[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"tag:uk-data-protection":3},{"tag":4,"articles":8,"awareness":78,"events":79,"tips":80,"focus_items":81,"total_count":82},{"slug":5,"name":6,"description":7},"uk-data-protection","UK Data Protection","UK GDPR and Data Protection Act 2018",[9,18,27,36,45,54,63,71],{"id":10,"title":11,"slug":12,"brief":13,"ai_summary":14,"url":15,"image_url":16,"published_at":17},"5c2660b2-362e-4f85-aae2-a02c732247a1","UK fines water supplier $1.3M for exposing data of 664k customers","uk-fines-water-supplier-1-3m-for-exposing-data-of-664k-customers-849dd8","UK ICO fines water supplier £963,900 for 2020-2022 cyberattack exposing 664k customers.","The UK Information Commissioner's Office fined South Staffordshire Water Plc £963,900 ($1.3M) for a cyberattack that exposed personal data of 663,887 customers and employees. The breach, initially claimed by Cl0p ransomware gang, began in September 2020 but remained undetected for 20 months until discovery in July 2022; exposed data included names, addresses, email, phone numbers, dates of birth, bank details, and employee HR information. The ICO identified critical security failures including insufficient privilege escalation controls, inadequate monitoring (5% coverage), obsolete software, poor patch management, and lack of security scans.","https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fuk-fines-water-supplier-13m-for-exposing-data-of-664k-customers\u002F","https:\u002F\u002Fwww.bleepstatic.com\u002Fcontent\u002Fhl-images\u002F2025\u002F03\u002F03\u002FUK-ICO.jpg","2026-05-12T20:17:19+00:00",{"id":19,"title":20,"slug":21,"brief":22,"ai_summary":23,"url":24,"image_url":25,"published_at":26},"c1dcf3d5-b424-4282-9b38-eca8f97819fa","BVwG - W298 2323263-1\u002F11E","bvwg-w298-2323263-1-11e-396aa1","Austrian court rules company violated GDPR by recording client conversation without prior informed consent.","An Austrian court (BVwG) upheld a decision by the Austrian DPA that a company violated GDPR by recording client conversations without proper prior consent. The company's representative recorded audio during a meeting that captured personal data (names, email addresses, social media accounts, education details), but only informed the data subjects of the recording clause after the recording had already begun, via contractual documents presented during the meeting. The court rejected arguments based on consent (Article 6(1)(a) and Article 7 GDPR) and legitimate interest (Article 6(1)(f) GDPR), finding the company also breached information obligations under Article 13 GDPR and that secret audio recordings are generally unlawful except in exceptional circumstances.","https:\u002F\u002Fgdprhub.eu\u002Findex.php?title=BVwG_-_W298_2323263-1\u002F11E&diff=51570&oldid=51562","https:\u002F\u002Fgdprhub.eu\u002Fimages\u002F4\u002F4c\u002FCourts_logo1.png","2026-05-05T15:06:52+00:00",{"id":28,"title":29,"slug":30,"brief":31,"ai_summary":32,"url":33,"image_url":34,"published_at":35},"3bf6750d-44fe-42f1-a5ac-e498aea48752","What to do When Your AI Guardrails Fail","what-to-do-when-your-ai-guardrails-fail-ba511b","Microsoft 365 Copilot bug bypassed DLP policies and sensitivity labels for weeks, exposing confidential emails.","A bug in Microsoft 365 Copilot (CW1226324) allowed the AI to read and summarize confidential emails in Sent Items and Drafts folders despite sensitivity labels and Data Loss Prevention policies being correctly configured. The incident exposed a critical architectural flaw: all governance controls lived within the same platform as Copilot, creating a single point of failure with no independent detection layer. The article argues organizations must implement defense-in-depth AI governance with independent data layers rather than trusting vendor-provided controls alone.","https:\u002F\u002Fwww.itsecurityguru.org\u002F2026\u002F04\u002F16\u002Fwhat-to-do-when-your-ai-guardrails-fail\u002F?utm_source=rss&utm_medium=rss&utm_campaign=what-to-do-when-your-ai-guardrails-fail","https:\u002F\u002Fwww.itsecurityguru.org\u002Fwp-content\u002Fuploads\u002F2026\u002F04\u002FAnthony-Young.png","2026-04-16T16:21:11+00:00",{"id":37,"title":38,"slug":39,"brief":40,"ai_summary":41,"url":42,"image_url":43,"published_at":44},"2773b72e-4bc7-4f4f-8e9b-ab0cdef401b6","UK Government Sound Alarm Over AI Security Risk","uk-government-sound-alarm-over-ai-security-risk-79560e","UK government warns AI is accelerating cyber threats and lowering attack barriers for criminals.","UK government leaders and the National Cyber Security Centre (NCSC) issued a joint open letter warning that frontier AI capabilities are doubling every four months, enabling attackers to find and exploit software vulnerabilities at unprecedented scale and speed. The letter emphasizes that AI is democratizing cyberattacks, making sophisticated assaults accessible to less-skilled threat actors, while urging businesses to prioritize board-level cyber accountability, basic hygiene practices, and Cyber Essentials certification. The NCSC assessment highlights that while AI offers defensive benefits, it has fundamentally shifted the attack-defense balance in favor of adversaries.","https:\u002F\u002Fwww.itsecurityguru.org\u002F2026\u002F04\u002F16\u002Fuk-government-sound-alarm-over-ai-security-risk\u002F?utm_source=rss&utm_medium=rss&utm_campaign=uk-government-sound-alarm-over-ai-security-risk","https:\u002F\u002Fwww.itsecurityguru.org\u002Fwp-content\u002Fuploads\u002F2026\u002F04\u002Fpexels-googledeepmind-18069697-scaled.jpg","2026-04-16T15:37:45+00:00",{"id":46,"title":47,"slug":48,"brief":49,"ai_summary":50,"url":51,"image_url":52,"published_at":53},"64b7f0b1-19db-4939-a39a-f2c414b3cf67","‼️🇬🇧 A dataset allegedly originating from The Student Room (https:\u002F\u002Ft.co\u002FqCyxk9yEvo), a major U...","a-dataset-allegedly-originating-from-the-student-room-https-t-co-qcyxk9yevo-a-ma-98df9f","Dataset from UK student platform The Student Room sold on cybercrime forum.","A dataset allegedly stolen from The Student Room, a major UK student community platform, is being offered for sale on a cybercrime forum by threat actor TelephoneHooliganism. The breach exposes personal data of students and poses risks to UK data protection compliance under UK GDPR and Data Protection Act 2018. The incident highlights continued targeting of educational and community platforms by threat actors.","https:\u002F\u002Fx.com\u002FDarkWebInformer\u002Fstatus\u002F2042636359970472276","https:\u002F\u002Fpbs.twimg.com\u002Fmedia\u002FHFjmviAakAUT8Qe.jpg","2026-04-10T16:10:33+00:00",{"id":55,"title":56,"slug":57,"brief":58,"ai_summary":59,"url":60,"image_url":61,"published_at":62},"cf9cc731-9268-4846-92cd-c8198359cd52","The NCSC is encouraging UK organisations to take immediate action to mitigate a recategorised vul...","the-ncsc-is-encouraging-uk-organisations-to-take-immediate-action-to-mitigate-a-","NCSC urges UK organizations to mitigate recategorized F5 BIG-IP Access Policy Manager vulnerability.","The UK National Cyber Security Centre (NCSC) has issued guidance for UK organizations to take immediate action against a vulnerability in F5 BIG-IP Access Policy Manager that has been recategorized, likely to a higher severity level. The advisory emphasizes urgent mitigation measures to protect affected systems from potential exploitation.","https:\u002F\u002Fx.com\u002FNCSC\u002Fstatus\u002F2038583275698995303",null,"2026-03-30T11:45:02+00:00",{"id":64,"title":65,"slug":66,"brief":67,"ai_summary":68,"url":69,"image_url":61,"published_at":70},"270825d5-e905-4d9c-92d5-60a1f9a19781","Vulnerabilities affecting Citrix NetScaler ADC and Citrix NetScaler Gateway","vulnerabilities-affecting-citrix-netscaler-adc-and-citrix-netscaler-gateway","NCSC alerts UK organisations to patch two critical Citrix NetScaler ADC\u002FGateway vulnerabilities.","The UK National Cyber Security Centre (NCSC) has issued an alert regarding two recently disclosed vulnerabilities affecting Citrix NetScaler ADC and NetScaler Gateway products. CVE-2026-3055 involves insufficient input validation in SAML IdP configurations leading to memory overread, while CVE-2026-4368 is a race condition affecting gateway and AAA virtual server configurations that can cause user session mixup. Citrix has released patched versions (14.1-66.59, 13.1-62.23, and 13.1-37.262), and the NCSC recommends UK organisations apply these updates immediately and verify their appliance configurations.","https:\u002F\u002Fwww.ncsc.gov.uk\u002Fnews\u002Fvulnerabilities-affecting-citrix-netscaler-adc-gateway","2026-03-25T17:03:03+00:00",{"id":72,"title":73,"slug":74,"brief":75,"ai_summary":76,"url":77,"image_url":61,"published_at":70},"1313064f-4799-46ed-8646-a0080da89653","The NCSC is encouraging UK organisations to take immediate action to mitigate two recently disclo...","the-ncsc-is-encouraging-uk-organisations-to-take-immediate-action-to-mitigate-tw","NCSC urges UK orgs to mitigate two Citrix NetScaler vulnerabilities immediately.","The UK National Cyber Security Centre (NCSC) has issued an urgent advisory for organisations to address two recently disclosed vulnerabilities affecting Citrix NetScaler ADC and Citrix NetScaler Gateway. The CVEs—CVE-2026-3055 and CVE-2026-4368—pose immediate risk to critical infrastructure and require swift mitigation.","https:\u002F\u002Fx.com\u002FNCSC\u002Fstatus\u002F2036851365578674199",[],[],[],[],8]