25 articles. Data protection enforcement actions and regulatory analysis. GDPR, PDPL, CCPA, and HIPAA enforcement across MENA, EU, and US.
Fraudsters weaponize the USPTO's real GovDelivery email system as a social engineering prop during live phone scams targeting trademark filers. 77,000+ victims.
CNIL imposed a record EUR 42M fine after an attacker exploited weak VPN authentication to exfiltrate 43.6GB covering 19.2M individuals over 15 days undetected.
FTC and three state AGs imposed a $5.1M settlement after a former employee's dormant credentials were used to access 10.1M student records over 11 days.
ICO fined outsourcing giant Capita GBP 14M after Black Basta exfiltrated 974GB of data, exposing 6.6M individuals across 90+ organizations including the NHS.
CNIL fined SHEIN EUR 150M after 30+ tracking cookies were deployed on 12 million French visitors before obtaining consent, violating ePrivacy and GDPR rules.
Irish DPC fined TikTok EUR 530M for illegally transferring EU user data to China without adequate safeguards, the largest GDPR data transfer fine ever imposed.
Irish DPC fined Meta EUR 251M after a Facebook 'View As' bug let attackers steal access tokens for 29M accounts, exposing names, phone numbers.
Italian DPA fined OpenAI EUR 15M for processing EU personal data to train ChatGPT without valid legal basis and failing to implement adequate age verification.
Russian SVR compromised 18,000 organizations via SolarWinds Orion supply chain attack. SEC fined Unisys, Avaya, Check Point, and Mimecast for misleading.
Irish DPC fined LinkedIn EUR 310M for processing hundreds of millions of EEA members' data for behavioral advertising without valid consent under GDPR.
Qatar Financial Centre issued its first-ever data protection fine, penalizing an unnamed financial services firm $150,000 for security and notification.
Dutch DPA fined Uber EUR 290M for two years of illegal EU-to-US driver data transfers without Standard Contractual Clauses after the Schrems II ruling.
CNIL fined Orange SA EUR 50M for ignoring 4.5 million subscribers' marketing opt-out requests, continuing promotional emails for months after users.
Aggregate analysis of SDAIA's first 48 enforcement decisions under the Saudi PDPL, examining regulatory patterns, priorities, and compliance expectations.
Estonia's data protection authority fined Apotheka EUR 3M after a cyberattack exposed 750,000+ patient prescription records from the pharmacy chain's systems.
Irish DPC fined TikTok EUR 345M after public-by-default settings for children's accounts exposed minors' personal data to strangers.
Analysis of Jordan's Cybercrime Law No. 17/2023, which replaced the 2015 framework with expanded prosecutorial powers and broader offense definitions but.
Irish DPC imposed the largest single GDPR fine ever, EUR 1.2B, for Meta's systematic transfer of EU Facebook user data to US servers after the Schrems II.
CNIL fined Google EUR 325M for deploying dark patterns that made refusing cookies harder than accepting them, affecting consent across millions of French users.
Clearview AI scraped 30 billion+ facial images from social media without consent to build a biometric database. Multiple EU authorities imposed fines.
ICO fined British Airways GBP 20M after a Magecart skimming attack stole payment card details and personal data from 429,612 customers over a 75-day window.
Cambridge Analytica harvested 87M Facebook users' data for political profiling, violating a prior FTC consent decree. The $5B fine was the largest ever.
A former AWS engineer exploited a misconfigured WAF via SSRF to steal 106M credit card applications spanning 14 years, including 140K SSNs.
An unpatched Apache Struts vulnerability led to 76 days of undetected data theft affecting 147M Americans. Equifax settled for up to $700M with the FTC.
INTERPOL's largest coordinated cyber takedown of 2026 dismantled 45,000+ malicious IPs, arrested 94 suspects, and seized 212 devices across 72 countries.