[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"tag:privacy-fines":3},{"tag":4,"articles":8,"awareness":414,"events":415,"tips":416,"focus_items":417,"total_count":418},{"slug":5,"name":6,"description":7},"privacy-fines","Privacy Fines","DPA enforcement actions and penalties",[9,18,27,34,41,50,58,67,74,82,91,100,109,118,127,136,145,154,162,169,176,183,192,200,207,215,222,229,236,243,250,259,268,277,286,293,300,308,316,324,333,340,348,355,364,373,381,388,397,405],{"id":10,"title":11,"slug":12,"brief":13,"ai_summary":14,"url":15,"image_url":16,"published_at":17},"ebc1e899-fe41-4c85-917b-a7a0fc815430","Garante per la protezione dei dati personali (Italy) - 312\u002F2026","garante-per-la-protezione-dei-dati-personali-italy-312-2026-1eb424","Italy's Garante fines a utilities company €15,000 for GDPR violations.","Italy's Garante per la protezione dei dati personali has fined a utilities company, Nuova Corrente S.r.l., €15,000 for violating GDPR. The violations include improperly delegating marketing data acquisition decisions to a processor and failing to adequately respond to a data subject's access request. The company provided contradictory information regarding the source of the data subject's personal information.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=Garante_per_la_protezione_dei_dati_personali_(Italy)_-_312\u002F2026&diff=51850&oldid=51845","https:\u002F\u002Fgdprhub.eu\u002Fimages\u002Fe\u002Fec\u002FLogoIT.png","2026-06-09T13:46:02+00:00",{"id":19,"title":20,"slug":21,"brief":22,"ai_summary":23,"url":24,"image_url":25,"published_at":26},"2d5f7fc0-d252-4a2e-9e99-c9b56429177c","AEPD (Spain) - PS-00437-2024","aepd-spain-ps-00437-2024-4cbb8d","Spain's AEPD fines Iberia €650,000 for data breach and failure to notify.","Spain's Data Protection Agency (AEPD) has fined Iberia €650,000 due to a data breach at one of its processors that exposed personal data across multiple EU member states. The airline was found to have failed in implementing appropriate security measures and also failed to notify the affected data subjects, though this latter infringement was time-barred under national law. The AEPD cited breaches of GDPR's integrity and confidentiality principle.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AEPD_(Spain)_-_PS-00437-2024&diff=51847&oldid=51792","https:\u002F\u002Fgdprhub.eu\u002Fimages\u002F5\u002F59\u002FLogoES.jpg","2026-06-09T13:41:53+00:00",{"id":28,"title":11,"slug":29,"brief":30,"ai_summary":31,"url":32,"image_url":16,"published_at":33},"11ef1fcb-269b-4d6c-8252-600e4d9480c8","garante-per-la-protezione-dei-dati-personali-italy-312-2026-1065aa","Italian DPA fines Nuova Corrente S.r.l. €15,000 for GDPR violations.","Italy's Garante per la protezione dei dati personali (DPA) has fined Nuova Corrente S.r.l., a utilities company, €15,000 for multiple GDPR violations. The violations stemmed from a complaint about unsolicited direct marketing calls and inadequate response to a data subject's access request. The DPA found that Nuova Corrente provided contradictory information about data acquisition and failed to demonstrate lawful processing, delegating significant decisions to its processor, Joseph Agency S.r.l.s.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=Garante_per_la_protezione_dei_dati_personali_(Italy)_-_312\u002F2026&diff=51845&oldid=51844","2026-06-09T10:33:18+00:00",{"id":35,"title":11,"slug":36,"brief":37,"ai_summary":38,"url":39,"image_url":16,"published_at":40},"56e05e3d-bd42-4b1c-9acf-f8db722154ce","garante-per-la-protezione-dei-dati-personali-italy-312-2026-b6220c","Italian DPA fines utilities company €15,000 for unlawful marketing data processing and access request failure.","Italy's Data Protection Authority (Garante per la protezione dei dati personali) issued a €15,000 fine to Nuova Corrente S.r.l., a utilities company, for violations of GDPR Articles 5, 6, 7, 12, 15, 24, and 28. The controller delegated decisions on obtaining personal data for direct marketing to a processor without proper accountability, provided contradictory statements about data sources, failed to adequately respond to a data subject's access request, and allowed the processor to transfer data indiscriminately without respecting subject choices. The violation affected at least nine additional data subjects beyond the initial complainant.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=Garante_per_la_protezione_dei_dati_personali_(Italy)_-_312\u002F2026&diff=51844&oldid=0","2026-06-09T10:30:48+00:00",{"id":42,"title":43,"slug":44,"brief":45,"ai_summary":46,"url":47,"image_url":48,"published_at":49},"d41c31c3-3875-4bf4-86b4-9f2095e06870","ΣτΕ - 442\u002F2026","442-2026-93ac15","Greek court upholds fine for municipal body publishing identifiable employee data.","The Greek Supreme Administrative Court ruled that a municipal body unlawfully published an employee's decision on a public transparency portal. The court found that the details, including initials and employment information, were sufficient for identification. The body also failed to respond to the employee's erasure request, leading to fines for GDPR violations.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=%CE%A3%CF%84%CE%95_-_442\u002F2026&diff=51842&oldid=0","https:\u002F\u002Fgdprhub.eu\u002Fimages\u002F4\u002F4c\u002FCourts_logo1.png","2026-06-09T09:06:02+00:00",{"id":51,"title":52,"slug":53,"brief":54,"ai_summary":55,"url":56,"image_url":48,"published_at":57},"ff15735e-4a30-4be7-a506-a82a8645bab1","LG Freiburg im Breisgau - 8 O 203\u002F24","lg-freiburg-im-breisgau-8-o-203-24-35eef4","German court orders online gambling providers to grant data access under GDPR.","The Freiburg Regional Court in Germany has ruled that two online gambling service providers, based in Malta, must grant a German user full access to their gaming and transaction data. The court found the providers had not adequately fulfilled the user's request under GDPR's Article 15, ordering them to provide detailed information on the customer relationship, including gaming history and transactions.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=LG_Freiburg_im_Breisgau_-_8_O_203\u002F24&diff=51838&oldid=0","2026-06-09T08:15:05+00:00",{"id":59,"title":60,"slug":61,"brief":62,"ai_summary":63,"url":64,"image_url":65,"published_at":66},"abee8a35-3aaf-41ba-9c56-11c0a79006a4","NAIH (Hungary) - NAIH-359-10\u002F2026","naih-hungary-naih-359-10-2026-7955d6","Hungarian DPA fines news outlet Blikk Kft. €70,590 for unlawful processing of sensitive personal data.","Hungary's National Authority for Data Protection and Freedom of Information (NAIH) has fined Blikk Kft., a news website operator, HUF 25,000,000 (approximately €70,590) for violating GDPR. The company published articles containing sensitive personal data, including details about a data subject's gender identity and court proceedings, without proper consent. The DPA found that the combined information made the individual identifiable and that the use of initials was insufficient to protect their privacy.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=NAIH_(Hungary)_-_NAIH-359-10\u002F2026&diff=51837&oldid=51836","https:\u002F\u002Fgdprhub.eu\u002Fimages\u002F8\u002F85\u002FLogoHU.jpg","2026-06-09T08:11:57+00:00",{"id":68,"title":60,"slug":69,"brief":70,"ai_summary":71,"url":72,"image_url":65,"published_at":73},"3c7a555a-bba4-48ba-af70-05fb3e46c235","naih-hungary-naih-359-10-2026-6a56cd","Hungary's NAIH fines Blikk Kft. €70,590 for unlawfully publishing personal data.","Hungary's National Data Protection Authority (NAIH) has fined Blikk Kft., a news website operator, HUF 25,000,000 (approximately €70,590). The fine was imposed for unlawfully publishing personal data of an individual in articles related to court proceedings. The articles included a blurred picture, name, former employment details, information about gender reaffirming surgery, and court case details without consent. The DPA found violations of Article 6(1) and 9(1) of the GDPR, stating the data subject was identifiable and that sensitive personal data was processed unlawfully.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=NAIH_(Hungary)_-_NAIH-359-10\u002F2026&diff=51836&oldid=0","2026-06-09T08:10:02+00:00",{"id":75,"title":76,"slug":77,"brief":78,"ai_summary":79,"url":80,"image_url":25,"published_at":81},"df63cbd8-a8c6-4414-8726-197ab33818de","AEPD (Spain) - PS-00143-2025","aepd-spain-ps-00143-2025-e007d6","Spain's AEPD fines CaixaBank €400,000 for data disclosure to third parties.","Spain's data protection authority (AEPD) has fined CaixaBank €400,000 for multiple instances of personal data disclosure to unauthorized third parties. The incidents involved sending complaint responses addressed to one party to another, and mistakenly sending documents containing sensitive customer information, including overdraft and mortgage details, to unrelated individuals. The AEPD cited violations of GDPR articles related to data integrity and security, and the implementation of appropriate technical and organizational measures.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AEPD_(Spain)_-_PS-00143-2025&diff=51834&oldid=51829","2026-06-09T06:16:00+00:00",{"id":83,"title":84,"slug":85,"brief":86,"ai_summary":87,"url":88,"image_url":89,"published_at":90},"9b7a6639-b2e2-40b5-8554-cc56dbe01ca8","WhatsApp Catches Spyware Firm NSO Defying No-Hacking Court Order","whatsapp-catches-spyware-firm-nso-defying-no-hacking-court-order-c606e0","WhatsApp files contempt order against NSO Group for violating court injunction.","WhatsApp has filed a federal court contempt order against NSO Group for allegedly violating a permanent injunction that prohibits the spyware maker from targeting WhatsApp and its users. This action follows WhatsApp's detection of a social engineering attack linked to NSO, which WhatsApp claims is a direct defiance of the court's order. NSO Group has been under legal scrutiny since 2019, facing lawsuits and injunctions related to the exploitation of vulnerabilities to deliver spyware.","https:\u002F\u002Fwww.securityweek.com\u002Fwhatsapp-catches-spyware-firm-nso-defying-no-hacking-court-order\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F03\u002FWhatsApp-Exploits.jpg","2026-06-08T13:23:03+00:00",{"id":92,"title":93,"slug":94,"brief":95,"ai_summary":96,"url":97,"image_url":98,"published_at":99},"ea796ce7-7714-42a7-b0b3-e3fb1f68523d","Chrome 149 Patches 429 Vulnerabilities","chrome-149-patches-429-vulnerabilities-6ba61a","Google releases Chrome 149 with patches for record 429 vulnerabilities, over 100 critical\u002Fhigh-severity.","Google promoted Chrome 149 to the stable channel, patching a record 429 vulnerabilities in a single release. Over 100 of the resolved flaws are critical or high-severity, predominantly use-after-free and insufficient input validation issues. The most severe vulnerability (CVE-2026-10881, CVSS 9.6) is an out-of-bounds read\u002Fwrite in the ANGLE graphics engine that could allow sandbox escape and code execution.","https:\u002F\u002Fwww.securityweek.com\u002Fchrome-149-patches-429-vulnerabilities\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2023\u002F04\u002FChrome-Zero-Day-exploits.jpg","2026-06-05T11:13:57+00:00",{"id":101,"title":102,"slug":103,"brief":104,"ai_summary":105,"url":106,"image_url":107,"published_at":108},"412a3ce4-d075-48db-ac5b-119d45e4c569","🚨🇫🇷 A threat actor known as nearlevrai is selling two datasets allegedly tied to L'Assurance M...","a-threat-actor-known-as-nearlevrai-is-selling-two-datasets-allegedly-tied-to-l-a-264978","Threat actor nearlevrai selling datasets from French health insurer and parcel delivery firm.","Threat actor nearlevrai is offering two datasets for sale allegedly stolen from L'Assurance Maladie (French national health insurance system) and Colis Privé (French parcel delivery company). The actor claims the breach involves approximately 19 million health insurance records and 24 million parcel delivery records. This incident affects sensitive personal health and logistics data in France and likely triggers GDPR enforcement scrutiny.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2062605368220430541","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHJ_YeRbWwAAAMhk.jpg","2026-06-04T18:40:15+00:00",{"id":110,"title":111,"slug":112,"brief":113,"ai_summary":114,"url":115,"image_url":116,"published_at":117},"7423711b-79f5-469a-b37d-96b43a883e2c","🚨🇫🇷 A threat actor known as ChimeraZ is distributing a dataset allegedly scraped from https:\u002F\u002F...","a-threat-actor-known-as-chimeraz-is-distributing-a-dataset-allegedly-scraped-fro-de3a11","ChimeraZ threat actor distributes dataset allegedly scraped from French optical retailer Krys with 294,000 records.","A threat actor known as ChimeraZ is distributing a dataset allegedly scraped from Krys, a French optical retailer with over 1,000 stores across France. The actor claims the dataset contains approximately 294,000 records. This incident represents a significant data breach affecting a major French retail chain with potential privacy implications for affected customers.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2062302100370202784","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHJ7EzDwWYAAEigs.jpg","2026-06-03T22:35:11+00:00",{"id":119,"title":120,"slug":121,"brief":122,"ai_summary":123,"url":124,"image_url":125,"published_at":126},"d38a9d72-55f3-4621-b765-feb68707acec","🚨🇫🇷 A threat actor known as xMetah is distributing a dataset allegedly scraped from Bouygues T...","a-threat-actor-known-as-xmetah-is-distributing-a-dataset-allegedly-scraped-from--aad61d","Threat actor xMetah claims to have scraped 4.1M records from Bouygues Telecom, France's largest telco.","Threat actor xMetah is distributing a dataset allegedly scraped from Bouygues Telecom, one of France's largest telecommunications providers. The actor claims approximately 4.1 million records are exposed, with roughly 34,000 rows released publicly and the remainder offered for sale. This represents a significant data breach affecting a major French telecom operator.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2062241722160349213","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHJ6N3g5XIAAp6lv.jpg","2026-06-03T18:35:15+00:00",{"id":128,"title":129,"slug":130,"brief":131,"ai_summary":132,"url":133,"image_url":134,"published_at":135},"c2a9a324-1aaa-4b90-9c88-a196cfd67c2c","🚨🇫🇷 Threat Actor Claims to Sell a Carvivo Automotive Lead Database Affecting Millions in Franc...","threat-actor-claims-to-sell-a-carvivo-automotive-lead-database-affecting-million-446601","Threat actor claims to sell Carvivo automotive lead database affecting millions in France.","A threat actor has announced the sale of a stolen Carvivo automotive lead database allegedly containing personal data of millions of individuals in France. The breach impacts the automotive industry and raises significant privacy concerns under GDPR. The incident highlights ongoing risks to customer databases held by automotive lead generation platforms.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2062216644663865402",null,"2026-06-03T16:55:36+00:00",{"id":137,"title":138,"slug":139,"brief":140,"ai_summary":141,"url":142,"image_url":143,"published_at":144},"e81dc2c0-2e2c-4491-8fc6-ba4d15be1189","IMA Diligence Services Data Breach Impacts 525,000 People","ima-diligence-services-data-breach-impacts-525-000-people-448874","IMA Diligence Services data breach impacts 525,000 people; Genesis ransomware claims 700GB stolen data.","IMA Diligence Services notified over 525,000 individuals of a data breach affecting a legacy server managed by a third party. Attackers accessed the server between December 8–16 and exfiltrated personal information including names, SSNs, driver's licenses, financial data, and medical records. The Genesis ransomware group claimed responsibility and posted 700GB of stolen data on its Tor-based leak site.","https:\u002F\u002Fwww.securityweek.com\u002Fima-diligence-services-data-breach-impacts-525000-people\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2025\u002F10\u002Fbank-finance-lender-credit-union-hack.jpeg","2026-06-03T12:08:25+00:00",{"id":146,"title":147,"slug":148,"brief":149,"ai_summary":150,"url":151,"image_url":152,"published_at":153},"6bda8bed-023b-4144-95a7-7d9d3f27b38a","ANSPDCP (Romania) - Fine against Unicredit Bank SA","anspdcp-romania-fine-against-unicredit-bank-sa-543b4b","Romanian DPA fines Unicredit Bank €12,000 for inadequate security measures and delayed breach notification.","Romania's ANSPDCP fined Unicredit Bank SA a total of €12,000 (RON 62,714) for violating GDPR Articles 32 and 33. The bank failed to implement appropriate technical and organizational measures, resulting in unauthorized disclosure of customer data (names, addresses, property details, mortgage status) via erroneous insurance policy notifications sent to wrong recipients due to improper manual file processing. Additionally, the bank failed to notify the breach within the required 72-hour deadline.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=ANSPDCP_(Romania)_-_Fine_against_Unicredit_Bank_SA&diff=51819&oldid=0","https:\u002F\u002Fgdprhub.eu\u002Fimages\u002Fc\u002Fc2\u002FLogoRO.jpg","2026-06-03T09:39:39+00:00",{"id":155,"title":156,"slug":157,"brief":158,"ai_summary":159,"url":160,"image_url":25,"published_at":161},"8214f35f-0815-4834-8921-a8b432ab8d2d","AEPD (Spain) - PS-00005-2025","aepd-spain-ps-00005-2025-2bf2ea","Spain's AEPD fines Amadeus IT Group €18M for unlawful reuse of travel data without proper legal basis.","Spain's data protection authority (AEPD) fined Amadeus IT Group €18 million for violating GDPR Articles 6 and 14 by repurposing passenger name record (PNR) data originally collected for travel reservations to test a new product without adequate consent or information provision. The case involved the unlawful consolidation and profiling of traveler data across its Global Distribution System, with the DPA finding that general privacy policy disclosures were insufficient given the B2B nature of the service and lack of direct consumer relationship.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AEPD_(Spain)_-_PS-00005-2025&diff=51817&oldid=51808","2026-06-03T08:52:58+00:00",{"id":163,"title":76,"slug":164,"brief":165,"ai_summary":166,"url":167,"image_url":25,"published_at":168},"9fe2156e-ea69-4109-bb05-b0cf52390133","aepd-spain-ps-00143-2025-b522a8","AEPD fines CaixaBank €400K for sending customer complaints to wrong recipients, violating GDPR Article 25.","Spain's data protection authority (AEPD) fined CaixaBank €400,000 for wrongfully disclosing customer complaint documents to third parties and failing to implement adequate data protection by design and by default measures under GDPR Article 25. The violations involved multiple incidents where personal data including names, ID numbers, bank account information, and financial details were sent to incorrect recipients due to systemic failures in the complaint-handling process. The DPA rejected CaixaBank's argument that banking sector compliance and supervision were sufficient, requiring the organization to implement technical and organizational controls to prevent, detect, and mitigate such errors.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AEPD_(Spain)_-_PS-00143-2025&diff=51814&oldid=51812","2026-06-03T08:52:25+00:00",{"id":170,"title":76,"slug":171,"brief":172,"ai_summary":173,"url":174,"image_url":25,"published_at":175},"b054ca31-b68e-424c-999a-d4c1d0845a9f","aepd-spain-ps-00143-2025-4ea25f","AEPD fines CaixaBank €400,000 for failing to implement data protection by design measures","Spain's AEPD (Autoridad de Protección de Datos) fined CaixaBank €400,000 for violating Article 25 GDPR by failing to implement adequate data protection by design and by default measures in its Customer Service Department. The bank wrongly sent customer complaint documents containing sensitive banking and financial data to third parties due to human error and inadequate technical controls. The DPA rejected CaixaBank's argument that banking sector compliance was sufficient, holding that GDPR compliance is independent and mandatory.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AEPD_(Spain)_-_PS-00143-2025&diff=51812&oldid=51810","2026-06-03T08:51:18+00:00",{"id":177,"title":156,"slug":178,"brief":179,"ai_summary":180,"url":181,"image_url":25,"published_at":182},"e222b3d3-0b7f-4667-8ae7-6175e27f30fd","aepd-spain-ps-00005-2025-29a6fb","Spain's AEPD fines Amadeus IT Group €14.4M for unauthorized use of traveler data in product testing.","Spain's Data Protection Authority (AEPD) fined Amadeus IT Group €14.4 million for violating GDPR Article 14 by using passenger name record (PNR) data collected for travel reservations to test a new product without proper consent or notification. The controller failed to inform data subjects about the secondary use of their personal data, relying instead on a general privacy policy notice that was insufficient given the B2B nature of its Global Distribution System service.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AEPD_(Spain)_-_PS-00005-2025&diff=51808&oldid=51802","2026-06-03T08:46:13+00:00",{"id":184,"title":185,"slug":186,"brief":187,"ai_summary":188,"url":189,"image_url":190,"published_at":191},"25c21f50-64ff-4c94-a83c-730a2529eb97","CNIL (France) - SAN-2026-008","cnil-france-san-2026-008-ee2bfe","CNIL fines IQVIA €5M for insufficient anonymisation in pharmacy and medical-record data warehouses.","France's CNIL data protection authority issued a €5 million fine to IQVIA Operations France for breaches of GDPR and French health-data regulations. The pharmaceutical consulting firm failed to properly anonymise patient data in its LRX (pharmacy) and EMR (medical records) repositories, allowing individuals to be re-identified despite pseudonymisation measures. The DPA found that patients were not adequately informed of data processing and ordered the controller to bring its operations into compliance.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=CNIL_(France)_-_SAN-2026-008&diff=51804&oldid=51791","https:\u002F\u002Fgdprhub.eu\u002Fimages\u002Fthumb\u002F0\u002F0f\u002FLogoFR.png\u002F1200px-LogoFR.png","2026-06-03T08:11:15+00:00",{"id":193,"title":194,"slug":195,"brief":196,"ai_summary":197,"url":198,"image_url":48,"published_at":199},"330f72e5-57b7-4eb9-81a7-afe29130972d","CE - No. 492836","ce-no-492836-2d447f","French court reduces Tagadamedia GDPR fine to €50K for invalid consent forms in marketing data transfers.","France's Supreme Administrative Court (Conseil d'État) confirmed that Tagadamedia, an online competition organiser, failed to obtain valid GDPR consent for transferring participant data to commercial partners for marketing purposes. The court found the consent forms used deceptive design patterns (prominent agree buttons with less visible decline options) that violated Articles 6 and 7 of GDPR. While upholding the violation, the court reduced the original €75,000 fine to €50,000 due to procedural errors committed by CNIL during the investigation.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=CE_-_No._492836&diff=51803&oldid=51788","2026-06-03T08:09:51+00:00",{"id":201,"title":156,"slug":202,"brief":203,"ai_summary":204,"url":205,"image_url":25,"published_at":206},"2221f314-cbff-4f08-b1e4-dca27967d077","aepd-spain-ps-00005-2025-1e9f41","Spain's AEPD fines Amadeus €14.4M for using passenger data to test new product without consent","Spain's data protection authority (AEPD) fined Amadeus IT Group €14.4M for unlawfully using passenger name record (PNR) data originally collected for travel reservations to test a new product without proper consent or legal basis. The DPA found violations of GDPR Articles 6 and 14, ruling that the controller failed to inform data subjects of the secondary processing purpose and could not justify the use under legitimate interest. Amadeus claimed the pilot was never commercialized and later discarded, but the DPA determined that a general privacy notice was insufficient to meet transparency obligations for B2B services with indirect data subjects.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AEPD_(Spain)_-_PS-00005-2025&diff=51802&oldid=51786","2026-06-03T08:04:20+00:00",{"id":208,"title":209,"slug":210,"brief":211,"ai_summary":212,"url":213,"image_url":134,"published_at":214},"755d47e8-3f18-441a-9473-9c31f3243ab3","🚨🇪🇸 Threat Actor Claims to Sell a 110 GB Iberdrola Customer Database Affecting 7 Million Custo...","threat-actor-claims-to-sell-a-110-gb-iberdrola-customer-database-affecting-7-mil-84aa52","Threat actor claims to sell 110 GB Iberdrola customer database affecting 7 million users.","A threat actor has publicly claimed to be selling a 110 GB database containing customer information from Iberdrola, Spain's largest electricity company, allegedly affecting approximately 7 million customers. The breach exposes personal and potentially sensitive utility customer data to criminal buyers on underground markets. This represents a significant privacy incident requiring immediate investigation by Spanish authorities and regulatory response under GDPR.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2061833327007432929","2026-06-02T15:32:26+00:00",{"id":216,"title":20,"slug":217,"brief":218,"ai_summary":219,"url":220,"image_url":25,"published_at":221},"838ec0a1-15a9-44c4-b960-842bf7675d13","aepd-spain-ps-00437-2024-b939ca","AEPD fines Iberia €650,000 for inadequate data security after processor breach exposed personal data across EU.","Spain's DPA (AEPD) issued a €650,000 fine to Iberia Líneas Aéreas de España for violating GDPR Articles 5(1)(f), 32, and 34 following a February 2023 data breach caused by unauthorized access to a processor's systems. The breach exposed personal data of employees and corporate clients across nine EU Member States, but the controller failed to conduct adequate risk assessments and implement appropriate security measures. The DPA also found the controller failed to notify affected data subjects despite indicators that breach notification was required.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AEPD_(Spain)_-_PS-00437-2024&diff=51792&oldid=0","2026-06-02T13:42:48+00:00",{"id":223,"title":185,"slug":224,"brief":225,"ai_summary":226,"url":227,"image_url":190,"published_at":228},"4d1d75e8-a539-49a3-bec0-cfef066186b8","cnil-france-san-2026-008-9ce175","CNIL fines IQVIA €5M for GDPR and French health-data breaches in pharmacy and medical-record warehouses.","France's CNIL data protection authority issued a €5 million fine to IQVIA Operations France for violations of GDPR Articles 14 and 25, and French health-data regulations in its LRX (pharmacy) and EMR (medical-record) repositories. The DPA found that despite pseudonymisation claims, patients could still be singled out and were not properly informed of data collection and processing activities. The investigation began in June 2021 and concluded in April 2026.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=CNIL_(France)_-_SAN-2026-008&diff=51791&oldid=51769","2026-06-02T13:15:33+00:00",{"id":230,"title":194,"slug":231,"brief":232,"ai_summary":233,"url":234,"image_url":48,"published_at":235},"0ff33a00-9557-4ec3-ad5b-8b526bc64695","ce-no-492836-934132","French court reduces CNIL fine against Tagadamedia from €75K to €50K but upholds invalid consent forms.","France's administrative court (Conseil d'État) partially upheld CNIL's enforcement action against Tagadamedia, a lead generation company, reducing the fine from €75,000 to €50,000 on procedural grounds while confirming the company's consent forms failed to meet GDPR requirements. The court found that Tagadamedia's forms used dark patterns—prominent 'agree' buttons with less visible decline options—to collect invalid consent for transferring personal data to marketing partners. The ruling reinforces that consent mechanisms must present affirmative and negative options with equal visual prominence to comply with GDPR Articles 6 and 7.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=CE_-_No._492836&diff=51788&oldid=51784","2026-06-02T11:40:46+00:00",{"id":237,"title":156,"slug":238,"brief":239,"ai_summary":240,"url":241,"image_url":25,"published_at":242},"87a54bae-017a-4cb6-952d-3421b2479386","aepd-spain-ps-00005-2025-60b398","Spain's AEPD fines Amadeus €14.4M for reusing traveler PNR data without consent or legal basis.","Spain's Data Protection Authority (AEPD) fined Amadeus €14.4M for violating GDPR Articles 6 and 14 by reusing passenger name record (PNR) data originally collected for reservations to test a new product without proper legal basis or data subject notification. The company failed to provide required information about the secondary purpose and could not rely on legitimate interest, while also violating EU Regulation 80\u002F2009 retention limits. Amadeus made a voluntary settlement payment at 80% of the original €18M fine to terminate proceedings.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AEPD_(Spain)_-_PS-00005-2025&diff=51786&oldid=51750","2026-06-02T11:33:24+00:00",{"id":244,"title":194,"slug":245,"brief":246,"ai_summary":247,"url":248,"image_url":48,"published_at":249},"d717c6e1-384f-4ddc-9161-cbd481314c51","ce-no-492836-144053","French court reduces CNIL fine against Tagadamedia from €75,000 to €50,000, upholding GDPR consent violations.","The French Conseil d'État (CE) reduced a fine issued by the CNIL against Tagadamedia, a lead generation company, from €75,000 to €50,000. The court upheld the CNIL's finding that Tagadamedia's consent forms did not validly collect GDPR consent for transferring personal data to commercial partners. The court found that the consent mechanisms did not allow users to give free, specific, informed, and unambiguous consent.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=CE_-_No._492836&diff=51784&oldid=51752","2026-06-01T07:53:07+00:00",{"id":251,"title":252,"slug":253,"brief":254,"ai_summary":255,"url":256,"image_url":257,"published_at":258},"4bba2c26-83a5-4a82-91c7-1037843d1fa2","🚨🇺🇸 HungerRush allegedly targeted in breach exposing 26.8M+ customers\n\nA threat actor on an un...","hungerrush-allegedly-targeted-in-breach-exposing-26-8m-customers-a-threat-actor--2b9928","HungerRush breach exposes 26.8M+ customer records claimed by threat actor.","A threat actor claims to have breached HungerRush, a U.S. restaurant technology provider, exposing over 26.8 million customer records on an underground forum. HungerRush provides cloud-based solutions to the food service industry. The incident raises significant concerns about customer data protection in the restaurant tech sector.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2060861067031458264","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHJmmHOUXsAMHEGj.jpg","2026-05-30T23:09:01+00:00",{"id":260,"title":261,"slug":262,"brief":263,"ai_summary":264,"url":265,"image_url":266,"published_at":267},"739f641a-5892-40da-9c60-528419f64144","🚨🇨🇴 Colombian government systems allegedly compromised by EsqueleSquad (150 GB)\n\nA threat acto...","colombian-government-systems-allegedly-compromised-by-esquelesquad-150-gb-a-thre-abc111","EsqueleSquad claims to have compromised 15 Colombian government databases, extracting 150 GB of data.","A threat actor group calling itself EsqueleSquad has claimed responsibility for compromising 15 official Colombian government databases and extracting approximately 150 GB of data directly from internal servers. The group made the announcement on an underground forum, presenting what they claim to be stolen government data. This incident raises significant concerns about Colombian government cybersecurity infrastructure and potential exposure of sensitive state information.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2060799972505972951","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHJlulI5XoAIdqZg.jpg","2026-05-30T19:06:15+00:00",{"id":269,"title":270,"slug":271,"brief":272,"ai_summary":273,"url":274,"image_url":275,"published_at":276},"ad2a9678-384a-4910-8779-c5806b049778","California AG sues 23andMe over 2023 breach exposing health data","california-ag-sues-23andme-over-2023-breach-exposing-health-data-3c8d02","California AG sues 23andMe over 2023 breach exposing genetic data of 6.9M customers","California Attorney General Rob Bonta filed a lawsuit against 23andMe for failing to protect sensitive genetic and health data in a 2023 credential-stuffing breach that exposed information on nearly 7 million customers, including 855,541 Californians. The company allegedly failed to implement reasonable safeguards, missed intrusion detection opportunities, and made misleading public statements about the incident. The complaint seeks injunctions and statutory penalties of $1,000–$7,500 per violation under California's CCPA, Genetic Information Privacy Act, Reasonable Data Security Law, False Advertising Law, and Unfair Competition Law.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fcalifornia-ag-sues-23andme-over-2023-breach-exposing-health-data\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2024\u002F01\u002F25\u002F23andMe.jpg","2026-05-29T18:08:47+00:00",{"id":278,"title":279,"slug":280,"brief":281,"ai_summary":282,"url":283,"image_url":284,"published_at":285},"43be0ada-960b-4554-afdf-5c999069d56a","Persónuvernd (Island) - 2021051091","personuvernd-island-2021051091-e53f39","Persónuvernd fined a controller €10,059.92 for GDPR violations related to employee monitoring.","The Icelandic DPA, Persónuvernd, fined a controller €10,059.92 for violating GDPR articles 5, 6, 12, and 13. The violations stemmed from inadequate transparency and legal basis for employee monitoring, failure to properly inform employees, and not keeping records of processing activities.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=Pers%C3%B3nuvernd_(Island)_-_2021051091&diff=51778&oldid=40567","https:\u002F\u002Fgdprhub.eu\u002Fimages\u002Fthumb\u002F7\u002F7d\u002FLogoIS.png\u002F1200px-LogoIS.png","2026-05-29T14:38:03+00:00",{"id":287,"title":185,"slug":288,"brief":289,"ai_summary":290,"url":291,"image_url":190,"published_at":292},"b686aaef-3bef-4dca-a3cb-9b598fb6f701","cnil-france-san-2026-008-f6ca40","CNIL fines healthcare data controller €5M for GDPR breaches in EMR and pharmacy repositories.","France's CNIL (Data Protection Authority) issued a €5 million fine against a healthcare data controller for multiple GDPR and French Data Protection Act violations. Violations included failing to provide accurate information notices to patients in the EMR repository, not ensuring patients' right to object, failing to inform pharmacy patients about data transfers (Article 14 GDPR breach), conducting unauthorised studies on health data, and implementing insufficient data protection by design in pharmacy software that systematically extracted patient data without consent.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=CNIL_(France)_-_SAN-2026-008&diff=51769&oldid=51768","2026-05-29T11:54:48+00:00",{"id":294,"title":185,"slug":295,"brief":296,"ai_summary":297,"url":298,"image_url":190,"published_at":299},"4fb6a39c-9511-4778-addf-3c0e7233b5de","cnil-france-san-2026-008-9558e8","CNIL fines IQVIA €5M for GDPR breaches in health data pseudonymisation and patient notification.","France's CNIL issued a €5 million fine to IQVIA Operations France for violations of GDPR Articles 14 and 25, finding that patients could be re-identified despite pseudonymisation of pharmacy and medical records data, and were not properly informed of data processing. The breaches involved two health data repositories (LRX pharmacy data and EMR physician consultation data) containing information on approximately 20 million patients, where pseudonymisation and consent mechanisms were deemed inadequate.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=CNIL_(France)_-_SAN-2026-008&diff=51768&oldid=0","2026-05-29T11:51:59+00:00",{"id":301,"title":302,"slug":303,"brief":304,"ai_summary":305,"url":306,"image_url":98,"published_at":307},"e4672013-e3ee-4ab1-b3d5-19835ded4419","Chrome 148 Update Patches 151 Vulnerabilities","chrome-148-update-patches-151-vulnerabilities-44e32b","Chrome 148 update patches 151 vulnerabilities including 22 critical-severity flaws.","Google released Chrome 148, resolving 151 vulnerabilities with 22 critical-severity flaws that could enable remote code execution and sandbox escape. The most severe issues are CVE-2026-9872 (out-of-bounds write in GPU) and CVE-2026-9873 (use-after-free in Network), each earning $43,000 bug bounty rewards. The update also patches 123 high-severity and 6 medium-severity weaknesses, with use-after-free bugs dominating the vulnerability landscape.","https:\u002F\u002Fwww.securityweek.com\u002Fchrome-148-update-patches-151-vulnerabilities\u002F","2026-05-29T10:17:23+00:00",{"id":309,"title":310,"slug":311,"brief":312,"ai_summary":313,"url":314,"image_url":48,"published_at":315},"cf589981-cbdb-4bfb-be76-d2d4b201294e","ΔΔΚ - 1421\u002F2022","1421-2022-eb0c99","Cyprus court annuls €5,000 GDPR fine against Judo Federation due to lack of controller\u002Fprocessor establishment.","A Cypriot court annulled a €5,000 fine issued by the Commissioner for Personal Data Protection against the Pancyprian Judo Federation for failing to cooperate with an investigation. The court held that the DPA had not sufficiently established that the federation acted as either a data controller or processor under GDPR, a prerequisite for applying Articles 31, 58, and 83.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=%CE%94%CE%94%CE%9A_-_1421\u002F2022&diff=51761&oldid=51759","2026-05-29T08:15:11+00:00",{"id":317,"title":318,"slug":319,"brief":320,"ai_summary":321,"url":322,"image_url":48,"published_at":323},"3a2efac8-d8ab-4074-9b43-048b92810b27","ΔΔΚ - 14\u002F2021","14-2021-62c86b","Cyprus court upholds GDPR breach finding but annuls fines for football clubs and ticket platform provider.","A Cyprus court upheld the data protection authority's finding that two football clubs and their ticket platform provider failed to implement adequate security measures, leading to a data breach. The breach exposed fans' personal data through a vulnerability in the online platform. However, the court annulled the fines initially imposed, citing proportionality concerns.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=%CE%94%CE%94%CE%9A_-_14\u002F2021&diff=51760&oldid=51685","2026-05-29T08:13:15+00:00",{"id":325,"title":326,"slug":327,"brief":328,"ai_summary":329,"url":330,"image_url":331,"published_at":332},"a30a5e73-f867-4e4c-87ab-a8ff0a029cd4","French Government Platform Resana Listed in Alleged 990K-Record User Data Sale","french-government-platform-resana-listed-in-alleged-990k-record-user-data-sale-1f2540","French government collaboration platform Resana's 990K user records allegedly sold on dark web by xMetah.","A threat actor using the alias xMetah claims to be selling a database allegedly belonging to Resana, a French government collaboration platform hosted on the state's numerique.gouv.fr domain, containing approximately 990,000 user records. The breach affects a critical government infrastructure tool and raises significant concerns under GDPR and French data protection regulations. This incident highlights vulnerabilities in state-operated digital platforms and suggests potential exposure of French government employees and citizens' personal data.","https:\u002F\u002Fdarkwebinformer.com\u002Ffrench-government-platform-resana-listed-in-alleged-990k-record-user-data-sale\u002F","https:\u002F\u002Fstorage.ghost.io\u002Fc\u002F6b\u002F16\u002F6b16ac9c-cd67-432f-b0f3-bbec941084ff\u002Fcontent\u002Fimages\u002F2026\u002F05\u002F972865326835679823597862398753.png","2026-05-28T16:09:40+00:00",{"id":334,"title":310,"slug":335,"brief":336,"ai_summary":337,"url":338,"image_url":48,"published_at":339},"bac47b0e-5570-4dcb-8e36-c326887ef378","1421-2022-d1cd42","A court in Cyprus annulled a €5,000 GDPR fine against a sports federation due to a lack of controller\u002Fprocessor status.","A Cypriot court annulled a €5,000 fine issued by the Data Protection Authority (DPA) against the Pancyprian Judo Federation for failing to cooperate with an investigation. The court ruled that the DPA had not sufficiently demonstrated that the federation acted as either a data controller or processor under GDPR, thus the fine was not applicable.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=%CE%94%CE%94%CE%9A_-_1421\u002F2022&diff=51758&oldid=0","2026-05-28T15:09:52+00:00",{"id":341,"title":342,"slug":343,"brief":344,"ai_summary":345,"url":346,"image_url":134,"published_at":347},"3dc78ec9-6c12-434e-b5cf-84b2197f8893","Données de santé : sanction de 5 millions d’euros à l’encontre de la société IQVIA","donnees-de-sante-sanction-de-5-millions-d-euros-a-l-encontre-de-la-societe-iqvia-e3042c","CNIL fines IQVIA €5M for failing to protect health data and inform patients.","France's CNIL data protection authority sanctioned IQVIA Operations France with a €5 million fine on May 26, 2026, for violations in managing two health data warehouses (LRX and EMR). The company failed to respect authorization conditions regarding data security, transparency, and individuals' rights, affecting tens of millions of people. CNIL also imposed mandatory corrective measures within six months under penalty of €10,000 per day of delay.","https:\u002F\u002Fwww.cnil.fr\u002Ffr\u002Fdonnees-sante-sanction-5-millions-iqvia","2026-05-28T12:00:00+00:00",{"id":349,"title":156,"slug":350,"brief":351,"ai_summary":352,"url":353,"image_url":25,"published_at":354},"7ac457af-1323-4986-ad56-9b2741b12201","aepd-spain-ps-00005-2025-add9ab","Spain's AEPD fines Amadeus IT Group €18M for unlawful PNR data reuse without consent or legal basis.","Spain's data protection authority (AEPD) fined Amadeus IT Group €18 million for violating GDPR Articles 6 and 14 by reusing traveller Passenger Name Record (PNR) data originally collected for reservations to test a new product without proper legal basis or notification. The company, which operates a Global Distribution System (GDS) used by airlines and travel agencies, failed to adequately inform data subjects of the secondary use and could not justify the processing under legitimate interest, as travelers had no reasonable expectation their data would be reused years later by a company they had no direct relationship with.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=AEPD_(Spain)_-_PS-00005-2025&diff=51750&oldid=0","2026-05-27T13:39:39+00:00",{"id":356,"title":357,"slug":358,"brief":359,"ai_summary":360,"url":361,"image_url":362,"published_at":363},"82907f5d-e093-424d-850d-0be2a513e6f7","Romanian Hacker Sentenced to Prison in US for Selling Access to State Network","romanian-hacker-sentenced-to-prison-in-us-for-selling-access-to-state-network-671073","Romanian hacker sentenced to 4 years 8 months for selling stolen access to Oregon state network.","Catalin Dragomir, a 45-year-old Romanian national, was sentenced to 4 years and 8 months in prison for hacking into an Oregon state government office network in June 2021 and selling access for $3,000 in Bitcoin. He admitted to selling compromised network access from at least 10 organizations, resulting in losses exceeding $250,000. Dragomir was arrested in Romania in November 2024, extradited to the US in January 2025, and pleaded guilty in February 2026.","https:\u002F\u002Fwww.securityweek.com\u002Fromanian-hacker-sentenced-to-prison-in-us-for-selling-access-to-state-network\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2024\u002F03\u002Fhacker-sentenced-prison.jpeg","2026-05-27T11:37:19+00:00",{"id":365,"title":366,"slug":367,"brief":368,"ai_summary":369,"url":370,"image_url":371,"published_at":372},"30992f97-f59e-41e0-8991-e0b2f75c0411","185,000 Likely Impacted by 7-Eleven Data Breach","185-000-likely-impacted-by-7-eleven-data-breach-142de8","7-Eleven confirms April 8 data breach affecting 185,000 individuals; ShinyHunters claims responsibility.","7-Eleven suffered a data breach on April 8, 2024, affecting approximately 185,300 individuals through compromised Salesforce systems containing franchise documents. The ShinyHunters extortion group claimed responsibility, initially demanding ransom by April 21 before later offering the stolen data for sale on Russian forums. The leaked dataset includes names, addresses, email addresses, and dates of birth, with the data subsequently published online and added to HaveIBeenPwned.","https:\u002F\u002Fwww.securityweek.com\u002F185000-likely-impacted-by-7-eleven-data-breach\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F05\u002F7-Eleven.jpeg","2026-05-26T11:59:40+00:00",{"id":374,"title":375,"slug":376,"brief":377,"ai_summary":378,"url":379,"image_url":16,"published_at":380},"aa44b0c2-dce2-499c-8e18-490d7e847ff0","Garante per la protezione dei dati personali (Italy) - 280\u002F2026","garante-per-la-protezione-dei-dati-personali-italy-280-2026-dd7b03","Italy's DPA fines Ambrosetti €85K for delayed breach notification and weak password storage.","Italy's Garante per la protezione dei dati personali issued a €85,000 fine against Ambrosetti S.p.A., a consulting company, for violations of GDPR Articles 5, 32, and 34 following a 2024 data breach affecting approximately 62,000 data subjects. The DPA found the company failed to notify affected individuals within required timeframes, stored passwords in plain text and weak formats, and retained credentials unnecessarily. The controller also falsely assumed external contractors were monitoring system security, demonstrating negligent data protection practices.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=Garante_per_la_protezione_dei_dati_personali_(Italy)_-_280\u002F2026&diff=51731&oldid=51730","2026-05-26T11:45:25+00:00",{"id":382,"title":375,"slug":383,"brief":384,"ai_summary":385,"url":386,"image_url":16,"published_at":387},"b617cf4b-38b6-4967-9383-bc47a8fd5464","garante-per-la-protezione-dei-dati-personali-italy-280-2026-fa9073","Italy's DPA fines Ambrosetti €85,000 for data breach and delayed notification to 62,000 subjects","Italy's Garante per la protezione dei dati personali fined consulting company Ambrosetti S.p.A. €85,000 for violations of GDPR Articles 5, 32, 33, and 34 following a 2024 data breach affecting approximately 62,000 data subjects. The DPA found the company failed to ensure adequate security (storing passwords in plain text and insufficiently), retained data beyond necessity, and critically delayed notifying affected individuals until ordered to do so by the authority.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=Garante_per_la_protezione_dei_dati_personali_(Italy)_-_280\u002F2026&diff=51730&oldid=0","2026-05-26T11:43:36+00:00",{"id":389,"title":390,"slug":391,"brief":392,"ai_summary":393,"url":394,"image_url":395,"published_at":396},"75a9b6e4-40a8-490f-be38-c50069526f2d","APD\u002FGBA (Belgium) - 102\u002F2026","apd-gba-belgium-102-2026-3f65a8","Belgium's APD\u002FGBA fines water provider €86,000 for inadequate call recording disclosure and missing processor agreement.","The Belgian Data Protection Authority (APD\u002FGBA) imposed two fines totaling €86,000 on SWDE (Société Wallonne des Eaux), a public water provider, for violating GDPR transparency and processor agreement requirements. The authority found that SWDE systematically recorded calls without adequately informing callers, failing to provide meaningful opportunity to object before recording began, and did not maintain a valid data processor agreement as required. The investigation was triggered by an employee complaint in April 2020 regarding call monitoring practices.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=APD\u002FGBA_(Belgium)_-_102\u002F2026&diff=51719&oldid=0","https:\u002F\u002Fgdprhub.eu\u002Fimages\u002F4\u002F44\u002FLogoBE.png","2026-05-26T08:41:38+00:00",{"id":398,"title":399,"slug":400,"brief":401,"ai_summary":402,"url":403,"image_url":134,"published_at":404},"1376ed01-4981-431c-8aa2-7d9999e3d3f9","🚨🇫🇷 French Retailer La Redoute Hit by Alleged 96K-Record Customer & Delivery Data Dump\n\nht...","french-retailer-la-redoute-hit-by-alleged-96k-record-customer-amp-delivery-data--58db67","French retailer La Redoute suffers alleged data breach exposing 96K customer and delivery records.","La Redoute, a major French e-commerce retailer, has been hit by an alleged data breach exposing approximately 96,000 customer and delivery records. The compromised data likely includes personal information such as names, addresses, and order details. This incident may trigger GDPR compliance obligations and investigation by French data protection authorities.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2058945429429985383","2026-05-25T16:16:58+00:00",{"id":406,"title":407,"slug":408,"brief":409,"ai_summary":410,"url":411,"image_url":412,"published_at":413},"5fd24100-2ce1-47b0-ab9c-6789a3a0e517","Oncology Institute Discloses Data Breach","oncology-institute-discloses-data-breach-153b7b","Oncology Institute confirms patient data breach via third-party vendor, likely TriZetto.","The Oncology Institute disclosed that a previously reported cybersecurity incident involving a third-party software vendor has confirmed patient data compromise. The breach, detected in May 2026, affects the cancer care provider and multiple other healthcare organizations; while the vendor remains unnamed, timeline and impact patterns suggest TriZetto Provider Solutions. No ransomware group has claimed responsibility, and Kroll is managing disclosures for affected parties.","https:\u002F\u002Fwww.securityweek.com\u002Foncology-institute-discloses-third-party-data-breach\u002F","https:\u002F\u002Fwww.securityweek.com\u002Fwp-content\u002Fuploads\u002F2026\u002F03\u002Fhealthcare-medical.jpeg","2026-05-25T12:17:02+00:00",[],[],[],[],50]