Panera Bread has confirmed a cyber intrusion after customer contact data linked to more than 5 million people appeared online, marking the latest high-profile breach tied to the ShinyHunters extortion group and its growing focus on identity-based attacks.
UK regulators have launched parallel investigations into the Grok artificial intelligence system following reports that it has been used to generate non-consensual sexualized images and videos of real people, including children.
The Swedish Data Protection Authority (IMY) has identified three areas that will shape its guidance and enforcement work over the coming year: the use of artificial intelligence in the public sector, the protection of children and young people online, and the expanding range of tools used by law enforcement authorities.
France’s privacy regulator (CNIL) has sanctioned France Travail and fined the company €5 million over a breach that occurred in the first quarter of 2024. The regulator concluded that the agency failed to put in place security measures commensurate with the risks involved in processing highly sensitive personal data.
Nike is investigating a potential cybersecurity incident after a cybercrime group claimed it had stolen data from the company’s systems, according to multiple cybersecurity and media reports.
Sweden’s privacy regulator has fined Sportadmin roughly $560,000 (SEK 6 million) after concluding that the company failed to implement adequate IT security measures ahead of a major cyberattack that exposed personal data on more than 2.1 million people.
France’s data protection authority, the CNIL, has imposed a €3.5 million fine on a company for unlawfully using the personal data of its loyalty program members to fuel targeted advertising on a social network. The sanction, adopted on 30 December 2025 and announced publicly on 22 January 2026, stems from long-running practices that the regulator says breached core principles of EU data protection law and affected more than 10.5 million people.