Close

pexels-cottonbro-5473955

Gendered Harms of Data Weaponization

Table of Contents

Four Factors of Gendered Harms

To evidence gender as a point of vulnerability impacting and even determining the nature and severity of harms caused by data weaponization, this research proposes four categories or “factors”: data, control, perception, and access. These categories help to capture the gender-specific aspect of various attacks. Importantly, the factors interact, cascade, and compound, as observed in a Chatham House report: “[Gendered harms] are cascading because one form of gendered cyber harm leads to another. They are compounding because such cascades increase the impact on the people affected.”1 The intersection of these factors reinforces the gender dimension of data weaponization and the severity of experienced harm.

Data breaches and unauthorized disclosure of gender-specific data, such as information about reproductive health, gender identity or sexual preference, can result in gendered harms. Weaponization of medical data through hack-and-leak operations, ransomware attacks, and multiple extortions may inflict reputational, psychological, and legal harms on victims. The commodification of sensitive data from fertility apps, or “femtech,” and dating apps fuels abuse by enabling unauthorized sharing of intimate information, including those relating to abortions and HIV status, leading to exploitation, stigma, and discrimination, especially in societies where such behavior is criminalized or stigmatized.

“Data can be weaponized to exert control over individuals and communities…These dynamics can be present both in intimate relationships or as part of broader societal power imbalances.”

Data can be weaponized to exert control over individuals and communities based on existing gender dynamics. These dynamics can be present both in intimate relationships––in the form of domestic violence, especially intimate-partner violence––or as part of broader societal power imbalances manifested in patriarchal systems. In such contexts, even personal data that is not gender-specific, such as addresses, contact information, or communication metadata, can be weaponized in a gendered way to facilitate stalking, surveillance, harassment, and violence.

Perception is inherently gendered, as women’s sexuality and agency have been viewed differently and measured against different standards than men’s. Similarly, LGBTQ individuals have faced distinct and discriminatory perceptions. This factor helps to capture how sexist, misogynistic, biased, and discriminatory attitudes fuel data weaponization to humiliate, defame, or destroy reputations. Examples include cases when data and images are fed into defamation and disinformation campaigns, or used in nonconsensual sharing of intimate images.

Access to essential services can increase gendered harms when data weaponization leads to operational disruption or otherwise limits the availability of facilities, assistance, or information related to gender-specific care, such as those provided by abortion clinics and transgender centers. Gendered harms also emerge when the operational disruption impacts vital services that women and queer individuals rely on and already face barriers to access. In addition, considering the traditional gender roles and social norms regarding caregiving responsibilities and unpaid domestic labor that are still prevalent in certain settings, women may be further disproportionately impacted by attacks against a range of critical infrastructure sectors, including health care, education, and transportation.

1. The Data Factor

Health Care Data

The protection and confidentiality of sensitive data are essential to safeguarding an individual’s privacy, personal security, and fundamental human rights, and ensures their ability to exercise autonomy and agency. Data breaches can have severe repercussions for the affected people, and their gendered impacts can be evidenced in the attacks on health care data and information leaks about gender and sexual identity. When gender-specific data is accessed, even in the case of indiscriminate attacks that do not target specific individuals or groups, such incidents can have a distinct and disproportionate impact on women and LGBTQ people. Breaches of medical data related to sexual and reproductive health, including details of pregnancy stages and cases of abortion, can affect not only women’s privacy but also their health, dignity, self-development, societal and psychological well-being, physical security, and access to services. The negative consequences are pronounced in countries where abortion is illegal or in traditional and patriarchal societies, where women and medical practitioners face serious repercussions. Similarly, data leaks can put people of diverse gender identities, expressions, and sexualities at risk of being involuntarily outed. Exposing their identity and sexual preference can lead to family rejection, societal ostracization, and loss of employment.2 Moreover, given the precarious nature of the positioning of LGBTQ communities in society and how vulnerable these individuals are to mental and physical abuse, data breaches can expose victims to further stigmatization and violence. 3

Attacks on the health care sector have intensified, leaving millions of patients affected by data breaches.4 These attacks have a gendered dimension if gender-specific data is leaked, when gender is weaponized to exacerbate harm, or when attacks have a gendered motivation in the first place. Even if there is no immediate evidence of the data resurfacing on the dark web or misused for ransom demands, once data is hacked, there is no reassurance it will not be eventually leaked. At the same time, breaches of sensitive medical data can erode trust in health care services, leading to long-lasting harm. In June 2024, the Russia-speaking Qilin Ransomware-as-a-Service (RaaS) group, also known as Agenda, attacked blood matching tests for several health care organizations operating as part of the National Health Service in London. Breached sensitive data, including the results of blood tests for HIV, were published online by the cybercriminal group on a messaging platform.5 In May 2023, a ransomware attack by Russian-speaking RaaS group TA505, known as Clop, targeted the Better Outcomes Registry & Network, a perinatal and child registry in Ontario, Canada. The incident, caused by vulnerabilities in the MOVEit file transfer service, led to a data breach.6 The ripple effect impacted hospitals, midwife practices, fertility clinics, and neonatal intensive care units and compromised personal information of 3.4 million people seeking pregnancy care between 2010 and 2023. Data of mothers, newborn babies, and parents seeking fertility treatment were exposed, including names, home addresses, and health card numbers, along with lab test results, procedures, and outcomes relating to pregnancy and newborn care.7 The combination of personal data and medical data aggravated the potential harm.8

A knowledge gap remains regarding the full spectrum of consequences resulting from data breaches.9 Accounts of victims’ personal experience remain anecdotal and captured in individual testimonies. For instance, in October 2023, a data breach at a Melbourne hospital led to unauthorized access to medical data of more than 190 patients treated there. A patient whose details were exposed shared that she had been affected by other data breaches, but this one has been the most difficult for her, because “they [the targeted organization] were able to confirm at this stage what information [of the patient] has appeared on the dark web, but they said there is no guarantee that it will not appear in the future. My health records are safe in the hospital vault essentially, but a lot of the other details have been leaked.”10 Once a data breach occurs, the compromised data may be carelessly stored by actors with little concern for maintaining its privacy. This highlights the permanence of harm that follows once data is accessed.

Victims of data breaches can experience psychological insecurity, violation, and trauma. They can also face criminal charges in countries where abortion is illegal. In July 2016, due to a security failure, a database of the Municipality of São Paulo in Brazil was published, exposing personal and medical data of an estimated 650,000 patients, including public agents from the public health system. The medical data comprised sensitive gender-specific information such as pregnancy stages and abortions. There have not been reported cases of women being charged in the outcome of this incident, but the data breach raised serious concerns about the potential for legal repercussions in a country where abortion is heavily restricted and often criminalized with no exceptions for birth defects.11

Not only have attacks on health care become more common—patient data breaches doubled in 2023—hackers have also refined strategies to exacerbate harm.12 As organizations have learnt to retrieve customer data through backups, hackers have become more aggressive, leaking the stolen data on the dark web and online platforms and coercing the target organizations and victims through multiple extortions.13 An illustrative case was disclosed in February 2023, when a Russian-speaking RaaS group ALPHV, known as BlackCat, attempted to extort a health care network in Pennsylvania by publishing photographs of breast cancer patients.14 Data weaponization can inflict reputational damage and victimize women for their reproductive health choices. In a ransomware attack against the Australian health insurer Medibank in October 2022, cybercriminals accessed records of almost 10 million customers. The Russian-speaking RaaS group REvil, also known as Sodinokibi, leaked sensitive medical data on the dark web, including a spreadsheet listing 303 patients alongside billing codes related to pregnancy terminations, such as nonviable pregnancies, miscarriages, and ectopic pregnancies. The dataset sorted patients into “good” and “bad” lists based on the trimester during the abortion occurred.15

Gender can also serve as the primary motivation behind attacks. In a 2012 case, a member of the hacking collective Anonymous breached the website of Britain’s largest abortion provider with the intent to release the personal details of women who had used its services. The perpetrator stole around 10,000 database records containing the personal details of women registered on the British Pregnancy Advisory Service site. This case highlights how the stigma surrounding abortions can lead to women being disproportionately impacted and deliberately targeted by data breaches. The perpetrator confessed being motivated by his disagreement with his two friends’ abortion, the presiding judge describing the attacker as a “zealot with an anti-abortion campaign.”16

LGBTQ communities face increased risks concerning the privacy of medical data and information related to gender identity and sexual orientation. In February 2019, the medical records of 14,200 people living with HIV in Singapore were published online, exposing them to significant harm.17 The perpetrator, the partner of a Singaporean doctor with authorized access to the database, gained unauthorized access to confidential information from the country’s HIV registry. He then threatened to release sensitive and personalized medical data unless his husband was released from prison and the database was shut down. The medical data included information about LGBTQ individuals, many of whom had not publicly disclosed their HIV status, leaving them vulnerable to stigma and discrimination. This risk was especially significant in a country where sexual activity between men was criminalized until 2007 and only fully legalized in 2022. The perpetrator, a U.S. citizen, pleaded not guilty, claiming that his actions were intended to highlight security lapses in the database, which he argued was discriminatory. His partner, a Singaporean doctor, was charged under Singapore’s Official Secrets Act for failing to safeguard the information.18 Following the incident, LGBTQ rights organizations warned of an increase in hateful comments and heightened stigmatization of individuals living with HIV. 19

Data-Sharing with Third Parties

Medical data can be given knowingly, but used for unauthorized purposes, undermining the principle of purpose limitation in responsible processing of personal data. Data sharing with third parties without informed consent, as well as excessive data collection and data sharing practices, constitutes data weaponization. The gendered dimension is pronounced in femtech, such as fertility apps, which collect information on menstrual cycles, sexual activity, opportunities for conceiving a child, and symptoms and stages of pregnancy. Femtech engages in widespread data misuse.20 According to the Organization for the Review of Care and Health Apps, most period trackers share data with third parties.21 Research by Mozilla, examining over 20 pregnancy and period tracking apps for privacy and security features, concluded that the majority of analyzed apps collected large amounts of personal data and shared it with third parties.22 Capitalization of reproductive health has become a common business model facilitated in and through technology at the expense of women.23

The extensive commodification of sensitive data by femtech constitutes gendered harm. This data is vulnerable to breaches, leaks, commercial de-anonymization, publication, and exploitation. Unauthorized sharing of personal information related to sexual and reproductive health can inflict harms ranging from psychological, such as the distress caused by inappropriate fertility advertising targeting miscarriage victims, to physical and legal harms for individuals seeking abortions. App providers may be requested to share this data with the authorities in places where abortions are illegal or where abortion and reproductive health care are limited.24 The Centre for Feminist Foreign Policy highlights that without privacy standards in place to protect user personal and medical information, women are largely on their own to safeguard sensitive health data that companies routinely collect.25

Since the U.S. Supreme Court’s decision to overturn Roe v. Wade, privacy advocates have urged women to delete period tracking apps, citing concerns that fertility data could be used against the users.26 In addition to gender-specific femtech data, information about accessing online health services, combined with location data indicating proximity to sexual and reproductive health facilities, may be monitored by law enforcement to track and prosecute individuals seeking abortion.27 To support these concerns, the Surveillance Technology Oversight Project released a report explaining how anti-abortion governments and private entities surveil women’s search history, location data, and social media content.28 As a result, privacy violations in femtech, coupled with surveillance practices, contribute to the broader erosion and stigmatization of women’s reproductive rights and can interfere with their rights to access medical information and services.29

Dating Platforms

Dating platforms that collect sensitive data raise privacy and security concerns. If a dating app catering to queer individuals suffers a data breach, the exposure can expose users’ gender identity and sexual orientation without their consent. Since activities related to gender expression and sexuality are frequently stigmatized and even criminalized, the repercussions of such incidents can be severe, with victims finding it nearly impossible to seek justice or recourse. In November 2021, cybercriminals hacked and leaked data from the LGBTQ dating site “Atraf,” revealing sensitive information such as sexual orientation and HIV status. The Israeli platform, which primarily serves male clients, left many fearing that personal data could be exposed, with some victims describing the breach as life-threatening. The tactics, techniques, and procedures used, including methods of victim-blaming to coerce ransom payments, led to allegations that the incident was linked to the Iranian-affiliated threat actor Black Shadow. 30

The overzealous data collection by dating and social apps is accompanied by weak privacy practices. Mozilla’s 2024 review of dating apps found that unless users actively opt out, dating websites could be selling their personal data for profit. The report continues to suggest that the privacy practices of dating apps have worsened since the initial review in 2021.31 Recorded Future research into threat activity targeting popular LGBTQ social apps concluded that these apps can be targeted by actors on the dark web and in underground markets and forums. Across the five chosen social apps analyzed by Recorded Future, 77 percent of the targeted activity is listings for the sale of compromised account credentials and associated user data on dark web markets.32 This is alarming, especially in regard to the combination of gender-specific data and location data that such applications collect and share.

The LGBTQ community is extremely vulnerable when access to sensitive data intersects with state control, such as when dating apps are used by authorities to target individuals.33 For example, Egypt has a long history of prosecuting queer individuals. Domestic law does not directly prohibit “homosexuality,” but a complex legal structure of interpretations and precedents facilitates continuous and targeted persecution of queer individuals. Egyptian prosecutors increasingly rely on digital evidence to prosecute people through online dating app entrapments. Queer activists and groups in Egypt warned members of the LGBTQ community to refrain from using apps with built-in location tracking or social media that can be monitored.34

A 2018 report by Article 19 detailed how dating apps have been weaponized to enable blackmail and arrests in Egypt, Lebanon, and Iran. The investigation revealed that cybercriminals, offenders, and even law enforcement use these platforms to entrap individuals, luring them into offline meetings through “catfishing” or coercing them into sharing sensitive information and intimate images.35 Despite numerous instances of abuse, dating apps continue to operate, using a dangerous combination of courting at-risk users and failing to protect their privacy and security. For example, Grindr, a widely used app, particularly in the Arab world, was found to have sold users’ location data for years through ad networks, potentially exposing the movements, work locations, and home addresses of millions of gay men.36 The revelation followed years of Grindr’s data privacy failures, including allowing anyone to pinpoint users with a triangulation technique.37 Given the vulnerable position of gender and sexual minorities in society and how vulnerable they are to abuse, these exploitative data practices inflict severe gendered harm.

2. The Control Factor

Data Breaches Enabling Gender-Based Violence

Data can be weaponized to exert control over individuals, often reinforcing existing gender dynamics and vulnerability. Breaches of personal data such as names, numbers, addresses, or employers, while themselves not gender-specific, can inflict gendered harms and put women at higher risk of doxing, stalking, surveillance, harassment, sexual violence, intimidation, and physical abuse.38 For example, in a 2018 case, several women had been contacted following breaches of personal information at Crosshouse Hospital. The affected individuals were notified that their personal information, including phone numbers and addresses, had been accessed by a staff member who had “no legitimate clinical or administrative requirement.” The perpetrator was charged in connection with stalking and data protection offenses.39 Data breaches can result in increased risks of harassment or intimidation to which individuals impacted by domestic violence may be more susceptible. Personal data of at-risk persons accessed by ex-partners or other untoward persons can be misused and eventuate into psychological or physical harm.40 In March 2022, the Wakefield Council in the United Kingdom was handling child protection court proceedings when it sent documents, including the address, where the victim lived with her children, to the abuser. As a result of the data breach, the domestic violence victim and her children had to be urgently rehoused.41

Indiscriminate leaks of location and contact information also impact women differently, and more severely, when considering the prevalence of gender-based violence.42 According to the figures published by the UNODC, some 47,000 women and girls worldwide were killed by their intimate partners or other family members in 2020, with many more leaving their homes to seek safety from domestic abuse.43 These numbers are alarming, especially considering that breaches of personally identifiable data become increasingly common each year. To illustrate the gendered harms that can arise from personal data leaks, consider the case in July 2016 when WikiLeaks published extensive databases exposing the personal information of 50 million Turkish citizens, including a near-comprehensive database of adult women in the country. Although the hackers were not targeting women specifically, the attack had a disproportionate effect on women. Their addresses became available to stalkers, ex-partners, or disapproving relatives in a country recording high numbers of gender-based violence.44

In January 2018, the data breach of the Aadhaar database, the world’s largest biometric ID system, exposed the personal and biometric information of over a billion Indian citizens. The compromised data included names, addresses, photos, phone numbers, emails, and biometric information. The website’s application programming interface, which did not have required access controls, was connected to the Aadhaar database. Hackers exploited this vulnerability and sold access to the personal data via a WhatsApp group.45 Similar concerns arose from the AT&T hack in April 2024, when hackers compromised six months’ worth of call and text message records for nearly all AT&T cellular network customers, exposing sensitive metadata related to their communications. The content of the calls and messages was not compromised, and customers’ personal information was not accessed, but the records included phone numbers. Metadata revealing information about communications is highly sensitive, especially when collected and analyzed at large scales to reveal patterns of behavior and connections between people.46

Surveillance Apps and the Internet of Things

Men have been found to be more likely to commit cybercrimes, especially those associated with hacking and gender-based offenses, such as using spyware against intimate partners and sharing nonconsensual intimate images online. At the same time, women are particularly vulnerable to digital surveillance and control committed by partners or family members as a form of surveillance, control, and continuing the cycle of family or intimate partner abuse.47 Though intimate partner violence impacts all genders, women comprise the majority of victims in heterosexual relationships. A 2023 Australian study further indicates that the prevalence of technology-facilitated abuse might be higher in sexual and gender minority relationships than in heteronormative ones.48

To gain access to their targets’ private data, attackers can use surveillance applications known as “stalkerware” or “spouseware,” which enable unauthorized individuals to covertly monitor the digital activities of others. An entire industry dedicated to developing digital surveillance tools operates largely unregulated, driven by commercial demand. Monitoring software can be installed in secrecy through dual-use apps and masked by socially accepted labels such as “parental control.”49 Consumer mobile spyware apps are able to monitor user activity, including text messages, phone calls, and location, and transmit the information to the abuser. The perception of threat alone can cause significant harm to victims, as the mere awareness of a pervasive danger serves as a form of control.50 The Coalition Against Stalkerware reported a significant spike in the use of the surveillance software during the coronavirus pandemic, with a 780 percent increase in detections of monitoring apps. This rise correlates with increased domestic violence reports, as many individuals were confined to their homes and reliant on technology for communication.51 An Access Now report highlights that the use of stalkerware can have a “devastating impact on women targets, especially given the lack of robust legal or social protections against gender-based violence—which includes physical, economic, mental, and other harms—and the many hurdles presented by existing political, societal, and gender power asymmetries.”52

The Internet of Things (IoT) devices provide further vectors for exerting control. Attackers can repurpose dual-use applications built for beneficial or innocuous purposes. For example, anti-theft devices such as doorbell cameras can be used for stalking.53 Devices like fitness trackers and item-finding software can also facilitate abusive practices.54 The Department of Computer Science of the University College London conducted research evidencing that technology-facilitated abuse flourishes through unauthorized use of phones, trackers, and other emerging technology, changing the nature of intimate partner violence.55 Dual-use devices and applications can extend the sense of the perpetrator’s presence, further isolating, punishing, or humiliating victims and preventing them from seeking and receiving support.56 Nearly any system that collects and shares location data can be weaponized against its users. This includes vehicles that gather extensive information about drivers, including their location and driving patterns.57 A report by the International Digital Accountability Council further uncovered that some of these devices and apps sent unencrypted personal information to third parties.58 Data weaponization in its gendered form poses a significant public health issue, affecting the target’s mental and physical health, dignity, self-development, and access to services.59

Abuse of Spyware and Data Collection by States

The frequency and prevalence of violence against women and gender and sexual minorities are linked to patriarchal systems of government that politicize gender and exert control over nonconforming citizens.60 By allowing gender-based violence in public life, and not providing recourse for victims, states normalize abusive practices. In this way, gender plays a key role both as a social structure and a system of power. In this context, collecting private data about the locations, contacts, and activities of women and queer individuals is often part of a broader strategy aimed at surveilling, harassing, intimidating, and ultimately silencing targeted groups. The use of surveillance software for these purposes can inflict gendered harms, isolating victims and threatening to expose their contacts or intimate lives. This type of data weaponization is extremely harmful to LGBTQ individuals and advocates. For example, according to a Haaretz investigation in 2018, the Indonesian government purchased surveillance software to create a database of LGBTQ rights activists who had been targeted for surveillance.61 Similar to technology-facilitated intimate partner abuse, the mere presence—or even the perceived presence—of surveillance can result in psychological harm, privacy and security concerns, and a chilling effect. This often leads targets to withdraw from social or public life or alter their behavior to conform to imposed norms. Victims of intrusive surveillance report mental stress, paranoia, social isolation, and self-censorship for fear of a possible backlash.62

“Collecting private data about…women and queer individuals is often part of a broader strategy aimed at surveilling, harassing, intimidating, and ultimately silencing targeted groups.”

Women with public profiles, such as journalists, activists, human rights defenders, political candidates, and whistleblowers, are particularly exposed to threats that instrumentalize their gender. Targeted surveillance, interception of communications, and confiscation of devices can expose especially women to continued harm, including doxing, stalking, harassment, and physical violence.63 Data exploitation can expose the target’s private information, communication, sources, and contacts, and can even harm their family members. For instance, Citizen Lab reported that Mexican investigative journalist Carmen Aristegui and her minor son were targeted, both receiving messages containing spyware exploit links.64 If a device becomes infected with spyware or a target falls victim to a phishing attack, it can erode trust within their communities and networks, undermining their reputation, and negatively impacting their relationships and work opportunities.

The UN Special Rapporteur on the rights to freedom of opinion and expression recognized targeted digital surveillance of journalists and media workers as one of the three major contemporary threats to the safe and free practice of journalism.65 The Committee to Protect Journalists further concluded that “gender-based violence and harassment—both online and offline—is used to intimidate and silence female journalists, posing threats to press freedom.”66 A 2021 UNESCO report on global trends in online violence against women journalists, which surveyed over 900 female-identifying journalists in 125 countries, found that 20 percent of all respondents said they had been attacked or abused offline in connection with online violence they had experienced.67 In 2022, Access Now and Front-Line Defenders reported that governments in the MENA region and beyond were using spyware to perpetrate human rights abuses and suppress activists and journalists.68 The Pegasus malware has been reportedly used in more than 50 countries worldwide to infect the phones of activists, journalists, and human rights defenders, amongst others.69 Many women’s rights defenders have been targeted as part of these campaigns. Access Now highlighted that the impact of surveillance on women is particularly egregious and traumatizing, as governments have weaponized personal information extracted through spyware to fuel smear campaigns, blackmail, extort, and dox the targets and encourage others to harass them as well.70 Prominent international cases of surveillance targeted female journalists in Russia, Azerbaijan, Mexico, and Lebanon.71

Data breaches, especially in high-risk environments, can eventuate into threats and physical harm. For example, the personal information of hundreds of journalists who had registered to cover national events in Mexico was hacked and posted on a website in February 2024. The leaked information contained journalists’ full names, their personal identity code, and a copy of a personal identification document, prompting a call by the Committee to Protect Journalists for an immediate investigation. In Mexico, which continues to be an extremely dangerous country for journalists, privacy laws compel any government agency subjected to a data breach to immediately inform the people whose information has been leaked. However, the federal government did not inform the reporters whose information was leaked until it was already widely publicized.72 Journalists in Mexico lack social and institutional protections, making them vulnerable to threats and aggression. The Global Initiative Against Transnational Organized Crime stressed that when analyzing violence targeting journalists in Mexico, it is also important to highlight the additional layer of gender impact.73 According to CIMAC, a Mexico-based organization that has been documenting attacks on women journalists, attacks against female journalists in Mexico have increased fivefold between 2013 and 2022. However, gender is consistently ignored despite the additional vulnerability of women in the field.74

Finally, mass surveillance in public spaces can intersect with gender by facilitating control over targeted groups of population. Similar to intimate partner violence enabled by smart technology, data collection in authoritarian and patriarchal societies can lead to abusive practices that inflict gendered harm. Research by Azadeh Abkari at the University of Twente reveals that Iran leverages smart technology to surveil and police women’s clothing.75 Iranian Special Police Forces, mandated to deal with insurgency, gathered data from traffic cameras and used the data to identify and penalize women who violate the country’s strict Islamic dress code. By policing women in public spaces, such data-exploitative control can severely restrict women’s participation in public and social life.76 Iran is among the many governments that utilize intrusive software and smart technologies as part of their data-driven oppressive practices.77 This abuse has significant negative impacts on victims due to the cumulative effects of three distinct factors: the type of data being collected, who has control over that data, and how it impacts the access of the affected individuals.

3. The Perception Factor

Disinformation and Defamation Campaigns

Women and LGBTQ individuals experience distinct and discriminatory views compared to men. Misogynistic and sexualized defamation, disinformation, nonconsensual sharing of intimate images, and the resulting harassment and abuse represent a distinct form of data weaponization. This weaponization exploits gender and sexuality to shame, intimidate, and deter targets from engaging in public or social life.78 For illustration, in the summer of 2020, phones of female journalists and activists in Saudi Arabia were infected with spyware and the acquired intimate photos circulated on social media. These coordinated defamation campaigns also fabricated narratives to accompany the images to incite outrage among conservative audiences and subject the targets to public shaming. 79 Attacks that weaponize gender carry a deeply personal impact, destroying reputations and leading to prolonged harassment and abuse. These campaigns suppress democratic engagement by preventing individuals from fully expressing themselves or participating in public life on equal footing. By publicly attacking women, perpetrators send a message to the entire group they represent. When women do not have the necessary tools to participate in contemporary political life, their absence in government institutions translates into a democratic deficit.80 Since data manipulation in the form of fake visual content is on the rise, gender identity risks being the difference between full membership and second-class citizenship in a community of political rights.81

Gendered data weaponization is a national security problem since gendered defamation and disinformation have been a distinct part of the foreign interference toolkit.82 A 2022 European Parliament report on foreign interference in democratic processes “recognizes that gendered disinformation attacks and campaigns are often used as part of a broader political strategy to undermine equal participation in democratic processes, especially for women and LGBTIQ+ people” and stresses that such disinformation fuels hate, both online and offline, and threatens lives.83 An attack on a Finnish journalist who exposed fake news operations and a troll farm in Russia shows how sensitive data can be weaponized through systematic sexualized attacks to discredit people and institutions. In 2014, Jessikka Aro saw her medical information published online after a breach into archived court files, including data showing her fine for drug use years ago. The following coordinated defamation campaign framed her as a “NATO drug dealer,” undermining her reputation and the credibility of her work. The journalist was subsequently doxed after malicious actors released her home address, and was continuously the subject of defamation campaigns alleging her of being a prostitute to CIA and NATO officials. The online abuse eventuated into death and rape threats.84 This case of multiple data exploitations shows how disinformation campaigns can use elements of facts and fiction to inflict more severe reputational damage.85 The cumulative effect of personal data breaches, sexist defamation campaigns, and an abusive environment illustrates the cascading and compounding nature of gendered harms—where one form of abuse leads to another, ultimately intensifying the inflicted harm.

The proliferation of fake videos depicting political figures in compromising situations poses another significant threat to the openness and fairness of elections. Sexualized, doctored images and videos purportedly showing female politicians and candidates have targeted many women, including high-profile figures in Ukraine, Rwanda, Croatia, and the United Kingdom.86 Cara Hunter, a Northern Irish politician, was a few weeks away from the national legislative elections in 2022 when she was targeted with a coordinated campaign of AI-generated deepfake video of her performing graphic sexual acts. Within days, the false clip had gone viral, and the politician was bombarded with sexual and violent messages. She later explained her belief that the campaign aimed to undermine her politically and the deepfake would haunt her for life, because “it has left a tarnished perception of me that I cannot control.”87 Italy’s Prime Minister Giorgia Meloni became a target of deepfake pornographic videos in 2020 before she took office. According to an indictment, two men were allegedly involved in creating deepfake pornographic videos using her likeness, and uploading the graphic content to an American porn website.88

Political candidates in the country of Georgia were victims of sexualized disinformation ahead of the 2016 parliamentary elections, targeted by fake videos depicting them engaging in sexual activities. This defamation campaign had serious consequences, especially for a female politician accused of adultery based on fabricated videos, who eventually withdrew from political life. In contrast, the male candidates targeted by the campaign did not face similar repercussions. An exception was a man identified by the media as gay, which put him at significant risk in the predominantly conservative country. While further comparative research on men and women public profiles is needed, there is evidence of a gendered dimension of these attacks through the gendered and sexualized nature of the content, as well as the harassment and intimidation such campaigns trigger. A report from the Wilson Center explored the direct and indirect impacts of widespread gendered and sexualized disinformation on women in public life.89 The researcher highlighted that online gendered abuse is “intersectional in nature, with abusers often engaging with both sex- and race-based narratives, compounding the threat for women of color.” For instance, Vice President Kamala Harris has been subject to a barrage of sexists and racist attacks, including deepfakes depicting the Vice President as a sex worker circulating on online platforms.90 The cacophony of gendered defamation and abuse flooding the comment sections of prominent figures is united in one shared purpose: to push women out of political life. Women are singled out for abuse more often, and the nature of these digital attacks is more vicious than ones directed at their male equivalents. 91

Nonconsensual Sharing of Intimate Images, Real or Fake

Women globally face disproportionate levels of abuse for their gender.92 The distorted perceptions and sexualization of women and their bodies is compounded by the nonconsensual mass circulation of intimate photos. Nonconsensual sharing of intimate images exploits personal content, and can be uniquely harmful if such weaponization of data takes place in patriarchal societies that exert control over women. Unauthorized sharing of intimate images has a deep impact on victims, whose reputation is tarnished by reactions characterized by patriarchal morality and victim-blaming. If nonconsensual image sharing is a method of control, the targets face barriers in reporting crimes and seeking recourse.93 The law can be further instrumentalized to perpetuate patriarchal gender dynamics. For example, cybercrime laws may include clauses criminalizing online content that violates public decency or morals, usually defined elsewhere in states’ penal codes or criminal law, and often build on unequal standards of behavior for people according to their gender.94 When harmful gendered norms are perpetuated within legal frameworks, it creates an environment where victims are systematically marginalized; in other words, harms are compounded when gendered expectations are codified in a system of control. Instead of receiving support and redress, targets of such abuse can face legal consequences from a justice system that should protect them.

The four following cases took place in Egypt, which has a traditionally patriarchal culture. In 2022, a woman committed suicide after her husband threatened to share intimate pictures and videos online as a form of revenge.95 Another woman committed suicide after being blackmailed by two young men who hacked her mobile phone, obtained pictures of her, altered the photos, and republished them.96 In a different case yet another woman committed suicide after her neighbors fabricated her pictures and blackmailed her for money.97 In May 2020, Mawada Al-Adham, a social media celebrity, was arrested for publicly posting “indecent” photos and videos of herself on social media. The photographs of Al-Adham were shared online after being leaked from one of her mobile phones, which was stolen in 2019. Al-Adham was charged with violating the country’s cybercrime law and sentenced to two years in prison and a fine.98

“The widespread availability of these image-generating technologies, released without adequate regulatory safeguards, has amplified existing harms and raised significant concerns over the lack of legal protections, tools, and recourse for victims.”

The exploitation rooted in the sexualization of women’s bodies is intensifying with the rise of synthetic media, enabled by accessible consumer-level AI tools. The widespread availability of these image-generating technologies, released without adequate regulatory safeguards, has amplified existing harms and raised significant concerns over the lack of legal protections, tools, and recourse for victims. Women are violated when their personal images—real or fake—are leaked and shared on privately owned platforms, with limited recourse to remove harmful material. This is exacerbated by platform reporting systems that fail to respond effectively to victims’ requests, leaving them exposed and without means to protect their privacy. Even where legislation exists, law enforcement and justice systems frequently lack the capacity, resources, and established practices to address these issues efficiently. Victims may have legal avenues, such as suing for slander, but the abuse happens fast while the legal process is slow and cumbersome. Because of the incidence and the permanence of image-based abuse, it may re-victimize the target endlessly when harmful content circulates online.

The use of deepfake technology for sexual abuse disproportionately targets women. A study on the state of deepfakes in 2023 found that 98 percent of deepfake videos online were pornographic and that 99 percent of those targeted were women or girls. Notably, 94 percent of those featured in deepfake pornography videos work in the entertainment industry.99 A high-profile incident took place in January 2024 when AI deepfake pornographic images of Taylor Swift proliferated on social media.100 In this case, the concerted action of her fan base drowned the images out of online space and made online platforms block searches to curb the spread of the images.101 Online communities can be effective in surfacing, combating, and eliminating harmful content, but in many instances of online degradation of women, the pressure and burden of redress falls entirely on the victims. They are left to protect themselves and seek recourse with limited support or resources.102

4. The Access Factor

Gender-Specific Care

Loss or restricted access to services can amplify gendered harms, especially when data weaponization disrupts operations or limits the availability of essential facilities, assistance, and information related to gender-specific needs. For example, weaponizing data obtained through data breaches victimizes people by putting their sensitive information at risk. This further prevents them from accessing needed services. On the other hand, targeted attacks on medical facilities providing sexual and reproductive health services, transgender care, and abortion services—where systems are compromised to punish patients and staff—can deprive women and queer individuals of vital care. Restricting access to comprehensive sexual and reproductive health information undermines an individual’s rights, dignity, self-development, and overall health outcomes. Gathering and publishing location data about such facilities further endangers patients and their providers, hampering access to the services. Digital surveillance of those seeking gender-specific care increases if access to this type of care is not guaranteed and protected by the state, or when states impose bans and exerts control over services.

Abortion rights and reproductive health remain a deeply controversial political issue in many countries, with recent legislative developments in the United States highlighting the fragility of access to safe and legal abortion for those who become pregnant. The overruling of Roe v. Wade unleashed a torrent of regulatory and punitive activity restricting previously lawful reproductive options, extending to civil actions and criminal indictments of patients, providers, and those who facilitate abortions.103 Anti-abortion activists have for years targeted abortion and family planning facilities, hindering access to their websites, hacking provider and patient information, and using phone location data to advertise anti-abortion materials to people who visit family planning clinics.104 In 2015, Planned Parenthood’s services were hacked, along with the National Network of Abortion Funds and Abortion Care Network, when a group of hackers breached an employee database with the intention of decrypting and releasing personally identifying provider information.105 The data breach was followed by distributed denial-of-service attacks and doxing of Planned Parenthood’s employees. The attack was intended to be both punitive, by punishing health care workers who provided reproductive health care, and disruptive, by hindering women’s access to health care and timely information.106 In October 2022, another attack targeting Planned Parenthood exposed personal information of 400,000 patients. The data breach included the reproductive health care center’s network and stole files with patient information such as names and insurance details along with clinical information including diagnoses and procedures.107

Data collecting and sharing practices, coupled with weak privacy and security protections, are a cause of concern.108 Data brokers have offered to sell location data that include individuals’ visits to abortion clinics and Planned Parenthood. Anti-abortion protest groups also used abortion clinic data to target ads at women inside the clinics, and the same data could be used to identify women who seek out-of-state abortions in violation of applicable laws in their jurisdiction. According to a 2022 Vice report, SafeGraph and Placer.ai are among the data brokers evidenced to sell location data of those visiting abortion clinics, with Placer.ai even offering “heat maps” of where abortion clinic visitors live, as well as their ethnicity and average income.109 Trans health care providers face similar data weaponization. A centralized online list called the “Gender Mapping” project used the My Maps feature on Google Maps to document the locations of thousands of establishments around the world that serve trans people, including LGBTQ community centers that provide social and emotional support. With the authors’ proclaimed aim of “abolishing the gender industry,” the map had been gathering location data about specialized services since February 2021. Despite Google’s initial request of a court order to remove it, it was not taken down from the application until September 2022, after being widely shared on social media.110

Gendered harms also arise when operational disruptions affect vital services that women and queer individuals rely on, especially as they already face barriers to access. Patient health outcomes can be impacted by spillover effects from disruptions in other sectors. For instance, electricity disruptions after the energy sector is targeted with data breach can lead to prolonged power outages, forcing hospitals to triage the delivery of medical procedures to reduce their energy consumption. There is compelling evidence that women’s health outcomes can be impacted more severely compared to their male counterparts because of cyberattacks on critical services. Blackouts reduce the likelihood of women giving birth in hospitals, contributing to higher mortality rates, and significantly lower odds of skilled birth attendance, which can have acute consequences for women’s health. Additionally, power outages increase the risk of pregnancy complications, including difficult or early delivery and gestational diabetes mellitus.111 While gender-disaggregated data on the health outcomes of patients during power outages remains limited, any disruption of services may disproportionately impact certain populations. This type of data exploitation has damaging impacts on marginalized groups who already face discrimination within and outside the system, including people of diverse gender identities and sexual orientations.112

Gender Roles and Critical Infrastructure

Considering traditional gender roles and social norms, women may be further disproportionately impacted by attacks against a range of critical infrastructure, as they continue to play a disproportionate part in frontline health and social care roles and caregiving responsibilities. Following a ransomware attack on technological platforms of Sanitas, EPS in Colombia in November 2022, research by Karisma Foundation identified and evaluated the differentiated impacts on women caregivers.113 This work shows that gender roles can play an important role in the gravity of the consequences of cyberattacks causing disruption of services. Similar considerations relate to other sectors that can intersect with gender roles, such as education and transportation sectors. For example, pandemic-caused disruptions to daycare centers and schools disproportionately affected women, shifting child care and education back to families. This increased the workload for women, who, in many societies, already bear the primary responsibility for housework and other forms of unpaid labor.114 Changes in work-from-home policies following disruptive data breaches might similarly impact women if they enter unpaid housework and caregiving roles.115

When considering that educational institutions are top targets for cyberattacks, the likelihood of children sent home due to disruptions and cyberattacks increases the possibility of women also staying home. Cyberattacks impacting schools are becoming increasingly frequent and severe. According to the K–12 Cybersecurity Resource Center, over 1,300 cyber incidents involving educational organizations were publicly disclosed across the United States between 2016 and 2021.116 Ransomware, phishing, and malware can result in significant data breaches that cause prolonged disruptions to school operations. For example, a 2023 wave of ransomware attacks against K–12 entities in the United States disrupted entire school systems, forcing schools to shut down for several days. The impact rippled through the communities as students were unable to attend classes and parents forced to find temporary child care.117

Transportation is another critical infrastructure sector that women disproportionately rely on that is vulnerable to cyberattacks. Disruptions caused by ransomware or data breaches against other sectors, such as public transit systems, can have more damaging impacts on women because they are more likely to rely on public services than men. On average, women use public transportation more than men due to lower incomes, limited access to household cars, and lower driver’s license acquisition rates. Women are also more likely to take on unpaid caregiving responsibilities, either for relatives, elderly parents, or children, and rely on public transport in times of emergency.118 Different gender roles and access to services have also been evidenced in the information and communication technology, humanitarian, and development sectors.119 As malicious actors attack critical infrastructure at growing rates, the worsening cyber landscape will likely disproportionately impact women.120

Citations
  1. James Shires, Bassant Hassib, and Amrit Swali, Gendered Hate Speech, Data Breach, and State Overreach (Chatham House, 2024), source.
  2. Divya Tiwari, “Data Breach Affects Women More, Has Chilling Effect on Their Online Participation,” BehanBox, December 6, 2023, source.
  3. Chatham House Cyber Policy team, Gender Mainstreaming and the Proposed Cybercrime Convention, source.
  4. CyberPeace Institute, “Cyber Incident Tracer #Health,” CyberPeace Institute, source.
  5. “Stolen Blood Test Data from Hospital Cyberattack Reportedly Published Online,” ITV, June 22, 2024, source; Denis Campbell and Dan Milmo, “Uk Government Weighs Action Against Russian Hackers over NHS Records Theft,” The Guardian, June 21, 2024, source.
  6. Bill Toulas, “BORN Ontario Child Registry Data Breach Affects 3.4 million People,” Bleeping Computer, September 25, 2023, source.
  7. Ax Sharma, “SickKids Impacted by Born Ontario Data Breach That Hit 3.4 Million,” Bleeping Computer, September 26, 2023, source.
  8. Katie Dangerfield, “BORN Ontario Data Breach Left Health Data of Millions Exposed. What Went Wrong?,” Global News, September 26, 2023, source.
  9. Samuel Wairimu and Lothar Fritsch, “Modelling Privacy Harms of Compromised Personal Medical Data – Beyond Data Breach,” source.
  10. “Almost 200 Patients at Major Melbourne Hospital Caught Up in Data Leak,” 9News, October 5, 2023, source.
  11. Allison Pytlak and Deborah Brown, Why Gender Matters in International Cyber Security (Women’s International League for Peace and Freedom and the Association for Progressive Communications, April 2020), source.
  12. Todd Shryock, “Patient Data Breaches Doubled in 2023,” Medical Economics, October 23, 2023, source; Sophos X-Ops, “Turning the Screws: The Pressure Tactics of Ransomware Gangs,” Sophos News, August 6, 2024, source; Alejandro H. Cruz, Sara A. Arrow, and Sean Lau, “Recent Ransomware Attacks Highlight the Evolving Challenges in Responding to Cyber Extortion,” Data Security Law (blog), Patterson Belknap, April 22, 2024, source.
  13. Stuart E. Madnick, “The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase,”Apple News Room, December 2023, source.
  14. Alexander Martin, “Ransomware Gang Posts Breast Cancer Patients’ Clinical Photographs,” The Record, March 6, 2023, source.
  15. Owen Wong, Cyberwarfare: The “Pink Tax” of Hacking (Centre for International and Defence Policy, Queen’s University, 2024), source.
  16. Damien Pearse, “Anonymous Hacker Planned to Publish Details of Women Who Had Abortions,” The Guardian, March 10, 2012, source.
  17. James Griffiths, “HIV Status of over 14,000 People Leaked Online, Singapore Authorities Say,” CNN, January 28, 2019, source.
  18. “Mikhy Farrera-Brochez: U.S. Man Guilty of Trying to Extort Singapore over HIV Data,” BBC News, June 5, 2019, source.
  19. Sharanjit Leyl, “Singapore HIV Data Leak Shakes a Vulnerable Community,” BBC News, February 22, 2019, source; Beh Lih Yi, “LGBT+ People in Singapore ‘More Fearful’ after HIV Data Leak,” Reuters, January 29, 2019, source.
  20. Katharine Kemp, “Popular Fertility Apps Are Engaging in Widespread Misuse of Data, Including on Sex, Periods, and Pregnancy,” University of New South Wales Newsroom, March 22, 2023, source; Kari Paul, “How Private Is Your Period-Tracking App? Not Very, Study Reveals,” The Guardian, August 17, 2022, source.
  21. “Period Trackers to Be Reviewed over Data Concerns,” BBC News, September 7, 2023, source.
  22. Ashley Boyd, “Why Mozilla Is Scrutinizing the Privacy of Pregnancy Apps,” Mozilla Foundation, August 17, 2022, source.
  23. Nina Bernarding and Vivienne Kobel, Feminist Perspectives on the Militarisation of Cyberspace (Centre for Feminist Foreign Policy, 2023), source.
  24. Shires, Hassib, and Swali, Gendered Hate Speech, Data Breach, and State Overreach, source.
  25. Bernarding and Kobel, Feminist Perspectives on the Militarisation of Cyberspace, source.
  26. Flora Garamvolgyi, “Why U.S. Women Are Deleting Their Period Tracking Apps,” The Guardian, June 28, 2022, source.
  27. Jennifer Gollan, “Websites Selling Abortion Pills Are Sharing Sensitive Data With Google,” Ms. Magazine, January 18, 2023, source.
  28. “S.T.O.P. Releases Report On Abortion Surveillance After Roe,” Surveillance Technology Oversight Project, May 24, 2022, source.
  29. Shires, Hassib, and Swali, Gendered Hate Speech, Data Breach, and State Overreach, source.
  30. “Hackers Release Israeli LGBTQ Dating Site Details,” Radio France Internationale, November 2, 2021, source; TOI Staff, “Hackers Claim to Leak Details of LGBTQ Dating Site After Ransom Not Paid,” Times of Israel, November 2, 2021, source.
  31. Jen Caltrider, Misha Rykov, and Zoë MacDonald, “Data-Hungry Dating Apps Are Worse Than Ever for Your Privacy,” Mozilla Foundation, April 23, 2024, source.
  32. Insikt Group, Cyber Threat Analysis: Online Surveillance, Censorship, and Discrimination for LGBTQIA+ Community Worldwide (Recorded Future, 2020), source.
  33. Article 19, LGBTQ Online Summary Report: Apps, Arrests, and Abuse in Egypt, Lebanon, and Iran (Article 19, February 2018), source; Human Rights Watch (HRW), All This Terror Because of a Photo: Digital Targeting and Its Offline Consequences for LGBT People in the Middle East and North Africa (HRW, February 21, 2023), source.
  34. Natasha Culzac, “Egypt’s Police Using Social Media and Apps Like Grindr to Trap Gay People,” The Independent, September 17, 2014, source.
  35. Article 19, LGBTQ Online Summary Report, source; Human Rights Watch, All This Terror Because of a Photo, source.
  36. Byron Tau, “Grindr User Data Was Sold Through Ad Networks,” Wall Street Journal, May 2, 2022, source.
  37. Andy Greenberg, “Gay Dating Apps Promise Privacy, But Leak Your Exact Location,” Wired, May 20, 2016, source; Article 19, “Apps and Traps: Dating Apps Must Do More to Protect LGBTQ Communities in Middle East and North Africa,” Article 19, January 22, 2018, source.
  38. “13 Manifestations of GBV Using Technology,” Take Back the Tech (blog), August 17, 2018, source; Tanisha Ranjit and Shraddha Mahilkar, Online Gender-Based Violence: And Its Impact On The Civic Freedoms of Women Human Rights Defenders in the Indo-Pacific, (International Center for Not-for-Profit Law, March 2023), source; Shires, Hassib, and Swali, Gendered Hate Speech, Data Breach, and State Overreach, source.
  39. “‘Stalker’ Rap After Hospital Data Breach,” Cumnock Chronicle, December 2018, source.
  40. Information and Privacy Commission, New South Wales, Guidelines on the Assessment of Data Breaches Under Part 6A of the PPIP Act.
  41. “ICO Case Reference Number: INV/0113/2022,” Information Commissioner’s Office, September 22, 2022, source; Robert Booth, “Data Breaches Putting Domestic Abuse Victims’ Lives At Risk, Says U.K. Watchdog,” The Guardian, September 27, 2023, source; Christine Sabino, “Victims of Domestic Abuse Put at Risk of Harm by Data Breaches,” Hayes Connor Solicitors, September 28, 2023, source.
  42. Allison Pytlak and Deborah Brown, “Why Gender Matters in International Cyber Security,” Reaching Critical Will, April 2020, source.
  43. Research and Trend Analysis Branch, Killings of Women and Girls by Their Intimate Partner or Other Family Members: Global Estimates 2020 (United Nations Office on Drugs and Crime, November 2021), source.
  44. “Interview: How Turkey’s Failure to Protect Women Can Cost Them Their Lives,” Human Rights Watch, March 26, 2022, source; Pytlak and Brown, “Why Gender Matters in International Cyber Security,” source; Zeynep Tufekci, “WikiLeaks Put Women in Turkey in Danger, for No Reason (UPDATE),” Huffington Post, December 6, 2017, source; Jesse Singal, “Why Did WikiLeaks Help Dox Most of Turkey’s Adult Female Population?,” New York Magazine, July 27, 2016, source.
  45. Aurelija Skebaite, “The 20 Biggest Data Breaches in History,” NordVPN, August 21, 2024, source.
  46. Patrick Smith and Jason Abbruzzese, “AT&T Says Hackers Stole Records of Nearly All Cellular Customers’ Calls and Texts,” NBC News, July 12, 2024, source.
  47. Chatham House Cyber Policy team, Gender Mainstreaming and the Proposed Cybercrime Convention, source.
  48. Asher Flynn, Anastasia Powell, and Sophie Hindes, “An Intersectional Analysis of Technology-Facilitated Abuse: Prevalence, Experiences and Impacts of Victimization,” British Journal of Criminology, 64, no. 3 (May 2024): 600–619, source; Sara Seppanen, “LGBTQ+ Community Grapples with Hidden Wave of Digital Abuse,” Binding Hook, March 6, 2024, source.
  49. Christopher Parsons, Adam Molnar, Jakub Dalek et al., The Predator in Your Pocket: A Multidisciplinary Assessment of the Stalkerware Application Industry (Citizen Lab, June 12, 2019), source.
  50. Sofia Celi, Juliana Guerra, and Mallory Knodel, Intimate Partner Violence Digital Considerations (Internet Engineering Task Force, October 18, 2023), source.
  51. Alex Scroxton, “Use of Abusive Stalkerware Against Women Skyrocketed in 2020,” Computer Weekly, November 25, 2020, source.
  52. Laura O’Brien, Felicia Anthonio, Peter Micek, Rand Hammoud, and Marwa Fatafta, “Silenced, Spied On, and Stalked: Why We’re Taking the Fight for Gender Equality to the UN,” Access Now, March 19, 2023, source.
  53. Celi, Guerra, and Knodel, Intimate Partner Violence Digital Considerations, source.
  54. Andi Brown, Diarmaid Harkin, and Leonie Maria Tanczer, “Safeguarding the ‘Internet of Things’ for Victim-Survivors of Domestic and Family Violence: Anticipating Exploitative Use and Encouraging Safety-by-Design,” Violence Against Women 2024), source.
  55. Julia Slupska and Leonie Maria Tanczer, International Handbook of Technology-Facilitated Violence and Abuse (Emerald, June 4, 2021).
  56. Delanie Woodlock, “The Abuse of Technology in Domestic Violence and Stalking,” Violence Against Women 23, no. 5 (2017): 584–602, source; Celi, Guerra, and Knodel, Intimate Partner Violence Digital Considerations, source.
  57. Alfred Ng, “Texas Sues General Motors Over Car Data Tracking,” Politico, August 13, 2024, source.
  58. Shires, Hassib, and Swali, Gendered Hate Speech, Data Breach, and State Overreach, source.
  59. Kristine Baekgaard, Technology-Facilitated Gender-Based Violence An Emerging Issue in Women, Peace, and Security (Georgetown Institute for Women, Peace, and Security, 2024), source.
  60. Bernarding and Kobel, Feminist Perspectives on the Militarisation of Cyberspace, source.
  61. Hagar Shezaf and Jonathan Jacobson “Israel’s Cyber Spy Industry Helps World Dictators Hunt Dissidents and Gays,” Haaretz, October 20, 2018, source.
  62. Marcus Michaelsen, “Is Digital Transnational Repression “Spreading” Among States?” Global Policy Journal (blog), March 21, 2023, source.
  63. Tiwari, “Data Breach Affects Women More, ” source.
  64. John Scott-Railton, Bill Marczak, Bahr Abdul Razzak, Masashi Crete-Nishihata, and Ron Deibert, “Reckless Exploit Mexican Journalists, Lawyers, and a Child Targeted with NSO Spyware,” Citizen Lab, June 19, 2017, source.
  65. Human Rights Council, Reinforcing Media Freedom and the Safety of Journalists in the Digital Age: Report of the Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression(UN General Assembly, April 20, 2022), source.
  66. “Safety of Women and Nonbinary Journalists On and Offline,” Committee to Protect Journalists, source.
  67. Julie Posetti, Nabeelah Shabbir, Diana Maynard, Kalina Bontcheva, and Nermine Aboulez, The Chilling: Global Trends in Online Violence Against Women Journalists (UNESCO, 2021), source.
  68. Marwa Fatafta, “Unsafe Anywhere: Women Human Rights Defenders Speak Out About Pegasus Attacks,” Access Now, January 17, 2022, source.
  69. Phineas Rueckert, “Pegasus: The New Global Weapon for Silencing Journalists,” Forbidden Stories, July 18, 2021, source.
  70. O’Brien, Anthonio, Micek, Hammoud, and Fatafta, “Silenced, Spied On, and Stalked,” source.
  71. Stephanie Kirchgaessner and Andrew Roth, “Exiled Russian Journalist Hacked Using NSO Group Spyware,” The Guardian, September 13, 2023, source; Julie Posetti and Nabeelah Shabbir, The Chilling: A Global Study of Online Violence Against Women Journalists (International Center for Journalists, November 2, 2022), source.
  72. “Personal Information of Hundreds of Mexican Journalists Exposed in Government Data Leak,” Committee to Protect Journalists, February 1, 2021, source.
  73. Siria Gastelum Felix, “Journalism Still Deadly in Mexico,” Global Initiative Against Transnational Organized Crime, March 28, 2024, source.
  74. Lucía Lagunes Huerta et al., Palabras Impunes: Estigmatización Y Violencia: Contra Mujeres Periodistas en México 2019–2022 (Comunicación e Información de la Mujer A.C., 2022), source.
  75. Azadeh Akbari, Authoritarian Smart City: A Research Agenda (University of Twente, December 16, 2022), source.
  76. Bernarding and Kobel, Feminist Perspectives on the Militarisation of Cyberspace, source.
  77. For example, Falastine Saleh and Esra’a Al Shafei’s paper also shows how the localized use of Israeli surveillance technologies in Palestine contribute to widespread acceptance and global adoption of such oppressive practices. See Esra’a Al Shafei and Falastine Saleh, “Surveillance as a Service: The Global Impact of Israeli ‘Defense’ Technologies on Privacy and Human Rights,” Tor Project (blog), April 8, 2024, source.
  78. Sarah Shoker, Making Gender Visible in Digital ICTs and International Security (Global Affairs Canada, April 2020), source; Sarah Sobieraj, “Bitch, Slut, Skank, Cunt: Patterned Resistance to Women’s Visibility in Digital Publics,” ​Information, Communication & Society, ​21 (11): 2017, 1–15, source.
  79. Olivia Solon, “‘I Will Not Be Silenced’: Women Targeted in Hack-and-Leak Attacks Speak Out About Spyware,” NBC News, August 1, 2021, source.
  80. “Who We Are,” #ShePersisted, source.
  81. Shoker, Making Gender Visible, source.
  82. Lucina Di Meco and Kristina Wilfore, “Gendered Disinformation Is a National Security Problem,” Brookings, March 8, 2021, source.
  83. Special Committee on Foreign Interference in all Democratic Processes in the European Union, Report on Foreign Interference in All Democratic Processes in the European Union, Including Disinformation (European Union, February 8, 2022), source.
  84. “How Women Are Singled Out for Vile Abuse for Political Ends,” The Economist, November 7, 2019, source.
  85. Jessikka Aro, “How Pro-Russian Trolls Tried to Destroy Me,” BBC News, October 6, 2017, source.
  86. Pavlina Pavlova, “Gendered Disinformation and Connected Cyber Threats: Historical Patterns, New Battlefields, and the Implications for International Security,” Global Policy Journal (blog), February 27, 2023, source; Jim Waterson, “British Female Politicians Targeted by Fake Pornography,” The Guardian, July 1, 2024, source.
  87. Mark Scott, “Deepfake Porn is Political Violence,” Politico, February 8, 2024, source.
  88. Seb Starcevic, “Italy’s Giorgia Meloni Called to Testify in Deepfake Porn Case,” Politico, March 21, 2024, source.
  89. Nina Jankowicz, Jillian Hunchak, Alexandra Pavliuc, et al., Malign Creativity: How Gender, Sex, and Lies are Weaponized Against Women Online (Wilson Center, January 2021), source.
  90. Karen Tumulty, Kate Woodsome, and Sergio Peçanha, “How Sexist, Racist Attacks on Kamala Harris Have Spread Online – A Case Study,” Washington Post, October 7, 2020, source; Prithvi Iyer, “The Surge of Gendered and Racial Attacks on Kamala Harris was Predictable. Social Media Platforms Still Aren’t Prepared,” Tech Policy Press, July 24, 2024, source; “Deepfake Claiming Kamala Harris Was a Sex Worker Circulating Less than a Day After Her First Rally,” Euronews, July 24, 2024, source.
  91. A.W. Ohlheiser, “How Much More Abuse Do Female Politicians Face? A Lot,” MIT Technology Review, October 6, 2020, source; Sandra Håkansson, “The Gendered Representational Costs of Violence Against Politicians,” Perspectives on Politics 22, no. 1 (2022): 81–96, source; “Gendered Disinformation in the European Parliamentary Elections,” Global Disinformation Index (blog), June 10, 2024, source.
  92. Allison Pytlak and Lisa Sharland, “Narrowing the Gender Gap in Cyber Security,” Stimson Center, March 8, 2024, source; Shires, Hassib, and Swali, Gendered Hate Speech, Data Breach, and State Overreach, source.
  93. “13 Manifestations of GBV Using Technology,” source.
  94. Shires, Hassib, and Swali, Gendered Hate Speech, Data Breach, and State Overreach, source.
  95. “Egypt Woman Commits Suicide After Husband Threatens to Share Nude Pictures Online,” Middle East Monitor, February 2, 2022, source.
  96. “Egypt: Online Extortion Is Another Motive for Suicide,” Alaraby, January 7, 2022, source; “Basant Khaled: An Egyptian Girl Committed Suicide Due to ‘Blackmail and Fabricated Photos,’” BBC News, January 4, 2022, source.
  97. “Two Arrested in Egypt After Teenage Girl’s Suicide Sparks Outrage,” BBC News, January 4, 2022, source; Habiba Abdelaal, Cyber Violence and Women in Egypt (Tahrir Institute for Middle East Policy, March 31, 2022), source.
  98. Global Freedom of Expression, “The Case of the Egyptian TikTok Influencers,” Columbia University, source.
  99. “2023 State of Deepfakes Realities: Threats, and Impact, Security Hero, source.
  100. Vandinika Shukla, “Deepfakes and Elections: The Risk to Women’s Political Participation,” Tech Policy Press, February 29, 2024, source.
  101. Lilian Coral, “Utilizing the Online Crowd: How Swifties Could Keep Us Safe From AI,” The Thread (blog), New America, February 2, 2024, source.
  102. Nichola Kristof, “The Online Degradation of Women and Girls That We Meet with a Shrug,” New York Times, March 23, 2024, source.
  103. Aziz Z. Huq and Rebecca Wexler, “Digital Privacy for Reproductive Choice in the Post-Roe Era,” New York University Law Review 98, no. 2 (May 2023), source.
  104. Sharona Coutts, “Anti-Choice Groups Use Smartphone Surveillance to Target ‘Abortion-Minded Women’ During Clinic Visits,” Rewire News Group, May 25, 2016, source; Liam Stack, “A Brief History of Deadly Attacks on Abortion Providers,” New York Times, November 29, 2015, source; Sam Sabin, “‘Lock It Down Right Now’: Abortion Rights Advocates Prepare for a New Wave of Digital Security Threats,” Politico, June 17, 2022, source; Rebecca Grant, “The Disturbing Rise of Cyberattacks Against Abortion Clinics,” Wired, October 5, 2017, source.
  105. Katie Klabusich, “Planned Parenthood Under Attack by Anti-Abortion Hackers, Politicians,” Rolling Stone, July 31, 2015, source.
  106. Shoker, Making Gender Visible, source.
  107. Rebecca Torrence, “Hack Targets Planned Parenthood, Exposing Personal Information of 400K Patients,” Fierce Healthcare, December 3, 2021, source.
  108. Andy Greenberg, “Security News This Week: Data Brokers Track Abortion Clinic Visits for Anyone to Buy,” Wired, May 7, 2022, source.
  109. Joseph Cox, “Data Broker Is Selling Location Data of People Who Visit Abortion Clinics,” Vice, May 3, 2022, source; Joseph Cox, “Location Data Firm Provides Heat Maps of Where Abortion Clinic Visitors Live,” Vice, May 5, 2022, source.
  110. James Factora, “TERFs Are Using Google Maps to Track and Target Trans Healthcare Providers,” Them, September 28, 2022, source.
  111. Wong, Cyberwarfare: The “Pink Tax” of Hacking, source.
  112. “Human Rights Crisis: Abortion in the United States After Dobbs,” Human Rights Watch, April 18, 2023, source.
  113. “Ciberataque A Sanitas: Impactos Diferenciales Sobre Mujeres Cuidadoras,” Karisma Fundacion, March 3, 2024, source.
  114. “UN Women Reveals Concerning Regression in Attitudes Towards Gender Roles During Pandemic in New Study,” UN Women, June 22, 2022, source; Clare Wenhman, The Gendered Impact of the COVID-19 Crisis and Post-Crisis Period (European Parliament Department for Citizens’ Rights and Constitutional Affairs, September 2020), source.
  115. Wong, Cyberwarfare: The “Pink Tax” of Hacking, source.
  116. Jonathan Reed, “More School Closings Coast-to-Coast Due to Ransomware,” Security Intelligence, March 27, 2023, source.
  117. Reed, “More School Closings Coast-to-Coast Due to Ransomware,” source.
  118. Wong, Cyberwarfare: The “Pink Tax” of Hacking, source.
  119. Bernarding and Kobel, Feminist Perspectives on the Militarisation of Cyberspace, source; Pytlak and Brown, Why Gender Matters in International Cyber Security, source.
  120. Wong, Cyberwarfare: The “Pink Tax” of Hacking, source.

Close

Four Factors of Gendered Harms

View as PDF

Table of Contents

Close

Gendered Harms of Data Weaponization