Booking.com Customers Warned of Data Hack, FTC Hits Publishing.com With $1.5M Penalty, Californians Sue AI Doctor Recorder

Booking.com is warning customers that attackers reached their personal data, creating a ready-made pretext for travel phishing at scale. The FTC extracted a $1.5 million settlement from Publishing.com over deceptive earning claims and filed a parallel action against a high-level MLM participant, signaling continued enforcement against business opportunity schemes. In California, patients sued over an AI tool that records doctor visits without explicit consent, a case that will shape how ambient clinical AI gets deployed.

Top 5 Critical Privacy Alerts

1. Booking.com Warns Customers of Data Hack

Booking.com is notifying customers that hackers accessed their data in a recent incident. The company is still determining exact scope, but exposure includes personal and travel-related information used to book accommodations. The Guardian

Operator Note: This is a phishing gold mine. Affected customers should expect convincing travel-confirmation lures with real booking details baked in.

2. FTC Extracts $1.5M From Publishing.com Over Deceptive Income Claims

Publishing.com agreed to pay $1.5 million to settle FTC charges that it misled consumers about how much they could earn using its products and services. The order also imposes compliance reporting requirements. FTC

3. FTC Sues High-Level MLM Participant Over Earnings Deception

The FTC filed a parallel action against a senior MLM participant who allegedly deceived workers about income potential. The case signals the agency is pursuing individuals, not just corporate defendants, in business opportunity fraud. FTC

4. Californians Sue Over AI Tool That Records Doctor Visits

A class action alleges an AI ambient scribing tool is recording doctor-patient conversations without adequate consent. The suit will likely test whether HIPAA-adjacent AI products clear California’s two-party consent requirements. PogoWasRight

Operator Note: If you deploy ambient clinical AI, verify the consent flow meets the stricter of HIPAA or your state’s wiretap statute. Opt-out buried in a portal will not hold up.

5. California Bill Would Censor 3D Printing Designs

EFF is warning that California’s pending 3D printing legislation would treat design files as regulated content, creating speech and privacy risks while failing to meaningfully address the safety concerns it cites. EFF

Additional Privacy Alerts

Privacy Laws & Regulations

• Italian DPA Fines Platform Over Phone Number Disclosure - Regulator extended platform liability after the Russmedia ruling, fining a site for allowing a phone number to appear in sex work ads without the subject’s consent. PogoWasRight

• Governance Framework for AI Agents - Norton Rose laid out a practical framework for governing autonomous AI agents, including data minimization and audit trail requirements. Data Protection Report

The Axe Report is a daily briefing from Grab The Axe. Need help assessing your organization’s security posture? Take our free Human Attack Surface Score assessment.