Aflac’s disclosure around its Japan subsidiary is a reminder that identity data and bank details can turn a localized intrusion into a broader fraud risk, even when the entry point is still unclear.
Extortion without encryption pushes defenders to measure confidentiality loss, not just downtime, and can split one cyber event into parallel NIS2 and privacy obligations.
A regulator’s finding against Optus highlights how a broken publication-control workflow can turn a routine listing preference into a privacy event with real-world exposure.
Italian airline ITA faces a hefty penalty after the privacy watchdog exposes fundamental GDPR failings at the very top.
A silent server-side slip let strangers peek into private Instagram posts-raising tough questions about Meta’s security culture.
How a careless response to criticism online exposed personal data and triggered GDPR enforcement.