Fine
UK fines water supplier $1.3M for exposing data of 664k customers
The Information Commissioner’s Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 million) over a cyberattack that exposed the personal data of 663,887 customers and employees. The company supplies 330 million liters of drinking water to 1.6 million consumers daily and, in 2022, disclosed that it was the target […]
GM agrees to $12.75M California settlement over sale of drivers’ data
California Attorney General Rob Bonta announced a $12.75 million settlement agreement with General Motors (GM) over allegations that the company violated the California Consumer Privacy Act (CCPA). The violations arise from allegations that the car maker illegally collected and sold Californians’ driving and location data to data brokers Verisk Analytics and LexisNexis Risk Solutions, between 2020 and […]
UK fines Reddit $19 million for using children’s data unlawfully
The UK Information Commissioner’s Office (ICO) has fined Reddit £14.47 million (over $19.5 million) for collecting and using the personal information of children under 13 without adequate safeguards. As the ICO explained in a Tuesday press release, Reddit failed to implement a meaningful age-verification system on its platform until July 2025, even though its own […]
Louis Vuitton, Dior, and Tiffany fined $25 million over data breaches
South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany $25 million for failing to implement adequate security measures, which facilitated unauthorized access and the exposure of data belonging to more than 5.5 million customers. All three brands are part of the Louis Vuitton Moët Hennessy (LVMH) group and suffered data […]
France fines Free Mobile €42 million over 2024 data breach incident
The French data protection authority (CNIL) has imposed cumulative fines of €42 million on Free Mobile and its parent company, Free, for inadequate protection of customer data against cyber threats. The company is the second-largest internet service provider in France and suffered a data breach in October 2024, exposing information of nearly 23 million mobile and […]
California bans data broker reselling health data of millions
The California Privacy Protection Agency (CalPrivacy) has taken action against the Datamasters marketing firm that sold the health and personal data of millions of users without being registered as a data broker. As per the California Delete Act, businesses buying and selling information about consumers are required to register their data brokerage activity by January 31st […]
Italy fines Apple $116 million over App Store privacy policy issues
Italy’s competition authority (AGCM) has fined Apple €98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. ATT requires developers to request consent to collect their data for targeted advertising before tracking them across websites, apps, and services owned by other companies. Apple […]
UK fines LastPass over 2022 data breach impacting 1.6 million users
The UK Information Commissioner’s Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach. According to the ICO, the incident stemmed from two interconnected breaches […]
EU fines X $140 million over deceptive blue checkmarks
The European Commission has fined X €120 million ($140 million) for violating transparency obligations under the Digital Services Act (DSA). This is the first non-compliance ruling under the DSA, a set of rules adopted in 2022 that requires platforms to remove harmful content and protect users across the European Union. The fine was issued following a two-year […]
Comcast to pay $1.5M fine for vendor breach affecting 270K customers
Comcast will pay a $1.5 million fine to settle a Federal Communications Commission investigation into a February 2024 vendor data breach that exposed the personal information of nearly 275,000 customers. The breach occurred in February 2024, when attackers hacked into the systems of Financial Business and Consumer Solutions (FBCS), a debt collector Comcast had stopped using two […]