IT Security & Privacy

A federal judge has given the green light to a proposed $177 million settlement in a consolidated class action lawsuit against AT&T, stemming from two massive data breaches that exposed the personal information of tens of millions of customers. The preliminary approval, issued by Judge Ada Brown of the U.S. District Court for the Northern District of Texas, clears the way for a final settlement hearing set for December 3, 2025.

When the General Data Protection Regulation (GDPR) first came into force, companies braced for a regulatory storm, such as sweeping data rules, compliance headaches, and steep fines. What many didn’t expect? A surprising upside of fewer cyberattacks, better security, and billions saved.

The UK’s data protection regime has just undergone its biggest recalibration since Brexit. On June 19, 2025, the Data (Use and Access) Act (DUAA) received Royal Assent, introducing a suite of reforms aimed at modernizing how organizations collect, use, and share personal information. But unlike GDPR’s transformative shake-up in 2018, this legislation is more evolutionary than revolutionary, nudging UK data protection in a direction that’s lighter on red tape, but still recognizably rights-driven.

Somewhere, buried in an unsecured cloud server, were 16 billion reasons to worry about your organization’s security posture. They weren’t ransomware payloads or zero-days. They were passwords. And not just a few stray credentials, 16 billion of them.

Ireland’s Data Protection Commission (DPC) published its 2024 Annual Report this week, offering a wide-ranging account of enforcement activity, regulatory developments, and public sentiment around data protection in a year marked by growing scrutiny of artificial intelligence and increasing cross-border responsibilities.

In the wake of a 2023 data breach that exposed the sensitive personal data of over 155,000 UK residents, genetic testing company 23andMe has been fined £2.31 million by the UK Information Commissioner’s Office (ICO) for failing to implement adequate security measures to protect user information.

The Norwegian Data Protection Authority’s (DPA) has uncovered troubling breaches of personal data laws across six websites. These sites, all of which shared personal data without proper consent, are now facing the consequences of their actions. The DPA’s findings reveal that in some cases, sensitive personal information, including that of vulnerable children, was sent to third parties without users’ knowledge, a clear violation of GDPR.