IT Security & Privacy

Norwegian Privacy Regulator Fines Elkjøp €1.7 Million Over Customer Club Data Practices

Norway's data protection authority has imposed a €1.7 million (NOK 20 million) administrative fine on Elkjøp after finding multiple violations of the General Data Protection Regulation (GDPR) related to the retailer's customer club, a program used by millions of consumers across the Nordic region.

ServiceNow Patches Software Bug That Exposed Customer Data to the Internet

A software flaw in ServiceNow's cloud platform allowed unauthorized access to customer data stored in certain enterprise environments, prompting the company to issue a patch and notify affected customers after security researchers uncovered the vulnerability. The issue involved a bug that enabled unauthenticated users to access data in some customer instances without providing credentials. According to a ServiceNow article shared publicly by users after being placed behind a customer login wall, the company deployed fixes on June 5 to address a flaw that allowed users to gain greater access to ServiceNow-hosted data than intended.

South Korea Tells Banks to Prepare for AI-Powered Fraud & Cyberattacks

South Korea's financial regulator is asking some of the country's largest financial institutions to prepare for a future in which artificial intelligence is no longer simply a productivity tool but a weapon. At a meeting in Seoul, Financial Services Commission Chairman Lee Eog-weon met with the chief executives of five major financial holding companies to discuss a problem confronting regulators around the world. The same technologies banks hope will make operations faster and more efficient are also making scams more convincing, cyberattacks more sophisticated, and fraud harder to detect.

Korean Privacy Regulator Investigates TVING After Database Breach Exposes User Information

South Korea’s privacy regulator has opened an investigation into streaming platform TVING after the company disclosed a data breach involving unauthorized access to a database containing user personal information.

Oxford Investigates CareerConnect Breach After User Information Exposed

Oxford University recently disclosed that CareerConnect's third-party provider, GTI, informed Oxford on May 28 that an unauthorized party had gained access to the platform. According to the notice, the attacker was able to obtain users' first names, last names, and email addresses. For users who do not access the platform through Single Sign-On, encrypted passwords were also exposed.

Dutch Privacy Complaints Jump 75% as Citizens Press Organizations to Honor Data Rights

According to the Dutch Data Protection Authority (AP), more than 13,500 complaints and tips regarding possible privacy violations were submitted in 2025, a 75 percent increase from the previous year. The figures were published Monday in the regulator's 2025 Complaints Report.

AMF Warns AI Is Reshaping Cyber Risk as It Intensifies Oversight of Financial Firms

Artificial intelligence is rapidly changing the cybersecurity equation for financial institutions, and France’s securities regulator wants firms to move faster in adapting their defenses. The French regulator, the Autorité des marchés financiers (AMF), said Thursday that strengthening cyber resilience remains a strategic priority as advances in artificial intelligence create new opportunities for both defenders and attackers.