A single record will bring together your personal and contact data to speed up procedures in Castilla-La Mancha
26/05/2026
Data Protection and Privacy News
Only 30,000 orders back Trump Mobile's launch after an unannounced data leak
26/05/2026
Trump Mobile admits a leak that exposed emails and addresses due to an external failure. It maintains shipments this week despite ignoring previous warnings, with reserves reduced to 30,000.
Covering the flaw in 240,000 files does not prevent passports and student loans from fueling targeted fraud campaigns
25/05/2026
An error in S3 exposed passports, accounts, and academic records of students. Leverage Edu corrected the access before detecting abuses, but the mix of data facilitates financial scams and impersonations.
The leak of ID numbers and phone numbers at Santalucía increases the risk of identity theft among its clients
24/05/2026
Santalucía notified the AEPD of a cyberattack that exposed customer names, phone numbers, and national ID numbers. The insurer rules out the theft of banking data and is already alerting users to prevent identity theft fraud.
Extremadura's healthcare faces a 20 million fine for denying a mother her son's medical history
24/05/2026
The AEPD opens a file against the Extremadura Health Service for denying a mother her son's medical history and ignoring her requests. The very serious infringement of the GDPR could lead to a fine of up to 20 million.
SafePay sets 3 days to pay the ransom after leaking data from a chemical company in Campo Real
24/05/2026
The chemical company Olipes appears on SafePay's leak portal after a cyberattack. The gang demands a ransom with a 3-day deadline and threatens to publish internal data through its double extortion scheme.
A cyberattack leaks 703,000 driving school student records with unencrypted passwords
23/05/2026
The Matferline platform suffers an SQL injection that exposes DNI, personal data, and unencrypted passwords of 703,000 students. The attacker offers them on the dark web for up to $35,000, increasing the risk due to the lack of protection.
A selfie with the V hand sign exposes fingerprints to artificial intelligence
23/05/2026
AI extracts fingerprints from selfies taken at 1.5 meters, the most common distance on social media. Although the software allows for the creation of biometric replicas, fraud requires additional device access.
A code of 0.025 mm created to catch banknote counterfeiters now allows authorities to track whistleblowers
23/05/2026
Laser printers print invisible codes with the serial number and date. Designed to prevent counterfeiting, today they allow whistleblowers to be tracked, while millions print without knowing this footprint.
The cybertheft in New York hospitals exposes the data of 1.8 million patients with no replacement option
21/05/2026
NYC Health + Hospitals confirms the leak of clinical and biometric data of 1.8 million patients after 76 days of undetected access due to a failure in an external provider. A toll-free hotline is activated.
Santalucía halts access to its policies but maintains phishing alert due to DNI leak
21/05/2026
Santalucía notified an unauthorized access to its policies on May 1st that exposed name, phone number, email, and national ID. The company claims to have contained the breach and warns clients of the risk of impersonation.
Décimas did not detect the data leak of 330,000 clients until INCIBE alerted it
21/05/2026
The AEPD has fined Décimas 120,000 euros for a vulnerability that exposed personal data of more than 330,000 buyers. The chain did not detect the attack and the fine was reduced after acknowledging the facts.
A 3-second glance at your screen allows smart glasses to capture your bank key
20/05/2026
Smart glasses record discreetly and expose passwords, bank details, and conversations. The cloud connection and network vulnerabilities facilitate credential theft in everyday spaces.
Instagram suppresses the encryption of its direct messages to feed an advertising model that tracks your digital activity
20/05/2026
Meta will remove encryption from Instagram in May. Experts warn of risks of fraud, deepfakes, and opaque collection of usage habits for advertising, in a context of growing distrust towards large platforms.
The trusted app for talking to your surroundings now channels scams that demand payments for non-existent offers
20/05/2026
Scammers use WhatsApp to extract money through job offers, romance, or fake investments. Block senders, verify identities by other means, and never pay for app features.
Requests to delete data leaked by AI assistants grow 400%
20/05/2026
ChatGPT and Gemini filter real phone numbers in their responses, causing erroneous calls to unrelated people. DeleteMe detects a 400% increase in data deletion requests linked to generative AI failures.
The platform that promises to reveal any data in Uruguay without a court order clashes with a single official confirmation
20/05/2026
La Pampa Leaks leaked data from high-ranking officials in Uruguay and offers information without a court order. Antel confirms an attack on TuID but rules out leaks, and VECERT analyzes software to map financial profiles.
Each query to the AI trains its algorithms before exposing your data for sale on the black market of Catalunya
19/05/2026
The Cybersecurity Agency warns that sharing data with AI exposes privacy to leaks or sale. It recommends deleting history, limiting device permissions, and requesting the deletion of records.
The AEPD warns Madrid for filtering personal information from an urban planning file that the City Council itself opened in Chamberí
19/05/2026
The AEPD warns Madrid for leaking Alberto González Amador's data in urban planning files. The City Council has six months to anonymize the information and has appealed, considering that it violates transparency.
The generative AI leaks internal data in 91% of companies in Spain
19/05/2026
A study warns that 91% of companies in Spain expose sensitive information when integrating generative AI. Amidst the increase in cyberattacks, experts demand usage policies, data classification, and strict access control.
AI eliminates hotel message errors to validate scams with real bookings
18/05/2026
Cybercriminals use real reservation data to charge extra payments. AI eliminates the errors that previously betrayed fraud, making it difficult to detect. Always verify on the hotel's official website.
The obligation to collect data to monitor biocides clashes with the veto on their use in sanctions
18/05/2026
The AEPD demands that the future biocides regulation be adjusted to the GDPR, limiting data processing to registration and sale and prohibiting its use for sanctions or other administrative purposes.
The tool that generates attractive avatars with AI also reveals data that the user considers private
18/05/2026
AI apps for creating avatars expose biometric data when uploading photos. Authorities recommend limiting permissions, avoiding access to the full gallery, and using platforms with clear policies to protect privacy.
Spanish advocacy sanctions lawyers who delegate to AI without manually verifying each result
17/05/2026
The new circular from the CGAE obliges to manually verify each result of generative AI. Using free, unaudited versions violates privacy and secrecy, activating sanctions for uncritical delegation.
Requests to delete AI data grow 400% without stopping the exposure of mobiles to strangers
17/05/2026
Chatbots like Gemini hand over personal numbers to strangers. Deletion requests grow by 400%, but harassment persists and tech companies do not guarantee the immediate deletion of leaked data.
The promise of free access to the World Cup in Mexico City hands over phone control to scammers
17/05/2026
The cyber police of Mexico City warns about fake apps that simulate retransmitting the 2026 World Cup to steal bank credentials and control devices through abusive permissions.
The advertisement that imitates Lidl offers on the internet steals your data without sending the product home
16/05/2026
INCIBE and the Catalan Agency warn of fraudulent websites impersonating Lidl. They use urgency and cloned designs to steal bank details. The order is never delivered. The brand is investigating the fraud thanks to customer alerts.
The dark web exposes the medical records of 52 million Argentinians amid the silence of the authorities
16/05/2026
Specialized accounts on the dark web claim to have accessed personal, biometric, and clinical history data of 52 million Argentinians, adding to a recent chain of cyberattacks on public organizations that has not yet been officially confirmed by the government.
A group with 700 victims this year leaks the database of a marketing company in Spain
16/05/2026
The Qilin group publishes alleged personal data of the company Mediapost, dedicated to marketing and advertising distribution, on the dark web, without yet confirming the exact number of affected individuals or the technical details of the incident.
A call that imitates technical support takes advantage of a false router upgrade to change your provider
15/05/2026
Movistar warns of a fraud where supposed technicians ask for SMS codes or voice recordings to force a change of company without consent, taking advantage of a false router upgrade.
The navigation of a legal portal prevents writing news with real data about Catalonia
15/05/2026
The original material lacks verifiable figures, dates, and statements, making it impossible to produce an informative piece without inventing data.
Artificial intelligence trains its own replacements using the voices of employees it is supposed to help
15/05/2026
AI reduces administrative positions and has already caused 16% less youth employment since 2024. Experts warn about the substitution of routine tasks and legal doubts surrounding the capture of labor data.
A Zaragoza optical shop took out 12 quick loans using its own clients' data
14/05/2026
The Police arrested the owner of an optical shop for taking out 12 loans with customer data without permission. The fraud exceeds 32,000 euros and affected seven people who found unsolicited bank charges.
The school management platform in the Valencian Community uses personal data of students to send political propaganda to families.
14/05/2026
Compromís denounces in Congress and Brussels the use of the school app Itaca to send political propaganda to families during the teacher strike, for possible non-compliance with the GDPR.
Cybercriminals hide malware in public Claude AI chats to steal credentials on Mac
14/05/2026
Attackers use Google ads and Claude AI chats to distribute malware on Mac. The code runs in memory, steals credentials and cookies, and changes with each download to evade antivirus.
The cameras dismantle the report that condemned two agents in L'Hospitalet to 3 years for falsifying the version of events
13/05/2026
Two police officers from L'Hospitalet complete three years in prison for falsifying a report after an accident. Cameras dismantled their account and proved that they assaulted a witness who refused to provide his details.
The Valdemoro City Council forces the use of manual records after the alleged extraction of 1.8TB of sensitive information
13/05/2026
Valdemoro activated paper procedures after a cyber incident. The council does not detail the scope, despite the Kairos group claiming 1.8TB of data. Citizens are recommended to change passwords and monitor their accounts.
The same prosecutor who protects her as a victim now requests her indictment for violating private data
13/05/2026
The Prosecutor's Office set May 12 for the indictment hearing against Laura Ojeda for alleged undue access to Daysuris Vásquez's conversations. The defense alleges a conflict of interest as the same prosecutor is involved in both cases.
European protection of your data vanishes before US law that obliges apps to hand them over
12/05/2026
Abandoning WhatsApp and Gmail shields privacy from the CLOUD Act. Van der Burg proposes migrating to European services like Proton Mail and Nextcloud to regain real control over personal data.
A breach in an external provider exposes banking data of 3% of Naturgy clients in Spain without filtering passwords
12/05/2026
Naturgy notifies a breach in an external provider that affects 3% of its clients in Spain. Bank details were leaked, but not passwords. The OCU confirms that banks must reimburse any fraud.
The 197,000 emails from Zara trace a purchase history that the company claims not to have lost
12/05/2026
Inditex admitted unauthorized access to external servers. Although it denies the loss of sensitive data, 197,000 Zara emails with purchase history and location were confirmed. ShinyHunters claimed the attack.
The police infiltration in a Ciutat Vella assembly activates lawsuits that force the Interior Ministry to justify union surveillance
12/05/2026
Unions denounce the infiltration of the Mossos in a Ciutat Vella assembly. They demand that the Interior Ministry clarify who ordered the surveillance and what union data was collected.
Managing 1.2 million visitors a year at La Pedrera: Gaudí's heritage as "social return"
06/05/2026
Marta Lacambra directs the Catalunya La Pedrera Foundation: the entity reinvests tourism income in social and cultural projects, with audio guides in 14 languages and nearly 1.2 million visitors.
An AI vishing scam impersonated Pablo Motos and led a victim from León to hang up and report it
03/05/2026
Cybercriminals impersonated Pablo Motos' voice with AI to say the woman had won a gift card from El Hormiguero. After suspicions, she called 017 and activated the report.
Operation Road Trap: Bitdefender detects 79,000 fake messages in Catalonia to steal data and even control the mobile phone
02/05/2026
Between Dec. 2025 and Apr. 2026, Bitdefender (Operation Road Trap) detects 79,000 malicious communications in Spain with dangerous links for transport and mobility. Catalonia, Madrid, and Andalusia are where it affects the most.
Pamplona's Low Emission Zone exposes unidentified risks for personal rights, according to Comptos
02/04/2026
"Unidentified risks" in the data processing of the ZBE of Pamplona, warns the Chamber of Comptos
27 active channels on Telegram sell personal data in Brazil, Peru and Argentina
02/04/2026
The illegal buying and selling of personal data is available on Telegram channels
4,000 euros for responding to a review: this is how the AEPD sanctioned by publishing academic and sexual orientation data
02/04/2026
The fact that these data appear on networks does not imply that anyone can collect and publish them" - AEPD
5 data stolen in an SMS: DNI, address, card number and more in campaign in Barcelona
01/04/2026
Someone has tried to log into your account. If it wasn't you, verify your identity
2.5 million ClickRent customers affected by a leak with passports, DNIs, and bank details exposed.
01/04/2026
"More than 100 GB of identity documentation" compromised in the leak to ClickRent, according to the attacker.
FACUA denounces the Franco Foundation's store for violating the Democratic Memory Law
31/03/2026
Possible non-compliance with the Democratic Memory Law in the online store of the Franco Foundation
200,000 euros for revealing identities in an internal case of workplace harassment
31/03/2026
The identity of the complainants was exposed, according to the resolution of the AEPD
More than 142,000 leaked data in LeakBase: thus operate the forums of sale of state information
30/03/2026
"It is not an attack in the strict sense", experts say about the dissemination of data of high-ranking officials
10 key points to protect minors' data on educational platforms in the cloud
30/03/2026
The use of digital platforms is not voluntary for students and families
78% of sick leave frauds use the fear of losing the benefit
29/03/2026
The hook is the fear of a possible review so that you open the link
9 searches in a police database about the tenant's uncle: the data that did not prove a crime
29/03/2026
I am a plumber, I have Civil Guard clients and I don't put any problem in them making inquiries" - Ricardo Amador, guarantor
4.3 million Centauro Rent a Car user records appear on the dark web after alleged breach
29/03/2026
From Escudo Digital we have gotten in touch with the company to clarify what happened
About 10 million confidential records were stolen in cyberattacks linked to a criminal network
28/03/2026
The stolen information was used to commit cyber scams and sale in clandestine forums.
FACUA detects fake websites that simulate selling Rosalía tickets to steal data
28/03/2026
"New spots available now": the claim they use to deceive on Instagram
The Senate prohibits using the image of minors in school advertising without written consent from their parents
27/03/2026