Data Protection and Privacy News

27 active channels on Telegram sell personal data in Brazil, Peru and Argentina

The illegal buying and selling of personal data is available on Telegram channels

4,000 euros for responding to a review: this is how the AEPD sanctioned by publishing academic and sexual orientation data

The fact that these data appear on networks does not imply that anyone can collect and publish them" - AEPD

5 data stolen in an SMS: DNI, address, card number and more in campaign in Barcelona

Someone has tried to log into your account. If it wasn't you, verify your identity

2.5 million ClickRent customers affected by a leak with passports, DNIs, and bank details exposed.

"More than 100 GB of identity documentation" compromised in the leak to ClickRent, according to the attacker.

FACUA denounces the Franco Foundation's store for violating the Democratic Memory Law

Possible non-compliance with the Democratic Memory Law in the online store of the Franco Foundation

200,000 euros for revealing identities in an internal case of workplace harassment

The identity of the complainants was exposed, according to the resolution of the AEPD

More than 142,000 leaked data in LeakBase: thus operate the forums of sale of state information

"It is not an attack in the strict sense", experts say about the dissemination of data of high-ranking officials

10 key points to protect minors' data on educational platforms in the cloud

The use of digital platforms is not voluntary for students and families

78% of sick leave frauds use the fear of losing the benefit

The hook is the fear of a possible review so that you open the link

9 searches in a police database about the tenant's uncle: the data that did not prove a crime

I am a plumber, I have Civil Guard clients and I don't put any problem in them making inquiries" - Ricardo Amador, guarantor

4.3 million Centauro Rent a Car user records appear on the dark web after alleged breach

From Escudo Digital we have gotten in touch with the company to clarify what happened

About 10 million confidential records were stolen in cyberattacks linked to a criminal network

The stolen information was used to commit cyber scams and sale in clandestine forums.

FACUA detects fake websites that simulate selling Rosalía tickets to steal data

"New spots available now": the claim they use to deceive on Instagram

The Senate prohibits using the image of minors in school advertising without written consent from their parents

'It may be revoked at any time': new law prevents commercial use of student data without authorization

5 billion euros: how the Generalitat's subsidies are distributed in 2025 according to Subvencions.cat

Data are never neutral - Cristina Garde, researcher at the Universitat Pompeu Fabra

6,771 personal data were exposed due to a flaw in the anonymization of local grants

No general impact has been detected on the own data of the Generalitat.

The Meta Ray Ban have already become popular: the EFF warns about who else accesses its recordings

"They have already become popular": the EFF warns about the use of smart glasses with camera

5 million accounts at risk after the possible leak at Crunchyroll, according to initial alerts

"There is no official confirmation, but the bank details are already circulating", say cybersecurity experts

1 call from an AI agent = 1 new data output with legal weight, according to the AEPD

It is not enough to know the input and the output of the system

An age verification system that collects biometric data from minors is not well designed: Maite Arcos

If it guarantees privacy, it is a good tool for the objective it pursues" - Maite Arcos

On April 2, the AEPD learned of the leak, but did not notify it until September 9

It did not involve a high risk for those affected

174,000 euros to shield La Moncloa after the leak of phone numbers and emails of Sánchez, Díaz and Montero

"Two firewalls in cluster and a log analyzer": Moncloa admits its outdated infrastructure

4 data protection authorities join forces to regulate the use of educational platforms in Spain

The decalogue bets on a preventive approach" for the treatment of data in education

The AEPD notified a breach five months after learning about it: the incident was April 2, 2025

"More than five months after becoming aware of the incident" the breach was not notified, according to the document

9 out of 10 text messages about INSS medical reviews with a link are fraudulent

Public administrations do not request data through links in SMS - Spanish Consumers Association

3.50 dollars: the average price to buy a complete identity on Telegram channels in Latin America

In other words, this section offers a clear X-ray of the person's financial behavior

50 prosecutors exposed: ID, address and phone for sale on the dark web

If the State does not protect its data, it cannot guarantee the security of the citizens - José Ramón Riera

85% of email attacks simulate legal documents to activate malware

"Appear immediately" is the phrase they use for you to open the infected file

The FBI acquires data available on the market to obtain valuable intelligence: Kash Patel

Accessing personal data without a warrant is a 'scandalous mockery' of the Fourth Amendment: Wyden

Only 1 advertising message per month: this is how the new law limits the use of your personal data

No provider may use personal data without express authorization

More than 70% of the cyber threats detected are identity impersonations, according to INCIBE

The text literally says that the citizen must appear at the Central Department of the National Police in Madrid on December 20, 2024 for an alleged administrative file.

A TSJC condemns Mercadona to pay €7,501 for violating the data protection of a manager

The TSJC has recognized that the use of personal data occurred in the context of a disciplinary proceeding that culminated in a dismissal and that Mercadona acted in the exercise of the disciplinary power contained in the Workers' Statute.

The UN warns: international data collection does not have a binding legal framework

An absence of specific regulation is identified as one of the main current challenges in the area of digital privacy.

Thousands of patients with resistant depression improve today thanks to neurotechnologies

The neurologist Álvaro Pascual-Leone, professor at Harvard Medical School, and the neuroscientist Mariano Sigman, international researcher and popularizer, participated in the debate.

More than 10,000 seniors at the Senior Fair: sure prizes in exchange for personal data

During the fair, several activities offered sure prizes in exchange for personal data such as name, surnames, phone, and email address.

More than 7,144 million in GDPR fines: this is how the misuse of your data is punished in Europe

Spain leads the European ranking with 3,034 sanctions imposed since the implementation of the GDPR, far ahead of Italy, Romania, Germany, Poland and Greece.

A fake email from 'My Citizen Folder' promises €552.97: this is how the fraud detected by INCIBE operates

The message arrives from the address "[email protected]" and simulates an official notification. In the text, the recipient is informed that "an income of 552.97 euros has been generated in their favor".

Fine of 48.000 € for using personal mobile phones for work access tokens

Of the 364 active employees, 203 provided their personal mobile to receive SMS authentication tokens.

An SMS, a call and €20,000 less: this is how the group dismantled in Córdoba acted

The @ Team of the Córdoba Command, specialized in cybercrime, has investigated 12 people as alleged perpetrators of fraud and money laundering crimes.

Alert on digital surveillance among young people

Cheyenne Hunt, executive director of Gen Z For Change, has pointed out that the current political administration has increased monitoring on activist groups and youth organizations.

Five years without practicing for inviting a patient to 'have a beer' after consulting her data

During the process, the doctor admitted having called the patient from his personal number. He declared that his intention was "to invite the patient for a drink" to "talk about the disability situation and the assessment".

Romania annuls the first presidential round after detecting Russian cyberattacks

The European Commission maintains open a formal investigation against TikTok for possible violation of the Digital Services Act.

The AEPD obliges Palma to change the brown containers for violating data protection

The Palma City Council has defended during the procedure that there was no processing of personal data and that only statistical data was collected to adjust the collection frequency or the number of containers per areas.

Europol dismantles LeakBase, forum with more than 142,000 users of stolen data

The police intervention has been carried out simultaneously in 14 countries and has involved the participation of the National Police and the Civil Guard, alongside authorities from different jurisdictions.

Cyberattack to TfL: data of 10 million users exposed in 2024

According to the information provided, the attackers managed to obtain names, email and postal addresses, as well as phone numbers of approximately 10 million people.

95% of new cars in 2026 will send your personal data without asking permission

Electric and connected vehicles collect detailed information about geolocation, biometrics, and driving habits. These data include GPS trajectories, facial recognition, and music listening patterns.

Delays of up to 29 days in payroll allow an employee to break her contract and collect €46,266.90

The judicial resolution establishes that the employee will receive compensation of 46,266.90 euros for the termination of the contract

The Madrid Court will investigate whether Miguel Ángel Rodríguez revealed reserved data of journalists

According to the judicial resolution, Miguel Ángel Rodríguez identified and disseminated the image of two journalists from El País who were in the vicinity of Isabel Díaz Ayuso's home.

The Police track the origin of the data leak of Sánchez, ministers and regional presidents

The investigation remains active since last January, when the dissemination of private information of the Minister of Transport, Óscar Puente, as well as of directors and officials of Renfe and Adif was detected.

Deleting your OpenAI account deletes ChatGPT, API, and DALL·E: the decision is irreversible

The deletion process implies that OpenAI deletes the profile, access credentials, conversation history, personalized settings, usage data, and billing information, except ...

15 million French patients affected by the largest medical leak of Cegedim Santé

Cegedim Santé, publisher of the MLM software used by 3,800 doctors in the country, reported that the incident was discovered upon detecting anomalous behavior in the application's requests.

SkyWest sues two former pilots for accessing data of 4,970 pilots through its intranet

Discover which company leaked your data using aliases in your Gmail address

Europe imposed more than 330 sanctions for data protection in 2025, exceeding 1,150 million euros

OpenAI activates a blocking mode in ChatGPT for high-risk journalists and activists

Lockdown mode is an advanced and voluntary security option. When activated, ChatGPT's web browsing is limited to the exclusive use of cached content, without access to real-time information from the Internet.

WhatsApp integrates Meta AI in Catalonia without option to deactivate it: what you can undo

There is no possibility to deactivate Meta AI on WhatsApp. Joshua Breckman, director of International Communications for the company, has explained that the tool works "like any other function" within the application.

Ten verified cases: when ChatGPT fuels obsessions and harassment against real people

The victims state that automated attacks are more overwhelming and traumatizing than conventional threats.

A failure in Virginia left without access to personal data to users in Barcelona, Paris and Frankfurt

The incident evidenced that, although data storage may be located in Europe, resource management depends in many cases on centralized services outside the European Economic Area.

304 profiles on networks offer loans in Spain: this is how they are distributed among TikTok, Facebook and X

The count carried out by the Maldita.es team has detected 104 profiles on TikTok, 100 on Facebook, and 100 on X dedicated to offering loans.