This week on Privacy Please, Cam breaks down four stories that all come back to one theme: choice.
GigaWiper — Microsoft researchers uncovered a new backdoor malware built from pieces of older malware families, giving attackers the ability to decide after they're already inside a network how they want to cause damage — from low-level disk wipes to fake ransomware with encryption keys that are never even saved. Multiple security firms are independently tracking it, with no group attribution yet.
Connecticut's new AI disclosure law — As of July 1st, companies covered by Connecticut's privacy law must clearly disclose whether their data is used to train large language models like ChatGPT, Gemini, DeepSeek, or Grok. Cam digs into why "disclosure" doesn't always mean "clarity," and what to actually look for in a privacy policy update.
California's Delete Act (DROP) — A correction and a deep dive: DROP has been live since January 1st, not launching in August as previously stated. What actually changes on August 1st is enforcement — the date data brokers become legally required to act on deletion requests. Cam walks through exactly how to submit one at privacy.ca.gov.
The Phantom Hacker gold bar scam — A 78-year-old Phoenix woman nearly lost $600,000 in gold bars to a scammer posing as a federal official — until she turned the tables and called the FBI herself. Cam covers the arrest, the courier-for-hire business model behind it, and the billion-dollar scale of phantom hacker scams since 2024.
Tips for this episode:
Back up your data offline — wipers don't negotiate, there's no ransom to pay your way out
Search privacy policy updates for "train," "AI," or "language model" before skimming past them
California residents: submit a DROP request now at privacy.ca.gov so it's queued before enforcement begins on August 1st
No real government agency will ever tell you to convert your money to gold, crypto, or gift cards — hang up and call the agency back yourself
Sources referenced:
Microsoft Security research on GigaWiper
Connecticut Data Privacy Act (CTDPA) amendment, effective July 1, 2026
California Delete Act / DROP platform, cppa.ca.gov
FBI IC3 reporting on Phantom Hacker and gold bar scams
AZFamily coverage of the Gary Christopher arrest, Phoenix Sky Harbor Airport
Chapter Timestamps
00:00 – Cold Open 01:30 – GigaWiper: Choose-Your-Own-Destruction Malware 04:00 – Connecticut's LLM Data Disclosure Law 06:15 – California's Delete Act & DROP Platform 08:30 – The Phantom Hacker Gold Bar Scam 11:30 – Recap & Close
Podden och tillhörande omslagsbild på den här sidan tillhör
A Problem Lounge Show. Innehållet i podden är skapat av A Problem Lounge Show och inte av,
eller tillsammans med, Poddtoppen.