Today’s privacy digest highlights several critical threats, including a novel ‘CoPhish’ attack exploiting Microsoft Copilot, a disturbing hospital breach involving patient photos, and a range of identity theft scams targeting vulnerable populations. We also cover new privacy regulations in New Zealand and FTC warnings about Amazon Prime subscriptions and charity scams. Stay informed to protect your data and avoid becoming a victim.
Top 5 Critical Privacy Alerts
- New CoPhish attack steals OAuth tokens via Copilot Studio agents: A phishing technique uses Microsoft Copilot Studio agents to deliver fraudulent OAuth consent requests. Read more
- Jay Hospital employees fired over ‘horrible’ pictures of sleeping, medicated patients: Hospital staff took and posted pictures of sleeping patients on social media, leading to their termination. Read more
- Get a credit freeze to stop identity thieves: Freezing your credit is a great way to help protect yourself from identity theft. Read more
- How to help protect foster youth from identity theft: Foster youth are at greater risk of identity theft because they often move more often and more people have access to their info. Read more
- This Medicare Open Enrollment season, learn how to protect yourself from scams: Scammers get more active around Medicare Open Enrollment Period, trying to get your money, information, or both. Read more
Privacy Laws & Regulations
- New Zealand passed The Privacy Amendment Act in September. Learn about the IPP3A: New Zealand’s government passed The Privacy Amendment Act, adding Information Privacy Principle (IPP) 3A, effective May 1, 2026. Read more
Data Minimization & User Consent
- Who’s eligible for a refund from Amazon?: Amazon agreed to pay $2.5 billion for enrolling people in Prime subscriptions without consent and making cancellation difficult. Read more
- Labor rules out giving tech giants free rein to mine copyright content to train AI: The Albanese government has ruled out granting copyright exemption for AI models training. Read more
Scams & Identity Theft
- How to spot a job scam: Learn how to spot phony business opportunities, work-at-home scams, shady employment agencies, and scammy multi-level marketing schemes. Read more
- How to prepare yourself to deal with an emergency and avoid disaster-related scams: Learn how to spot disaster-related scams and find free tools to help you get started on a plan that includes fraud prevention. Read more
- No, that’s not an FTC commissioner on the phone: Scammers pretend to be FTC officials to try to get your money. Read more
- When sharing your info online leads to unwanted and unlawful telemarketing calls: Companies trick you into sharing your information so they can sell it to telemarketers. Read more
- Thinking about selling your timeshare? Key steps to avoid scams: Learn key steps to avoid scams when selling your timeshare. Read more
- Before you donate, find out where the money is going: The FTC says Kars-R-Us.com, Inc. lied about how the money would be spent when it collected vehicle donations. Read more
