IT Security & Privacy

South Korea’s Privacy Regulator Hits SK Telecom with $99.9 Million Sanction over Massive Data Breach

South Korea’s Personal Information Protection Commission (PIPC) has imposed one of the country’s largest-ever privacy penalties on SK Telecom (SKT), ordering the mobile carrier to pay $99.9 million (KRW 134.8 billion) after a series of failures that exposed the personal information of more than 23 million subscribers.

Disney to Pay $10 Million in FTC Settlement Over Children’s Data Collection on YouTube

Disney will pay $10 million to settle allegations from the Federal Trade Commission (FTC) that it violated children’s online privacy protections by mislabeling YouTube videos, allowing the unlawful collection of personal data from under-13 viewers. The case not only imposes a financial penalty on one of the biggest names in entertainment but also signals a shift in how regulators expect companies to safeguard kids’ online experiences.

Furniture Retail Chain Fined in GDPR Ruling

The Western High Court in Denmark has imposed a fine of $216,000 (DKK 1.5 million) on ILVA, a Danish furniture retail chain known for its Scandinavian-style home furnishings, for violating the General Data Protection Regulation (GDPR). The ruling establishes an important precedent for how fines against companies are calculated.

Axiom GRC Acquires The DPO Centre to Strengthen Data Protection Capabilities

Axiom GRC has announced the acquisition of The DPO Centre, a leading UK-based provider of outsourced Data Protection Officer (DPO) and privacy services. The deal underscores the growing importance of data protection expertise as organizations face heightened regulatory and technological risks.

AI Oversight Gap Exposed in IBM’s 2025 Cost of a Data Breach Report

For two decades IBM and the Ponemon Institute have tallied the financial fallout of data breaches, tracking everything from stolen laptops in the mid-2000s to ransomware’s pandemic-era surge. The 2025 edition of their Cost of a Data Breach Report marks a turning point. This year the spotlight isn’t on cloud misconfigurations or phishing emails alone, it’s on artificial intelligence.

TransUnion Notifies Consumers of Cyber Incident Affecting Personal Data

TransUnion has disclosed that a cyber incident exposed personal data of U.S. consumers through a third-party application used in its customer support operations. While the company emphasized that no credit reports or core credit information were involved, the incident highlights a growing challenge for regulated businesses: securing the extended web of vendors and applications that support daily operations.

FTC Chairman Warns Tech Giants Against Weakening Data Security Under Foreign Pressure

Federal Trade Commission (FTC) Chairman Andrew N. Ferguson has issued a pointed warning to some of the world’s biggest technology companies to not weaken Americans’ data security or censor speech at the request of foreign governments.