A study released Tuesday reveals that many workplace monitoring applications transmit employee data not only to employers but also to digital advertising platforms and data brokers. The research, led by Stephanie Nguyen, a senior fellow at Columbia Law School's Center for Law and the Economy and former chief technologist at the Federal Trade Commission under Lina Khan, examined nine popular "bossware" services. All nine were found to share some form of information with third-party platforms, according to the report.

The data shared includes names, email addresses, and web browsing history. Recipients of this data include major ad platforms such as Facebook and Google. The study did not name the specific bossware services but noted that they are used by hundreds of thousands of workplaces to monitor employee activity.

Nguyen's review highlights a growing concern about privacy in the workplace as remote and hybrid work models become more common. Employee monitoring software often tracks keystrokes, screenshots, and time spent on tasks, but the extent of data sharing with third parties has been less understood.

The findings come amid increased regulatory scrutiny of data privacy practices. The FTC has been active in pursuing cases against companies that misuse consumer data, and the study suggests that workplace monitoring tools may be operating in a gray area of consent and transparency.

Employers using these tools may not be fully aware of the data-sharing practices, the study suggests. The report calls for greater transparency from bossware providers and clearer disclosures to both employers and employees about how data is used and shared.

Representatives from Facebook and Google did not immediately respond to requests for comment. The study's authors recommend that companies review their monitoring software contracts and data-sharing policies to ensure compliance with privacy regulations.

The full study is available on the Columbia Law School website. Nguyen and her team plan to expand the research to include more bossware services and examine the legal implications of the data-sharing practices they uncovered.

Trump Mobile, a mobile virtual network operator (MVNO) associated with former President Donald Trump, is facing allegations of a data leak that exposes customers' personal information. Two YouTubers have reported that the company is leaking email and home addresses, and that Trump Mobile has not responded to individuals who alerted the company about the exposure. The YouTubers stated they verified that their own leaked data was authentic, raising concerns about the security of customer information.

The alleged leak involves sensitive personal details, including email addresses and physical home addresses, which could be used for identity theft or targeted harassment. The YouTubers, who have not been named in the reports, claimed they discovered the data exposure and attempted to notify Trump Mobile but received no response. The company's silence has intensified scrutiny over its data protection practices.

Trump Mobile operates as an MVNO, meaning it resells wireless services from major carriers under its own brand. The company markets itself to supporters of Donald Trump, offering plans that emphasize conservative values. The alleged data breach could undermine trust among its customer base, which includes politically engaged individuals who may be particularly concerned about privacy.

The YouTubers did not specify how they discovered the leak or the extent of the data exposure. However, they asserted that the leaked information matched their own personal details, confirming the breach's validity. Without a response from Trump Mobile, it remains unclear how many customers may be affected or what steps the company is taking to address the issue.

Data breaches involving MVNOs are not uncommon, as these companies often rely on third-party infrastructure and may have less robust security measures than major carriers. The exposure of email and home addresses can lead to phishing attacks, doxxing, or other forms of cyber exploitation. Customers of Trump Mobile are advised to monitor their accounts and be cautious of unsolicited communications.

As of now, Trump Mobile has not issued a public statement regarding the alleged leak. The company's website and social media channels have not addressed the reports. The YouTubers have called on the company to acknowledge the breach and take corrective action to protect customer data.

The Federal Trade Commission (FTC) and other regulatory bodies have not commented on the incident. If the leak is confirmed, Trump Mobile could face legal consequences under data protection laws, including potential fines for failing to safeguard consumer information. The company's lack of response may also lead to reputational damage and customer attrition.

Customers who believe their data may have been exposed are encouraged to change passwords, enable two-factor authentication, and report any suspicious activity to authorities. The YouTubers have urged Trump Mobile to notify affected individuals and implement stronger security measures to prevent future breaches.

Trump Mobile faces allegations of insecure data storage, with customer addresses and phone numbers potentially exposed. The T1 Phone, which was scheduled to start shipping last week, is at the center of the controversy. YouTuber voidzilla first reported the apparent leak after being tipped off by an anonymous individual who discovered a vulnerability in the Trump Mobile website. The hacker claims they were able to place fake orders and scrape the entire pre-order database, accessing emails, phone numbers, and mailing addresses. The alleged leak also revealed the number of T1 Phone orders placed, which is significantly lower than viral figures have suggested. Trump Mobile has not yet commented on the allegations. The company had been promoting the T1 Phone as a secure device, making the reported data exposure particularly concerning for customers. The full story is available at The Verge.

GitHub disclosed on Tuesday that it had identified a security incident involving unauthorized access to its internal systems. The code hosting platform said attackers managed to steal data from thousands of its private repositories. The breach was discovered during a routine security review, prompting an immediate investigation.

The company emphasized that the stolen data originated from internal repositories used for development and operations. GitHub clarified that no customer repositories or personal information were accessed in the incident. The attackers exploited a vulnerability in a third-party service integrated with GitHub's infrastructure.

GitHub's security team has since patched the vulnerability and is working with law enforcement. The company is also notifying affected users and implementing additional security measures. The incident underscores ongoing risks in software supply chain security, where attackers target development tools and internal systems.

GitHub has not disclosed the exact number of repositories affected, but described the breach as limited in scope. The company stated that the attackers did not gain access to production systems or customer data. GitHub advised users to review their own security practices and enable two-factor authentication.

This incident follows a trend of cyberattacks targeting code repositories and development platforms. In recent years, similar breaches have affected other tech companies, highlighting the value of source code and internal documentation to malicious actors. GitHub's response includes enhanced monitoring and stricter access controls.

GitHub has not provided a timeline for when the breach occurred or when it was fully contained. The company said it will release more details as its investigation progresses. Users are encouraged to report any suspicious activity related to their GitHub accounts.

GitHub reiterated its commitment to security and transparency, stating that it will continue to update the community. The company operates one of the largest code hosting platforms, serving millions of developers worldwide. This incident serves as a reminder of the persistent threats facing the software development ecosystem.