EU Watchdog Controversy, McDonald’s Data Exposure & xAI API Leak
This week, digital oversight (or the lack thereof) took center stage. The European Commission stands accused of pushing its own pick for the EU’s top privacy cop. McDonald’s managed to guard 64 million job applications with the world’s worst password. And over at Elon Musk’s xAI, a controversial staffer casually leaked access to dozens of experimental AI models.
European Commission Accused of Bias in Data Watchdog Appointment
The European Commission faces serious accusations of “cronyism” and procedural misconduct over its handling of the selection process for the next European Data Protection Supervisor (EDPS). A formal complaint submitted to the European Ombudsman by privacy experts alleges that the Commission skewed the shortlist in favor of its own official, Bruno Gencarelli, raising concerns about transparency and independence.
Critics argue Gencarelli's inclusion violates GDPR rules requiring the EDPS to be unquestionably independent, especially given his prior role in approving data deals involving the Commission. The complainants warn that installing a Commission insider could compromise oversight and undermine the EDPS’s constitutional role. The Commission has not disclosed selection criteria or the rationale behind candidate choices, prompting further transparency concerns.
If you are interested to find out more, check it out here.
McDonald’s AI Hiring Bot Exposes Millions Due to Laughably Weak Password
Security researchers uncovered a major breach at McDonald’s AI hiring platform, McHire, after discovering that its backend was protected by the embarrassingly simple password “123456.” The breach potentially exposed up to 64 million job applications dating back to 2019.
Hosted by Paradox.ai and used by 90% of McDonald’s franchisees, the system leaked applicant names, addresses, phone numbers, and chat histories with the hiring bot. Although Social Security numbers weren’t accessed, the vulnerability highlights alarming security negligence. Experts warn that this reflects a broader trend of companies adopting AI tools hastily, often sidelining cybersecurity. McDonald’s claims there’s no evidence of malicious access and promises future audits and a bug bounty program.
Find out more about the full picture here.
Musk’s xAI Exposed Again After Employee Leaks API Key on GitHub
A controversial employee linked to Elon Musk’s DOGE program accidentally published an API key to GitHub, exposing over 50 AI models from Musk’s xAI project, including sensitive Grok systems used on the X platform. The leak, discovered by GitGuardian, remained active for over a day despite being reported.
This marks the second xAI key leak in three months, raising concerns about lax access controls and national security, especially as Musk’s AI tools are being deployed in federal agencies. The employee, Marko Elez, has a history of prior security lapses and inflammatory behavior, further inflaming criticism. Experts warn that repeated lapses and weak governance in AI integrations with government systems pose growing systemic risks.
