A Look Back –Privacy and Security Issues in April 2025

In this monthly wrap up, we take a look at some privacy and security issues that made headlines in April.

Blue Shield of California Data Breach.  In a press release on its website, Blue Shield of California (“Blue Shield”) provided information regarding a data breach it suffered, which resulted in the exposure of its customers’ information to Google.  Some news reports estimate the number of customers impacted could be around 4.7 million.  The data breach appears to have been caused by a misconfiguration of Google Analytics, which Blue Shield uses to internally track website usage of members who enter certain Blue Shield websites.  The breach had gone on for years (April 2021 through January 2024) and was discovered in February of this year.

New Group Created at U.S. Patent and Trademark Office.  The U.S. Patent and Trademark Office (“USPTO”) announced the creation of the USPTO’s Patent Fraud Detection and Mitigation Working Group, which will work to monitor suspicious patent filings and identify potential misrepresentations to the USPTO, such as false signatures.  This Group has a webpage and has published examples of threats that patent applicants and owners should be aware of.  The USPTO also maintains a webpage to provide information on trademark scams, which should be routinely reviewed by trademark applicants, stakeholders, and attorneys.

Meta uses Public User Data for AI Platforms in EU.  On April 14^th, Meta announced that it would use public content to train AI at Meta.  The public content includes public posts and comments “shared by adults on [Meta] products in the EU.”  Interactions with Meta AI will also be used in the training.  This announcement was made after Meta had delayed the training to receive clarification from relevant legal regulators.  According to Meta’s announcement, the European Data Protection Board (EDPB) approved Meta’s use of this training.