United Kingdom
Retailers warned by ICO not to publicly display photos of suspected shoplifters
- UK’s data watchdog has said shopkeepers must not put up photos of suspected shoplifters in stores as is could impinge on their rights under GDPR.
- ICO says retailers “must only share personal information that’s proportionate and necessary to achieve your purpose.”
- ICO suggests shopkeepers should share suspect details with the police, or give information about the incident to a manager.
- Retailers will need to consider the relevant privacy implications, such as having a legal reason and appropriate security measures.
Facial Recognition Van Rollout Sparks Privacy Concerns
- Home Office announced that more live facial recognition (LFR) vans will be implemented across seven police forces in England to locate suspects for crimes including sexual offences, violent assaults and homicide.
- The technology identifies people by taking measurements of facial features and then comparing the data to an existing watchlist.
- Campaign group Big Brother Watch said the “significant expansion of the surveillance state” was “alarming”.
- To the concerns raised the ICO responded by stating that FRT does not operate in a legal vacuum, as it is covered by data protection law, which requires any use of personal data, to be lawful, fair and proportionate.
United States
Sensitive Data of 172,000 US Credit Union Customers Stolen in Cyberattack
- Financial cooperative Connex Credit Union has revealed it suffered a cyberattack in which it lost sensitive data on around 172,000 customers.
- Connex did not begin notifying affected individuals around August 7 (even though the incident occurred in June) which may have violated state and federal laws.
- The stolen data may include names, account numbers, debit card details, Social Security numbers, government-issued IDs used to open accounts.
- The credit union is reportedly collaborating with law enforcement and cybersecurity experts to investigate how the attackers gained access and has initiated measures to enhance the security of its systems and prevent future breaches.
US court says Trump’s Doge team can access social security numbers and other sensitive data
- Virginia court refused to block Doge’s access to the agencies’ computer systems and data such as social security numbers and individuals’ citizenship status.
- This decision reverses a temporary injunction issued by a federal judge in Maryland, which had been paused by the appeals court in April.
- This sets a potential precedent that could make it harder for unions, advocacy groups and individuals to challenge similar policies in the future, narrowing judicial oversight when efficiency initiatives intersect with privacy concerns.
- The court’s decision does not end the litigation; the case will return to the district court for further proceedings on the plaintiffs’ underlying claims.
Columbia University Cyberattack Affects 870,000, Including Students and Staff
- Columbia confirms massive cyber-incident affecting almost 870000 students, employees, and other individuals.
- The data affected could include names, date of birth, and Social Security numbers, financial information as well as any personal information that provided in connection with application to the university or that was collected during studies.
- No patient data from the Columbia University Irving Medical Center seems to have been compromised, according to the notices.
- In response to the breach, Columbia University is taking steps to enhance its system security to prevent future occurrences.
Europe
Hackers Steal Data of Nearly 500,000 from Cervical Cancer Screening Program
- Hackers stole data from more than 485,000 participants in a cervical cancer screening program after gaining access to IT systems at Clinical Diagnostics.
- Centre for Population Screening has temporarily suspended services from Clinical Diagnostics and an independent investigation has been launched into how this could have happened and how such incidents can be prevented in the future.
- RTL Nieuws, Dutch news outlet, claims that the attackers, a group of cybercriminals known as Nova, have stolen over 300 gigabytes of data, of which 100 megabytes have been published on the dark web.
Air France-KLM Hit by Data Security Incident After Third-Party System Hacked
- Hackers have gained access to the personal data of potentially hundreds of KLM and Air France customers following a supply chain attack.
- While the attackers gained access to customer data, such as names, email addresses, phone numbers, and rewards program information, customers’ financial and personal information was not affected.
- Allegedly, this incident is part of a wave of data breaches linked to the ShinyHunters extortion group, which targets Salesforce instances in vishing and social engineering attacks.
- The Air France–KLM incident also comes on the heels of other aviation breaches linked to the Scattered Spider hacker collective.
International
Children’s Health Ireland Under Investigation by DPC Over Data Security
- The Data Protection Commission (DPC) has today announced the opening of an inquiry into the Children’s Health Ireland (CHI) facility at Tallaght University Hospital.
- The inquiry relates to the physical safety and security of children’s health records within the facility.
- It will examine CHI’s compliance with their GDPR obligations, in particular relating to the security of personal data and the processes that CHI have in place for managing physical records at CHI.
- DPC said it became aware that there were potential issues at this site from a number of different sources of information.
