Privacy Fines

7-Eleven confirms cyberattack by ShinyHunters gang that stole 600K+ records from Salesforce systems.

Hungarian DPA fines university HUF 1.5M for excessive data processing in dormitory admissions.

Dutch DPA fines Uber €10M for lacking transparency and failing data subject rights access.

Dutch DPA finds Yango app unlawfully transferred EEA user data to Russia without proper safeguards

Spain's AEPD fined sports retailer €120K for data breach affecting 300K+ people

Netherlands DPA finds GDPR violations in data transfers to Russia via inadequate safeguards

Netherlands DPA fines Yandex €100M for unlawful data transfers to Russia without adequate safeguards.

Dutch DPA fines Yango €100M for unlawful data transfers to Russia without safeguards.

GM settles $12.75M California CCPA violation over illegal sale of drivers' location and behavior data.

AEPD fines Spanish sports retailer €120K for data breach affecting 300K+ customers

Threat actor claims to be selling 367,462 Leroy Merlin France loyalty program records.

NRJ Mobile data breach exposes 266K customer records from French MVNO.

French government health platform breached; 233,837 records leaked with taunt to authorities.

French prosecutors charge 15-year-old with stealing 18M records from national secure documents agency ANTS.

Spanish DPA fines bank €400K for CCTV access via shared credentials violating GDPR Article 32.

Italian DPA fines Poste Italiane and PostePay €12.5M for unlawful malware detection data collection.

French court upholds €40M GDPR fine against Criteo for cookie consent violations.

CNIL fines Mobius Solutions €1M for data retention, unauthorized processing, and record-keeping failures.

Italian DPA fines Poste Italiane and PostePay €12.5M for unlawful malware detection data processing.

Spain's AEPD fined EVO Banco €240K for API vulnerability causing 1.27M data breach.

CNIL fines American Express Carte France €1.5M for cookie consent violations.

Spain's AEPD fines EVO Banco €240K for API vulnerability exposing 1.27M customers' data.

Italian DPA fines Ediscom €300K for GDPR violations in marketing data collection.

Italian DPA fines Poste Italiane and PostePay €12.5M for GDPR violations in device data collection.

Spanish DPA fines bank €400K for CCTV system shared credentials violating GDPR Article 32.

Threat actor kittykatkrew breaches Arkansas State Crime Lab, leaks court calendars and law enforcement personnel

CNIL fines Free €15M for insufficient VPN security and incomplete breach notifications.

Italian DPA fines employer €50K for GDPR violations in employee email handling and metadata storage.

Italian DPA fines airline €190,000 for unlawful digital forensics on former board member.

Polish DPA fines company €1.39M for unlawfully collecting ID card and passport scans.

Polish DPA fines company €1.39M for unlawfully collecting ID card and passport images.

Romanian DPA fined Klass Wagen SRL €7,000 for failing to deactivate former employee accounts, enabling data breach.

Norway's Borgarting Court upholds €5M GDPR fine against Grindr for invalid consent and undisclosed data sharing.

Threat actor Rabid leaks 250GB CIBN database with member PII, ID documents, and source code.

Italy's DPA fines energy corporation Eni €96K for unlawfully publishing lawsuit plaintiffs' personal data.

British Scattered Spider leader Tyler Buchanan pleads guilty to $8M crypto theft via SMS phishing.

Italian DPA fines Eni €96,000 for unlawfully publishing personal data of climate lawsuit claimants.

Poland's UODO fines company €1.39M for unlawfully collecting ID card and passport scans.

400,000 customer records from major Belgian-Dutch marketplace leaked on cybercrime forum.

Akira ransomware claims breach of Nobu Restaurants, stealing 71GB of SSNs, IDs, and financial records.

Italian DPA finds airline company violated GDPR by conducting forensic investigation on board chairman's email without

Spanish DPA fines Bankinter €240K for API vulnerability breach affecting 1.27M customers.

Spain's AEPD fined EVO Banco €240K for data breach affecting 1.27M individuals via API vulnerability.

Spain's AEPD fines AXA €200K for failing to prevent former employee account takeover.

Spain's AEPD fines AXA €200K for insufficient security allowing former employee account access.

Spain's AEPD fines transport company €200K for mandatory employee monitoring apps violating GDPR data minimization and

Spain's AEPD fines transport company €200K for mandating employee tracking apps on personal phones.

Fiverr exposed thousands of user files including tax records and IDs via misconfigured Cloudinary storage indexed by

Latvia's DPA fined SIA "ZZ Dats" €300,000 for Article 32 GDPR violations after major data breach affecting

Luxembourg court annuls €746M Amazon GDPR fine, orders reassessment of fault and proportionality.