ICO Fines Police Scotland £66,000 for Data Mishandling
The ICO has fined Police Scotland £66,000 and issued a reprimand for serious data mishandling. Failures included excessive mobile phone data extraction and unlawful disclosure of sensitive personal information to a third party, violating UK GDPR and the Data Protection Act 2018.
New American Funding Data Breach Notification
New American Funding has notified the Washington Attorney General's office of a data breach affecting 699 state residents. The incident, which occurred at a service provider, may have exposed personal information including names, addresses, and Social Security numbers. Affected individuals are being notified and offered credit monitoring services.
Brown Advisory Security Incident and Data Breach Notification
Brown Advisory reported a security incident on January 21, 2026, involving unauthorized access to certain systems by a threat actor. Personal data, including names, contact information, and sensitive identification details, may have been accessed. The company is offering 24 months of free identity protection services from Experian.
Drivestream Data Breach Notification
Drivestream, Inc. is notifying Washington residents of a data breach that occurred between December 4-9, 2024. An unauthorized actor accessed systems and potentially exfiltrated sensitive personal information, affecting 505 Washington residents. Drivestream is offering credit monitoring services.
Lakeside Pediatrics Data Breach Notification
Lakeside Pediatric & Adolescent Medicine PLLC is notifying 1314 Washingtonians of a data security incident that occurred on or about November 1, 2024. An unauthorized party accessed their systems, potentially exposing personal information. The company is offering credit monitoring services.
Insightin Health Data Breach Notification
Insightin Health is notifying Washington residents and regulators of a data breach affecting 11,740 individuals due to a cyberattack exploiting a zero-day vulnerability. The breach, which occurred in September 2025, potentially exposed names, dates of birth, medical, and health insurance information. Insightin is offering 12 months of free credit monitoring services.
Pyramid Global Hospitality Data Breach Notification
Pyramid Global Hospitality is notifying current and former employees of a data breach discovered on September 30, 2025, impacting personal information. The company is offering credit monitoring and identity restoration services and has notified relevant state regulators and federal law enforcement.
Data Breach Notification for CommonSpirit Health and Pinnacle Holdings
Washington State's Office of the Attorney General has been notified of a data breach impacting CommonSpirit Health, reported by vendor Northgauge Healthcare Advisors. The breach occurred at Pinnacle Holdings, a vendor to Northgauge, and may have exposed personal information of Washington residents.
GDPR Resolution: No Fine for DILCAR Gestión S.L.
The Spanish Data Protection Agency (AEPD) has closed an investigation into DILCAR Gestión S.L. regarding the misuse of municipal resources for private business, which involved personal client data. No fine was imposed on the company.
GDPR Resolution: School Used Health Data Without Consent
The Spanish Data Protection Agency (AEPD) initiated a sanctioning procedure against HOLY MARY CATHOLIC SCHOOL, S.L. for allegedly using student health data without proper consent. The procedure was initiated following a complaint filed on April 24, 2024, regarding the use of 'Google Workspace for Education' and its potential access to non-educational content.