition to specific post-incident investigations. Police are alleged to have not consistently disclosed the technology's use.
MoreIncident 107014 Report
Serviceaide AI Platform Implicated in Health Data Exposure Affecting 483,000 Catholic Health Patients
2025-05-09
An AI-linked platform operated by Serviceaide exposed sensitive health data from Catholic Health, affecting 483,000 patients. The breach stemmed from a misconfigured Elasticsearch database used in Serviceaide’s agentic AI infrastructure. Exposed information included medical records, insurance details, and login credentials. While no misuse has been confirmed, the nature of the data has prompted regulatory scrutiny and legal investigations.
MoreIncident 9617 Report
Serbian Authorities Allegedly Used AI-Powered Cellebrite Tools to Unlock Journalist’s Phone and Install Spyware
2024-12-16
Serbian authorities allegedly used Cellebrite's AI-powered forensic tools to unlock journalists' and activists' phones without consent. They reportedly then installed NoviSpy, a newly discovered spyware. That then purportedly allowed covert data extraction, remote microphone and camera activation, and surveillance. Amnesty International uncovered forensic evidence linking Serbia's Security Information Agency (BIA) to these attacks. Cellebrite halted sales to Serbia after the report.
MoreIncidents implicated systems
Incident 13641 Report
Moltbook Database Exposure Allegedly Revealed Users' Private Communications and API Authentication Tokens
2026-01-31
Wiz researchers reported accessing an exposed Moltbook database in under three minutes, allegedly obtaining ~35,000 email addresses, thousands of private DMs, and ~1.5 million API authentication tokens. The exposure was described as enabling read/write access and potential impersonation or manipulation of "AI agent" accounts. Wiz said it disclosed the issue to Moltbook, which reportedly secured the database within hours and deleted accessed data.
MoreRelated Entities
Other entities that are related to the same incident. For example, if the developer of an incident is this entity but the deployer is another entity, they are marked as related entities.
Related Entities
Clearview AI
Incidents involved as both Developer and Deployer
Incidents involved as Developer
- Incident 4124 Reports
Finnish Police Were Reportedly Reprimanded After National Bureau of Investigation Unit Allegedly Used Clearview AI to Identify Potential Abuse Victims
- Incident 5583 Reports
Activists Allege NYPD's Application of Facial Recognition Interfered with Right to Protest
Incidents implicated systems
Facial recognition technology developers
Incidents involved as Developer
- Incident 4415 Reports
South Korean Agencies Reportedly Shared Airport Travelers' Face Images with Companies to Train Immigration Facial Recognition System
- Incident 4124 Reports
Finnish Police Were Reportedly Reprimanded After National Bureau of Investigation Unit Allegedly Used Clearview AI to Identify Potential Abuse Victims
Minors
Incidents Harmed By
- Incident 5135 Reports
ChatGPT Reportedly Banned by Italian Authority Due to OpenAI's Purported Lack of Legal Basis for Data Collection and Age Verification
- Incident 4124 Reports
Finnish Police Were Reportedly Reprimanded After National Bureau of Investigation Unit Allegedly Used Clearview AI to Identify Potential Abuse Victims
Biometric data subjects
Incidents Harmed By
- Incident 4415 Reports
South Korean Agencies Reportedly Shared Airport Travelers' Face Images with Companies to Train Immigration Facial Recognition System
- Incident 4124 Reports
Finnish Police Were Reportedly Reprimanded After National Bureau of Investigation Unit Allegedly Used Clearview AI to Identify Potential Abuse Victims
Facial recognition technology
Incidents implicated systems
- Incident 4415 Reports
South Korean Agencies Reportedly Shared Airport Travelers' Face Images with Companies to Train Immigration Facial Recognition System
- Incident 4124 Reports
Finnish Police Were Reportedly Reprimanded After National Bureau of Investigation Unit Allegedly Used Clearview AI to Identify Potential Abuse Victims
Surveillance technology developers
Incidents involved as both Developer and Deployer
Incidents involved as Developer
Incidents involved as both Developer and Deployer
- Incident 4651 Report
Private Medical Photos Were Reportedly Found in LAION-5B AI Training Dataset
- Incident 7431 Report
Gemini AI Allegedly Reads Google Drive Files Without Explicit User Consent
Incidents implicated systems
Replika
Incidents involved as both Developer and Deployer
- Incident 6365 Reports
AI Romance Apps Reportedly Compromise User Privacy for Data Harvesting
- Incident 4911 Report
Replika's AI Experience Reportedly Lacked Protection for Minors, Resulting in Data Ban
Incidents implicated systems
OpenAI
Incidents involved as both Developer and Deployer
- Incident 5135 Reports
ChatGPT Reportedly Banned by Italian Authority Due to OpenAI's Purported Lack of Legal Basis for Data Collection and Age Verification
- Incident 11865 Reports
Reported Public Exposure of Over 100,000 LLM Conversations via Share Links Indexed by Search Engines and Archived
Incidents involved as Developer
ChatGPT
Incidents involved as Deployer
Incidents implicated systems
- Incident 9396 Reports
AI-Powered Chinese Surveillance Campaign 'Peer Review' Used for Real-Time Monitoring of Anti-State Speech on Western Social Media
- Incident 5135 Reports
ChatGPT Reportedly Banned by Italian Authority Due to OpenAI's Purported Lack of Legal Basis for Data Collection and Age Verification
Microsoft
Incidents involved as both Developer and Deployer
- Incident 11865 Reports
Reported Public Exposure of Over 100,000 LLM Conversations via Share Links Indexed by Search Engines and Archived
- Incident 11742 Reports
Microsoft Copilot Reportedly Able to Access Cached Data from Since-Private GitHub Repositories
Incidents Harmed By
Incidents involved as Deployer
Schools and teachers who were misinformed and burdened with COPPA compliance responsibilities without adequate disclosure
Incidents Harmed By
Genesia AI Friend & Partner
Incidents involved as both Developer and Deployer
Incidents implicated systems
EVA AI Chat Bot & Soulmate
Incidents involved as both Developer and Deployer
Incidents implicated systems
End users of undisclosed Middle Eastern AI-powered cloud call center platform
Incidents Harmed By
Meta
Incidents involved as both Developer and Deployer
- Incident 12771 Report
Alleged Harmful Outputs and Data Exposure in Children's AI Products by FoloToy, Miko, and Character.AI
- Incident 14711 Report
Meta Internal AI Agent Reportedly Gave Advice That Allegedly Exposed Sensitive Data to Unauthorized Employees
Incidents Harmed By
Incidents involved as Developer
Incidents implicated systems
Serbian Security Information Agency (BIA)
Incidents involved as both Developer and Deployer
Real-time facial recognition alert pipeline to New Orleans Police Department
Incidents implicated systems
Automated person-tracking via clothing and physical descriptors
Incidents implicated systems
Gaggle
Incidents involved as Developer
- Incident 11671 Report
Alleged Gaggle Surveillance Alert Reportedly Leads to Arrest and Detention of 13-Year-Old Student in Fairview, Tennessee
- Incident 12131 Report
Gaggle AI Monitoring at Lawrence, Kansas High School Reportedly Misflags Student Content and Blocks Emails