United Kingdom
Multiple London Borough Councils under Cyberattacks
- Several London local authorities have recently become the victims of cyber-attacks. This incident highlights the growing vulnerability of public services to digital threats.
- The Kensington and Chelsea and Westminster City Council confirmed they are jointly managing a cyber incident that has disrupted shared IT systems, including critical phone lines.
- A linked “serious cyber security incident” has also affected Hammersmith & Fulham Council.
- All are collaborating closely with specialist firms and the National Cyber Security Centre (NCSC) to manage the crisis and restore functionality.
Jersey Proposes Enhanced Cyber Resilience Legislation
- New draft laws in Jersey have been proposed to give islanders better protection from cyber-attacks.
- The new laws would bring the island into line with best practice in other jurisdictions.
- Ministers said they particularly wanted to protect essential services, such as transport, food supplies and health care – as well as the government.
United States
Indiana Enacts Comprehensive Consumer Data Protection Law
- Indiana’s new consumer data privacy law will come in to force in January 2026.
- The law will give residents expanded control over their personal information and place new requirements on businesses that collect and process large amounts of data.
- It also requires businesses to limit collection to what is necessary, strengthen security practices and evaluate potential risks through impact assessments.
Major Banking Sector Vendor Discloses Breach
- SitusAMC, which major banks use to manage their real-estate loans and mortgages, announced that hackers broke into its systems.
- Hackers stole data that included banks’ “accounting records and legal agreements,” as well as information belonging to some of those banks’ customers.
- This cyber-attack highlights the serious supply-chain risks facing even well-defended critical infrastructure sectors.
Logitech Confirms Data Breach After Cl0p Takes Responsibility
- Hardware and software solutions company Logitech has disclosed a data breach that exposed employee, customer, and supplier information.
- Logitech launched an investigation, assisted by experienced third-party cyber forensics experts, to determine the scope of the incident and the nature of the stolen information.
- The nature of the stolen data remains undetermined, but it likely did not include sensitive personal details such as SSNs and driver’s licenses, or credit cards, as they were stored on a different server.
- The Cl0p ransomware group has claimed responsibility for the Logitech data breach by listing the hardware company on a dark web data leak site.
Europe
EU Greenlights Controversial Chat-Scanning Law
- EU countries reached a breakthrough agreement on the Child Sexual Abuse Regulation (CSAR), after years of stalled talks and intense opposition.
- The agreement was reached by removing the most controversial provision: the power for authorities to issue mandatory detection orders that would compel messaging apps to scan all users’ private communications.
- Platforms will now decide to conduct voluntary scanning for Child Sexual Abuse Material (CSAM) as a risk mitigation measure.
- Privacy advocates still warn that this regulation will effectively force platforms, including those with end-to-end encryption, to implement mass surveillance tools.
Spanish court orders Meta to pay $550 million to digital media companies
- A Spanish court has ordered Meta to pay €479 million to Spanish digital media outlets for unfair competition practices and infringing European Union data protection regulation.
- The breach was linked to Meta’s use of personal data for behavioural advertising on Facebook and Instagram.
- Meta said it disagreed with the ruling and would lodge an appeal; a spokesperson from Meta said: “This is a baseless claim that lacks any evidence of alleged harm and wilfully ignores how the online advertising industry works”.
International
French CNIL Fines Vanity Fair Publisher for Non-Compliant Cookie Consent Mechanisms
- France’s data protection authority fines Vanity Fair publisher €750,000 for persistent cookie consent violations.
- CNIL discovered that when visitors clicked the button to reject cookies, the website continued placing tracking technologies on their devices and reading existing cookies without consent.
- The fine amount takes into account that Condé Nast had already been issued a formal notice in 2021 but failed to correct its practices.
- CNIL fine represents another in a series of NOYB-related enforcement actions, with the French authority previously fining Criteo €40 million in 2023 and Google €325 million earlier in 2025.
For the latest updates on London Councils cyberattacks, global data breaches, and new privacy and cybersecurity regulations, visit our Data Protection News hub.
