We frequently receive data requests seeking information about our users. However, we have nothing to share—we don’t log any user activity or connection data, so the information simply doesn’t exist. Wondering just how many requests we get? That’s exactly what our quarterly transparency report is here to reveal. Let’s take a closer look!
Legal Requests — Our Q4 Numbers
For our transparency report, we tally DMCA complaints and police requests.
- Digital Millennium Copyright Act (DMCA) complaints are requests we receive when copyright holders inform us that one of our IP addresses was used to illegally distribute copyrighted materials.
- Police requests are requests we receive when law enforcement agencies inform us that one of our IP addresses was used in unlawful activity.
| October | November | December | |
| DMCA Complaints | 30,775 | 37,301 | 40,677 |
| Police Requests | 0 | 0 | 0 |
As always, we’re unable to comply with these requests. We follow a strict no-logs policy, and our RAM-only servers regularly wipe data. We don’t know anything about what you do online while connected to our servers, and we are under no legal obligation to store user data. Because of this, we don’t have anything to share with the authorities.
With that said, let’s have a look at the numbers.
DMCA Complaints
| October | November | December |
| 30,775 | 37,301 | 40,677 |
The numbers of DMCA complaints normalized after extremely high figures in Q3.
The rise in DMCA requests in Q3 was likely due to the broadcasts of major sporting events. Once that period passed, the numbers in Q4 were relatively low.
Police Requests
| October | November | December |
| 0 | 0 | 0 |
We received no police requests this quarter. Even if we did, we would not have any user data to provide to law enforcement.
Bug Bounty Program — Q4 Numbers
Our Bug Bounty Program incentivizes cybersecurity researchers to search for and inform us of any vulnerabilities in our software, with the chance to earn a reward. In Q4, we received 56 submissions, with 37 unique issues. In total, 6 of these submissions were considered valid, with the other 31 reported issues categorized as false positives, informational, or invalid.
Q4 cybersecurity in review
Companies and individuals alike face numerous online threats. Here are a few cyber incidents that made headlines toward the end of the year.
Private Investigation Agency Created Profiles on 800,000 Italian Citizens
In late October 2024, Italy faced a significant data breach scandal involving the unauthorized access and exploitation of personal information from approximately 800,000 citizens, including high-profile figures such as President Sergio Mattarella and former Prime Minister Matteo Renzi. The breach was orchestrated by the private investigative agency Equalize, which allegedly created dossiers on top Italian business and political figures. The methods used to gather the data included spyware, social engineering, phishing, and exploiting system vulnerabilities. It’s also suspected to have involved collaborators who supplied confidential data, possibly through bribery.
The compromised information was reportedly sold to clients or used to blackmail entrepreneurs and politicians from at least 2019 until March 2024. Four participants were placed under house arrest, while about 60 others were investigated for their involvement.
Hackers Leak UK Ministry of Defence Credentials
Hackers reportedly stole and leaked the email addresses and passwords of approximately 600 UK Ministry of Defence employees on the dark web. These credentials were for the ministry’s Defence Gateway portal, which provides access to training, communications, and other internal resources. While officials did not say that top-secret information was breached, the attack was alarming, as it was a defense-related system that was accessed after all.
Major Breach at Cisco
Cisco confirmed that a hacker known as IntelBroker leaked files from Cisco’s DevHub platform, although Cisco’s own systems were not breached. The leaked files included source code, certificates, and internal documentation, but they did not contain any sensitive information, such as Personally Identifiable Information (PII) or financial data. Cisco stated that the incident was caused by a configuration error during a data migration process. The incident highlights the importance of enforcing strict access controls to APIs.
Many organizations fall short when it comes to security user or customer data, leaving individuals vulnerable. However, you have the power to protect your online privacy and security by taking proactive steps. Take control of your digital safety by choosing privacy-focused services, carefully reviewing privacy policies, and using tools like CyberGhost VPN to encrypt your internet traffic—especially when connected to public Wi-Fi. Your online security starts with the actions you take today.
Leave a comment