Key developments
Reqrea check-in system exposed million identity files
On May 16, WebProNews reported that Reqrea's Tabiq hotel check-in platform left a public Amazon S3 bucket named "tabiq" exposing passports, driver's licenses, and facial verification photos. Independent researcher Anurag Sen found the bucket with no authentication; the exposed records dated back to early 2020, covered dozens of countries, and totaled more than one million documents. Reqrea said it locked the bucket within hours, is reviewing access logs, and plans to notify affected guests after legal review.
Why it matters
It exposed highly sensitive identity and biometric data at travel-tech scale.
Sources & driving stories
WEBPRONEWS · Victoria Mossi
WebProNews coverageAlberta seeks destruction of leaked voters list
On May 17, Yahoo reported that Elections Alberta obtained an injunction ordering Centurion Project to remove an online database of voter information that authorities say matched a voters list given to the Republican Party in June last year. Alberta's chief electoral officer has also applied for a permanent injunction requiring destruction of any copies of the list. The case has revived questions about whether parties should receive province-wide elector data or only riding-specific lists.
Why it matters
The case could change how provinces handle access to and security of full elector lists.
Sources & driving stories
YAHOO
Yahoo coverageWindscribe warns Canada bill could force exit
TechNadu reported on May 16 that Windscribe said it may relocate its headquarters out of Canada if Bill C-22 becomes law. The VPN provider says the proposed Lawful Access Act could force logging of identifying user data, which would conflict with its no-logs model. The bill is still under parliamentary review.
Why it matters
It shows proposed surveillance rules can push privacy providers to reconsider operating in Canada.
Sources & driving stories
TECHNADU
TechNadu coverageWorth noting
WORTH NOTING
Anthropic source code posted online
Kiplinger cited a recent incident in which Anthropic said it accidentally posted Claude source code online, a concrete example of AI-vendor data handling risk.
Still unclear
OPEN QUESTION
How many Tabiq files were accessed?
Reqrea says it will review access logs, but the breach impact depends on whether anyone viewed or downloaded the exposed IDs before lockdown.
OPEN QUESTION
Will Alberta curb full voters-list access?
The injunction and parallel investigations could lead to permanent limits on province-wide elector list distribution.