data privacy
-
TransUnion breach affects 4.46 million; third-party app exposed personal data, not credit records
TransUnion disclosed a cyber incident affecting about 4.46 million individuals via a third-party application used by its US consumer-support operations. The breach did not touch core credit data, but exposed limited personal information, with victims offered two years of credit monitoring and fraud assistance.
-
SSA whistleblower alleges DOGE duplicated NUMIDENT in unauthorized cloud, risking Americans’ data
A government whistleblower alleges that DOGE, a non-official federal client, copied the NUMIDENT database into an unauthorized cloud environment, risking all Americans’ Social Security data, with additional claims of improper access and potential privacy violations.
-
Nearly 1 Million Health Records Exposed in Ohio Medical Alliance Data Breach
Cybersecurity researchers say two unprotected databases linked to Ohio Medical Alliance exposed 957,434 patient records, including SSNs and driver’s-license images, in a breach that required immediate remediation and raises privacy and identity-theft concerns in the medical marijuana sector.
-
Orange Belgium reports data breach affecting about 850,000 customers
Orange Belgium says attackers accessed data from about 850,000 customer accounts in a July breach, exposing names, phone numbers, and related account details, while passwords and financial information were not accessed; customers are being notified by email or SMS and advised to watch for impersonation attempts.
-
NIST proposes AI security overlays built on SP 800-53, invites public feedback
NIST published a concept paper proposing a framework of AI security overlays built on SP 800-53 and opened a public call for input, detailing use cases like generative, predictive, and agentic AI while inviting feedback through COSAIS channels.
-
Italy hotel data breach: AGID confirms theft claims affecting up to 10 establishments, investigation opened
Italy’s digital agency AGID says claims by a cybercriminal about data thefts targeting hotel booking systems are credible, with ten hotels affected and thousands of guest identity documents potentially stolen. The case prompted a formal investigation by the national data protection authority, which also warned of scams targeting victims.
-
Russia Restricts Voice Calls on WhatsApp, Telegram as Moscow Pushes National Messaging App Max
Russia’s Roskomnadzor has begun restricting voice calls on WhatsApp and Telegram, saying the apps fuel crime and violence, as Moscow presses ahead with a domestic messaging app called Max. WhatsApp and Telegram push back on encryption and moderation efforts, while lawmakers and media reports highlight a broader battle over secure communication and surveillance.
-
Research Uncovers Privacy Concerns in Apple’s Siri Data Handling
New research reveals that Apple’s Siri may send sensitive user data to company servers beyond its stated privacy policies, raising concerns about the integrity of user privacy and end-to-end encryption.
-
Vulnerability in macOS Spotlight Exposes User Data
A vulnerability in macOS, known as CVE-2025-31199, has been revealed, allowing attackers to exploit Spotlight plugins to access protected user data, including sensitive files cached by Apple Intelligence. Apple has issued a patch to address the flaw.
-
Allianz Life Reports Data Breach Affecting Majority of Customers
Allianz Life confirms a data breach that has compromised the personal information of the majority of 1.4 million customers, linked to the ShinyHunters extortion group.
