IT Security & Privacy

Wind Tre Fined €1.7 Million After Data Breaches Exposed Information of More Than 365,000 Customers

Italy's data protection authority has fined telecommunications provider Wind Tre €1.7156 million after finding serious security deficiencies that enabled attackers to gain unauthorized access to company systems and exfiltrate the personal data of more than 365,000 customers. The decision follows an investigation by the Italian Data Protection Authority, known as the Garante per la Protezione dei Dati Personali, into two data breaches that the company reported in February 2025.

Australian Privacy Regulator Ends Qantas Data Breach Inquiry Without Opening Formal Investigation

When hackers gained access to the personal information of roughly 5 million Australians during the 2025 cyberattack on Qantas, the obvious question was whether the airline had failed in its legal duty to protect that data. After nearly a year of preliminary inquiries, Australia's privacy regulator has answered that question, at least for now.

Austrian High Court Upholds €13 Million GDPR Fine Over Political Profiling

Austria's highest administrative court has brought one of the country's most closely watched data protection cases to a close, confirming that the creation and commercial use of inferred political preferences for millions of people violated the General Data Protection Regulation and clarifying several principles that will shape how GDPR fines are assessed in the years ahead.

23andMe Agrees to $18 Million Settlement Over 2023 Genetic Data Breach

The legal fallout from 23andMe's 2023 data breach is now colliding with the company's bankruptcy proceedings. A coalition of 42 state attorneys general announced Tuesday that it has reached an $18 million settlement with the bankruptcy trustee for 23andMe, resolving allegations that the genetic testing company failed to implement reasonable safeguards before a breach that exposed the information of 6.9 million customers worldwide.

Canadian Securities Regulators Tells Registered Firms to Strengthen Cybersecurity After Review Finds Gaps

The Canadian Securities Administrators did not set out to measure how many firms had suffered cyber incidents. Instead, it examined something more revealing: whether the safeguards meant to prevent those incidents were keeping pace with the way financial firms now operate.

EDPB Draws Sharper Lines Around Anonymous Data & AI Web Scraping

The European Data Protection Board is attempting to answer some of the questions that have lingered around the GDPR almost since the regulation took effect. When is data truly anonymous? What obligations apply when developers scrape the web to train generative AI? And how should organizations think about personal data on blockchain networks?

EU Cybersecurity Survey Finds SMEs Aware of Cyber Resilience Act but Ill-Prepared for Its Demands

Nearly two-thirds of the small and medium-sized businesses surveyed by the European Union’s cybersecurity agency had heard of the Cyber Resilience Act. Knowing that a law exists, however, is not the same as knowing what to do about it.