IT Security & Privacy

‍Vodafone is facing a €45 million penalty after the Federal Commissioner for Data Protection and Freedom of Information (BfDI), led by Prof. Dr. Louisa Specht-Riemenschneider, uncovered several significant data protection shortcomings. These issues, ranging from security flaws in its online systems to fraud committed by partner agencies, have put the telecom giant under scrutiny. Here's a deeper dive into the details, the actions taken, and what this means for the company going forward.

Luxury fashion brand Cartier has confirmed a data breach after hackers gained unauthorized access to its systems, exposing a limited amount of customer information. The company issued a notification to affected customers, revealing that personal data, including names, email addresses, and countries of residence, had been compromised. However, Cartier assured that no more sensitive information, such as passwords or payment details, was exposed in the attack.

North Face has recently informed its customers of a breach that exposed personal information after a credential stuffing attack targeted their website, thenorthface.com. This marks the fourth time the company has faced such an attack, and while no payment card details were affected, this incident serves as another reminder of the risks we face in today’s interconnected world.

The Danish Data Protection Agency (DPA) has introduced two new IT security measures to its catalogue, aiming to prevent security breaches linked to hacking. The changes are in response to the growing number of incidents caused by malicious activities, particularly involving IoT (Internet of Things) devices. Walther Starup-Jensen, an IT security consultant at the DPA, emphasized that while these measures may not be revolutionary, they are crucial in addressing the vulnerabilities that lead to many avoidable breaches.

Recently, the French Data Protection Authority (CNIL) handed down a €900,000 fine to Solocal Marketing Services, accusing the company of mishandling personal data for commercial prospecting campaigns. The fine stems from Solocal's failure to secure proper consent from individuals and its unauthorized sharing of this data with third parties.

GoDaddy has finalized a settlement with the Federal Trade Commission (FTC) after the company faced allegations of failing to properly secure its customers’ websites and sensitive data. The FTC's investigation, which began in January 2025, highlighted that despite GoDaddy's claims of offering “award-winning security,” the company neglected basic data protection practices that left its users vulnerable to cyber threats.

The Personal Information Protection Commission (PIPC) has delivered a blow to Temu, the popular online marketplace platform, by sanctioning the company for serious violations related to cross-border data transfers and other mishandling of personal data. This action, taken after a thorough investigation, comes with financial penalties and several corrective orders aimed at restoring compliance with South Korea’s Personal Information Protection Act (PIPA).