Privacy Roundup #0235 • February 2026
February brought a wave of vishing-driven breaches, fresh fights over police cameras and ICE surveillance, and regulators leaning on data brokers.
1. Hackers publish data stolen from Harvard and UPenn breaches
The ShinyHunters group leaked about 2.2 million records taken from Harvard and the University of Pennsylvania after both refused to pay a ransom. The files held alumni names, addresses, phone numbers and donation details drawn from fundraising systems.
2. Breach at French bank registry exposes 1.2 million accounts
An attacker used a civil servant's stolen credentials to reach FICOBA, the national registry of every bank account opened in France. The exposed data included account numbers, holder names, addresses and, in some cases, tax identifiers.
3. Odido breach exposes 6.2 million Dutch customers
The Dutch telecommunications firm Odido confirmed one of the largest European telecom breaches of early 2026. Attackers reached personal details of about 6.2 million customers after the firm detected the intrusion in early February.
4. Fintech firm Figure breach affects nearly 1 million accounts
Blockchain lender Figure Technology Solutions said an employee fell for a social engineering attack that exposed roughly 967,000 user records. The stolen files held names, dates of birth, email addresses, postal addresses and phone numbers.
5. Ad tech firm Optimizely confirms breach after vishing attack
Optimizely said attackers reached internal business systems through a voice phishing call on 11 February. The firm reported no evidence that customer or personal data was taken, but it warned the roughly 10,000 companies that use its tools.
6. Coinbase confirms insider breach linked to leaked support tool screenshots
Coinbase said a contractor had improperly reached the records of about 30 customers after screenshots of an internal support tool surfaced online. The exposed details included names, dates of birth, phone numbers, identity verification data, wallet balances and transaction histories.
7. ICO fines Reddit 14.47 million pounds for children's privacy failures
The Information Commissioner's Office fined Reddit 14.47 million pounds for processing the data of children under 13 without any effective age checks. The regulator warned that relying on users to declare their own age is not enough to protect young people.
8. FTC reminds data brokers of their duties under PADFAA
The Federal Trade Commission sent letters to 13 data brokers on 9 February warning them not to sell sensitive American data to foreign adversaries. The agency flagged firms that had offered information tied to members of the armed forces.
9. Data broker Kochava reaches privacy deal with the FTC
Kochava agreed to settle long-running FTC claims that it sold precise location data revealing visits to clinics and places of worship. The deal would force the firm to block raw location data linked to sensitive sites for at least two years.
10. Tenth Circuit limits sweeping searches of a protester's devices
The appeals court ruled that the Fourth Amendment does not support broad warrants to comb through a protester's phone, photos and messages. The judges held that the particularity requirement applies with special force to digital devices.
11. California reaches record 2.75 million dollar privacy settlement with Disney
California Attorney General Rob Bonta announced a 2.75 million dollar settlement with Disney over its failure to honour opt-out requests under the state privacy law. The company let users switch off data sharing on single devices only, while continuing to share information with third-party advertising firms across the rest of an account.
12. EFF and ACLU tell Big Tech to resist lawless DHS subpoenas
The two groups urged Amazon, Apple, Google, Meta and others to demand court review before handing over user identities to the Department of Homeland Security. They warned that the agency had used subpoenas to unmask people who documented or criticised ICE.
13. DHS watchdog opens inquiry into ICE surveillance tools
The Inspector General began an audit of whether ICE's surveillance and biometric programmes follow privacy law. Senators Mark Warner and Tim Kaine pushed for the review over contracts with firms such as Palantir, Clearview AI and Flock.
14. EFF warns that "free" surveillance tech carries a high cost
The group described how vendors, federal agencies and wealthy donors give police free surveillance gear that bypasses local oversight. It argued that the hidden price is paid in lost privacy and weaker public control.
15. EFF op-ed urges San Jose to drop its Flock system
The piece argued that automated licence plate readers can be turned against immigrants, dissidents and other targets. It called on local leaders to end the city's contract and protect their communities.
16. With Ring, consumers built a surveillance dragnet
A Ring Super Bowl advert for an AI feature that scans neighbourhood cameras to find a lost dog drew sharp privacy criticism. Reporters and lawmakers warned the same tool could be turned on people deemed suspicious.
17. Why some cities are cancelling Flock camera contracts
NPR reported that a growing number of cities are dropping Flock licence plate readers over fears the data could feed immigration enforcement. Local officials cited the lack of control over who can search the footage.
18. WhatsApp encryption, a lawsuit, and a lot of noise
Cryptographer Matthew Green examined claims that Meta could read end-to-end encrypted WhatsApp messages. He explained that the real risks sit around the protocol, in cloud backups, business messaging and internal access systems.
→ blog.cryptographyengineering.com
19. Age verification laws face mixed prospects in 2026
Experts told Route Fifty that the spread of age verification rules raises real privacy and anonymity concerns. Courts have blocked some measures while others move ahead, leaving a patchwork across the states.
20. Ten Dutch municipalities fined over secret probes into Muslim residents
The Dutch data protection authority fined ten councils a total of 250,000 euros for collecting sensitive files on Muslim residents without their knowledge. The councils logged people's religion and political views and shared the reports with national bodies.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: