This privacy digest highlights critical developments, including ICE’s acquisition of a mass phone tracking tool and the ‘CommetJacking’ attack stealing emails via AI browsers. We also cover a significant Salesforce data leak, a ransomware attack on Asahi, and the FTC’s crackdown on child data exploitation. Stay informed to navigate these evolving privacy threats effectively.
Top 5 Critical Privacy Alerts
- ICE to Buy Tool that Tracks Locations of Hundreds of Millions of Phones Every Day: ICE acquired a surveillance tool updated daily with location data from millions of phones. Read more
- CommetJacking attack tricks Comet browser into stealing emails: A new attack exploits URL parameters to steal sensitive data from connected services. Read more
- ShinyHunters launches Salesforce data leak site to extort 39 victims: An extortion group leaks data stolen in Salesforce attacks. Read more
- Japanese beer giant Asahi confirms ransomware attack: A ransomware attack caused IT disruptions and factory shutdowns. Read more
- FTC Cracks Down on Messaging App Operator on Child Data Exploitation: The FTC announced legal action against Sendit for violations of consumer protection and privacy laws. Read more
Privacy Laws & Regulations
- Brazil Adopts Law Protecting Minors Online — Brazil enacted the Digital Statute of the Child and Adolescent, establishing a regulatory framework for protecting children online. Read more
Regulatory Fines & Enforcement Actions
- FTC Cracks Down on Messaging App Operator on Child Data Exploitation: The FTC announced legal action against Sendit for violations of consumer protection and privacy laws. Read more
Data Minimization & User Consent
- Gmail business users can now send encrypted emails to anyone — Google says that Gmail enterprise users can now send end-to-end encrypted emails to people who use any email service. Read more
Surveillance
- ICE to Buy Tool that Tracks Locations of Hundreds of Millions of Phones Every Day: ICE acquired a surveillance tool updated daily with location data from millions of phones. Read more
Cybersecurity
- Incoming Deadlines and Requirements for DOJ’s Data Security Program on Oct. 6, 2025: Starting Oct. 6, U.S. entities handling bulk sensitive data must implement a written data compliance program. Read more
- Japanese beer giant Asahi confirms ransomware attack: A ransomware attack caused IT disruptions and factory shutdowns. Read more
- ShinyHunters launches Salesforce data leak site to extort 39 victims: An extortion group leaks data stolen in Salesforce attacks. Read more
- CommetJacking attack tricks Comet browser into stealing emails: A new attack exploits URL parameters to steal sensitive data from connected services. Read more
- Oracle links Clop extortion attacks to July 2025 vulnerabilities: Oracle linked Clop ransomware attacks to E-Business Suite vulnerabilities patched in July 2025. Read more
- Microsoft Outlook stops displaying inline SVG images used in attacks: Outlook will no longer display risky inline SVG images used in attacks. Read more
- DrayTek warns of remote code execution bug in Vigor routers: DrayTek warned of a security vulnerability in Vigor routers allowing remote code execution. Read more
