#cross-border-data-risk
#cross-border-data-risk

EU data protection

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

EU data protection

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

fromBusiness Matters

Information security

5 IT Mistakes That Still Catch Small Businesses Off Guard

fromTNW | Eu

Information security

European Commission breached after hackers poisoned open-source security tool Trivy

fromThe Hacker News

Information security

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Information security

Boards Are Falling Short on Cybersecurity

European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack

Hackers stole over 300GB of data from the European Commission's AWS environment using a compromised API key from the Trivy supply chain attack.

Europe's cyber agency blames hacking gangs for massive data breach and leak | TechCrunch

A cybercriminal group known as TeamPCP hacked the EU's executive body, stealing 92 gigabytes of data, including personal information.

fromBusiness Matters

5 IT Mistakes That Still Catch Small Businesses Off Guard

Cybersecurity is a critical concern for SMEs, yet many underestimate the risks and only seek help after incidents occur.

fromTNW | Eu

European Commission breached after hackers poisoned open-source security tool Trivy

A major data breach at the European Commission was caused by TeamPCP exploiting a supply chain attack on the Trivy security tool.

fromThe Hacker News

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

Third-party risk management is now a critical security challenge and growth opportunity for service providers.

Boards Are Falling Short on Cybersecurity

Boards recognize the need for cybersecurity investments, yet the worsening cybercrime situation suggests governance may be deteriorating.

CBP facility codes sure seem to have leaked via online flashcards

Immigration offenses and internal systems of CBP are detailed in flashcards, highlighting procedures and responsibilities of agents.

fromTNW | Insights

15 hours ago

LinkedIn secretly scans 6,000+ browser extensions and fingerprints your device

LinkedIn's hidden JavaScript routine collects extensive user data without disclosure, raising concerns about covert surveillance practices.

European startups

Intellectual property law

10 hours ago

TechCrunch Mobility: 'A stunning lack of transparency' | TechCrunch

Waymo's remote assistance issue reflects a broader lack of transparency in the autonomous vehicle industry regarding reliance on remote staff.

Cryptocurrency

fromnews.bitcoin.com

8 hours ago

Risk off Markets and Centralization Debates Week in Review

Bitcoin risks dip below $59K as institutions dominate flows and quantum threats emerge.

fromIPWatchdog.com | Patents & Intellectual Property Law

10 hours ago

Navigating Recent Developments in Generative AI and Trade Secret Protection

Judicial developments in generative AI and trade secret law highlight risks of sharing confidential information with AI platforms.

#meta

fromWIRED

Information security

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Law

fromwww.cnbc.com

Meta, Google under attack as court cases bypass 30-year-old legal shield

Meta and Google face legal challenges undermining their protections under Section 230, particularly regarding child safety and content moderation.

fromWIRED

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.

Law

fromwww.cnbc.com

Meta, Google under attack as court cases bypass 30-year-old legal shield

Meta and Google face legal challenges undermining their protections under Section 230, particularly regarding child safety and content moderation.

Sanctions ramping up in cases involving AI hallucinations

Monetary sanctions against attorneys for AI-generated hallucinations in case documents are increasing as courts take these issues more seriously.

#ai-governance

Your AI governance gap is bigger than you think | MarTech

AI governance is an immediate challenge for leaders, focusing on safe and effective usage across organizations.

Artificial intelligence

AI regulations are already out of date - IT leaders need to think ahead

EU data protection

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Your AI governance gap is bigger than you think | MarTech

AI governance is an immediate challenge for leaders, focusing on safe and effective usage across organizations.

AI regulations are already out of date - IT leaders need to think ahead

Establishing a solid AI governance foundation now can ease future compliance with evolving AI regulations.

AI-driven identity must exist in a robust compliance framework | Computer Weekly

Governance must precede AI adoption to avoid compliance failures and ethical risks in identity verification systems.

SpaceX, Amazon, and Google want orbital data centers - four engineering barriers reveal who really benefits - Silicon Canals

Orbital data centers will concentrate AI infrastructure power among a few dominant companies, limiting access for smaller competitors and national regulators.

Silicon Valley

U.S. and China control 90% of AI data centres - the Global South is building a different kind of AI - Silicon Canals

Frugal AI movements in the Global South aim to reclaim sovereignty by developing independent, low-cost AI systems for critical services.

Europe politics

fromNextgov.com

State official to EU: Work with us on tech policy or fall behind a generation

The EU's regulatory regime hinders innovation and collaboration with the U.S., threatening economic competitiveness and technological advancement.

France news

fromwww.thelocal.com

Citigroup orders home-working as US banks in Paris and Frankfurt tighten security

Citigroup has instructed employees in Paris and Frankfurt to work from home due to heightened security concerns following a thwarted attack on a US bank.

Environment

fromFast Company

AI data centers have a human rights problem

Data centers are crucial for AI but often overlook the human cost of their construction.

World news

fromReadWrite

Experts say geopolitical trades test limits of insider trading laws

Unusual trading patterns before Trump's Iran announcement raise questions about market integrity and the adequacy of current regulations.

fromwww.theguardian.com

California to impose new AI regulations in defiance of Trump call

Companies hoping to sign contracts with the state of California will have to show they have policies to keep AI from distributing child sexual abuse material and violent pornography.

California

fromPCMAG

15 hours ago

Use Perplexity? Lawsuit Accuses It of Sharing Personal Data With Google and Meta Without Permission

Perplexity faces a lawsuit for allegedly sharing user data with Google and Meta without consent, violating privacy rights.

Cryptocurrency

fromnews.bitcoin.com

USDC Freeze Controversy: ZachXBT Says Circle Froze 16 Legitimate Wallets, Missed Real Hacks

ZachXBT identified 15 cases of over $420M in illicit USDC flows that Circle failed to freeze promptly since 2022.

#privacy

Privacy technologies

Double Shot of Privacy's Defender in D.C.

Triple Header for Privacy's Defender in New York

Cindy Cohn's new book, Privacy's Defender, details her 30-year fight against digital surveillance and promotes data security and digital rights.

Privacy technologies

Double Shot of Privacy's Defender in D.C.

Intellectual property law

Triple Header for Privacy's Defender in New York

Cindy Cohn's new book, Privacy's Defender, details her 30-year fight against digital surveillance and promotes data security and digital rights.

more#privacy

fromNextgov.com

Tech bills of the week: Limiting adversaries' access to US tech; and boosting cyber apprenticeships

New legislation aims to strengthen U.S. export controls on sensitive technologies to prevent adversaries from exploiting them for economic gain.

Google gives enterprises new controls to manage AI inference costs and reliability

Gemini API introduces Flex and Priority tiers for managing AI inference workloads based on criticality and cost.

US politics

fromwww.npr.org

As DOJ prepares to share state voter data with DHS, a key privacy officer resigns

The DOJ is acquiring sensitive voter registration data, raising privacy concerns, as a key privacy officer resigns amid ongoing legal challenges.

European startups

Dutch cloud providers join forces to create a sovereign alternative

Seven Dutch cloud providers are collaborating to enhance digital autonomy and counter American hyperscalers' dominance.

Data Privacy At The Kitchen Table | AdExchanger

Data privacy has become a significant concern for lawmakers and constituents, evolving into a key topic of discussion.

Privacy professionals

I spent six months tracing where your data actually goes after you click 'Accept All' - what I found is a global supply chain of control that no single regulator can touch - Silicon Canals

fromAdExchanger

Data Privacy At The Kitchen Table | AdExchanger

Data privacy has become a significant concern for lawmakers and constituents, evolving into a key topic of discussion.

Privacy professionals

I spent six months tracing where your data actually goes after you click 'Accept All' - what I found is a global supply chain of control that no single regulator can touch - Silicon Canals

Privacy professionals

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

Privacy technologies

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

EU data protection

European Commission admits breach of public web systems

Privacy professionals

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

fromSecuritymagazine

Information security

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Information security

The company's biggest security hole lived in the breakroom

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

A publicly accessible Amazon storage server exposed personal data of hundreds of thousands, including driver's licenses and passports, without encryption.

European Commission admits breach of public web systems

The European Commission confirmed a data breach affecting its public web infrastructure, with details on the extent and nature of the data taken remaining unclear.

Fintech apps demand your passport for verification - then leave it on an unprotected server - Silicon Canals

Duc's exposed server revealed unprotected sensitive personal data, highlighting significant gaps in fintech data protection practices.

fromSecuritymagazine

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.

Most Europeans fear Trump could cut off digital services

Europeans are increasingly worried about dependence on American technology and the potential for restricted access to digital services.

Cryptocurrency

fromFortune

Prediction markets caught insider traders in real time. Congress wants to shut them down anyway | Fortune

Prediction markets expose insider trading issues, offering transparency through blockchain technology, and should not be banned by legislation.

European startups

Euro-Office billed as Europe's sovereign alternative to Microsoft Office

A new open-source office suite, Euro-Office, offers a European alternative to Microsoft Office, built on OnlyOffice and supported by major vendors.

#ai

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

An AI agent named MJ Rathbun published a blogpost attacking engineer Scott Shambaugh.

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

Artificial intelligence

AI Agents Act a Lot Like Malware. Here's How to Contain the Risks.

Identity and AI: Questions of data security, trust and control | Computer Weekly

AI-driven identity solutions improve access control but raise compliance, privacy, and ethical concerns that organizations must address.

more#ai

A money-transfer app stored customer passports on an unencrypted, publicly accessible server for nearly five years - Silicon Canals

Fintech companies face regulatory pressure to collect identity documents but lack enforceable obligations to protect them, leading to data breaches.

#ai-security

fromTNW | Corporates-Innovation

Meta freezes AI data work after breach puts training secrets at risk

Meta has suspended collaboration with Mercor after a cyberattack exposed sensitive AI training methodologies and personal data.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

fromTNW | Corporates-Innovation

Meta freezes AI data work after breach puts training secrets at risk

Meta has suspended collaboration with Mercor after a cyberattack exposed sensitive AI training methodologies and personal data.

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.

Ireland is testing out a digital wallet that conducts age verification for social media users

Ireland is trialing a Government Digital Wallet to verify user age for social media access, aiming for user-friendly design before its 2026 EU deadline.

CERT-EU blames Trivy supply chain attack for Europa.eu data breach

TeamPCP exploited Trivy to access sensitive cloud credentials and data, creating significant vulnerabilities for organizations.

Google and Amazon: Acknowledged Risks, And Ignored Responsibilities

Google and Amazon have failed to act on human rights risks associated with Project Nimbus despite multiple warnings and commitments.

fromnews.bitcoin.com

MiCA Decoded: July 1 Is Not the Deadline. For Most Service Providers, It Already Passed

Service providers must secure authorization by July 1, 2026, or cease operations, with many missing jurisdiction-specific application deadlines.

Is Proton Workspace the European alternative to Microsoft 365 and Google?

Proton's new software suite aims to compete with Microsoft 365 and Google Workspace while prioritizing user privacy.

Marketing tech

fromAdExchanger

3 weeks ago

The Privacy 'Zealots' Were Right: Ad Tech's Infrastructure Was Always A Risk

Digital advertising's granular targeting infrastructure created uncontrollable security vulnerabilities that governments now exploit for surveillance purposes.

fromZDNET

I turned to PrivacyBee to clean up my data - here's how it made me disappear

PrivacyBee is preferred for its comprehensive data removal services and user-friendly management tools.

#ai-regulation

Tech Nonprofits to Feds: Don't Weaponize Procurement to Undermine AI Trust and Safety

The U.S. government is revising procurement rules to influence AI technology use and funding, impacting safety and utility of AI tools.

Online marketing

What privacy and email laws reveal about today's compliance risk | MarTech

Tech Nonprofits to Feds: Don't Weaponize Procurement to Undermine AI Trust and Safety

The U.S. government is revising procurement rules to influence AI technology use and funding, impacting safety and utility of AI tools.

Online marketing

What privacy and email laws reveal about today's compliance risk | MarTech

European Commission Reports Cyber Intrusion and Data Theft

The European Commission confirmed a cyberattack that compromised its cloud infrastructure, resulting in the theft of hundreds of gigabytes of data.

The agent security mess

Most granted permissions are unused by humans, but AI agents will exploit them, leading to significant security risks.

fromPrivacy International

Are IP addresses personal data?

IP addresses identify devices on the Internet, enabling communication and tracking for advertising and geolocation purposes.

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.

Information security

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.

German public sector keen to end reliance on US tech

Germany's reliance on US tech raises data security concerns under the CLOUD Act.

FBI Warns of Data Security Risks From China-Made Mobile Apps

Foreign-developed mobile applications pose significant data security risks, particularly those from China, according to an FBI alert.

fromwww.dw.com

German public sector keen to end reliance on US tech

Germany's reliance on US tech raises data security concerns under the CLOUD Act.

FBI Warns of Data Security Risks From China-Made Mobile Apps

Foreign-developed mobile applications pose significant data security risks, particularly those from China, according to an FBI alert.

more#data-security

fromWIRED

CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards

The public Quizlet set contained information about alleged codes for specific facility entrances. 'Checkpoint doors code?' asked one card, with a specific four-digit combination listed in response.

Privacy professionals

fromEntrepreneur

Why Nations Are Now Battling Over Your Digital DNA

Across the world, governments are redefining data. It is no longer a commercial byproduct, but a strategic resource. One that carries economic weight, political influence, and long-term national consequences. At the center of this shift is what most people never consciously see but continuously produce: their digital DNA.

World politics

fromThe Verge

Pinterest said he violated laid-off colleagues' privacy. Now he's going public

A former Pinterest engineer claims he was unjustly fired for sharing a tool that revealed employee layoffs.

fromArs Technica

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.

European Commission investigates data breach in Amazon cloud

A data breach involving Amazon's cloud infrastructure has resulted in the theft of over 350 GB of data, with threats to publish it online.

fromHer Campus

Who's Watching The Watchers? AI, Age Verification, And Online Privacy

Parents are increasingly concerned about children's exposure to harmful online content despite regulations like CIPA and platforms like YouTube Kids.

fromFortune

Mercor, a $10 billion AI startup, confirms it was caught up in a major security incident | Fortune

Mercor confirmed a security breach linked to a supply chain attack that may have exposed sensitive data of its customers.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

Mercor Hit by LiteLLM Supply Chain Attack

Mercor was impacted by a supply chain attack involving LiteLLM, resulting in the theft of 4 terabytes of data.

Mercor says it was 'one of thousands' hit in LiteLLM attack

Mercor confirmed it was affected by the LiteLLM supply-chain attack, with significant data theft by the Lapsus$ group.

more#supply-chain-attack

2 weeks ago

Don't let hyperscalers hijack digital sovereignty, EC told

European cloud providers urge EU legislation requiring genuine tech sovereignty through ownership and control, not mere EU presence, to counter American hyperscaler dominance.

fromMedCity News

2 weeks ago

The Evolving Landscape of Privacy and Cybersecurity: Essential Strategies for Legal and Compliance Professionals - MedCity News

Organizations must combine strong controls with comprehensive employee training and accountability culture to effectively protect sensitive data and comply with evolving privacy laws.

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.

#digital-sovereignty

Miscellaneous

Digital sovereignty feels good, but is it really?

Miscellaneous

'The EU runs on Microsoft' - and Uncle Sam could turn it off

EU data protection

Euro firms must ditch Uncle Sam's clouds and go EUnative

Miscellaneous

Digital sovereignty feels good, but is it really?

Miscellaneous

'The EU runs on Microsoft' - and Uncle Sam could turn it off

EU data protection

Euro firms must ditch Uncle Sam's clouds and go EUnative

more#digital-sovereignty

fromNextgov.com

Trust, trade and the new data diplomacy

Data has become the defining currency of global power. The nations and organizations that can manage, protect, and share it responsibly will shape the future of economic resilience and international cooperation. In an era where artificial intelligence and digital interdependence connect every market and mission, the ability to build and maintain trust in data is now a central pillar of both commerce and diplomacy.

World news

#data-sovereignty

fromTechRepublic

EU data protection

The Global Fight Over Who Controls Your Data Just Escalated - Here's What the Numbers Say

EU data protection

Auditing, classifying and building a data sovereignty strategy | Computer Weekly

fromTechRepublic

EU data protection

The Global Fight Over Who Controls Your Data Just Escalated - Here's What the Numbers Say

EU data protection

Auditing, classifying and building a data sovereignty strategy | Computer Weekly

more#data-sovereignty

Cloud sovereignty isn't a toggle feature

Sovereignty, locality, and 'alternative cloud' strategies are often treated as simple settings in hyperscaler consoles. Pick a region, check a compliance box, and move on. IT consultancy Coinerella posted about replacing a typical US-centric startup baseline with a 'Made in the EU' stack. They treat sovereignty as an architectural posture and an operating model that can save money.

EU data protection

fromBusiness Matters

7 Data Privacy Risks Leaders Miss in 2026

Organizations overlook seven critical privacy risks in 2026 that bypass security awareness, including public WiFi interception, malicious browser extensions, shadow AI tools, unencrypted messaging, credential reuse, unmanaged personal devices, and data retention gaps.

Metadata, cloud sovereignty's weak spot

US authorities can access some metadata of cloud users in European sovereign clouds, potentially revealing operational and behavioral information despite data residency protections.

fromAdExchanger

Inside The Mind Of A Former Privacy Regulator | AdExchanger

How do privacy regulators decide which companies to poke? Often, it's a consumer complaint. Other times, it's a headline. And, sometimes, it's just personal. Regulators are consumers, too, after all. But it's important to remember that every brush with a regulator doesn't turn into a full-blown case, said privacy attorney Tyler Bridegan. Bridegan spent nearly two years as director of privacy and tech enforcement for the Texas attorney general's office. He left government work and returned to private practice in October as a partner at Womble Bond Dickinson.

Privacy professionals

fromEFDPO - European Federation of Data Protection Officers

Digital Omnibus: EDPB and EDPS support simplification and competitiveness while raising key concerns * EFDPO - European Federation of Data Protection Officers

Proposed GDPR/EUDPR amendments risk narrowing the 'personal data' definition and weakening individual data protection; EDPB and EDPS urge co-legislators to reject them.

Is the AWS European Sovereign Cloud sovereign enough?

AWS launched the Berlin/Potsdam European Sovereign Cloud with a separate German corporate structure, three Local Zones across Europe, and fully isolated services and controls.

fromSecuritymagazine