Third-party breach, 38M impacted, European e-commerce sector.
ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
Authorities notified: CNIL, ANSSI.
Passwords not reportedly accessed.
Subcontractor access revoked.

Key risk vectors:
– SaaS support platforms
– Vendor access governance
– Over-retention of ticketing data
– Centralized customer communication logs
– Supply chain attack surface expansion

This case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.

How mature is your third-party risk telemetry?
Engage below.

Source: https://www.bleepingcomputer.com/news/security/european-dyi-chain-manomano-data-breach-impacts-38-million-customers/

Follow @technadu for high-signal infosec reporting.

Repost to amplify awareness across the security community.

#Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC

Sector alert: European football club targeted.

Olympique de Marseille confirmed an attempted cyberattack following alleged data leak claims involving:
• ~400,000 supporter records
• 2,050+ Drupal CMS accounts
• E-commerce and membership-related data
No confirmed compromise of banking credentials, investigation ongoing, incident reported to CNIL.
Attack surface observations:
– CMS exposure risk
– High-value fan PII aggregation
– Merchandising platforms as entry vectors
– Sector-wide vulnerability patterns (preceded by FFF breach)
Sports organizations increasingly mirror enterprise-scale digital infrastructures - yet often lack comparable security maturity.

What baseline controls should leagues enforce - MFA mandates, zero trust architecture, CMS hardening standards?

Source: https://www.bleepingcomputer.com/news/security/olympique-marseille-football-club-confirms-cyberattack-after-data-leak/

Engage in the comments.
Follow TechNadu for high-signal infosec coverage.

Repost to amplify sector awareness.

#Infosec #DrupalSecurity #DataBreach #SportsSecurity #ThreatIntelligence #CyberRisk #GDPRCompliance #SecurityOperations #DigitalForensics #CyberDefense

Ai có kinh nghiệm về quy định GDPR nghiêm ngặt? Bài học kinh nghiệm và cách tổ chức để tránh gặp rắc rối?FINE nặng, mọi lời khuyên đều được hoan nghênh #GDPR #quy định bảo mật #luật bảo vệ dữ liệu #DữLiệuCáNhân # dataprotection #GDPRcompliance #bảo mật thông tin

https://www.reddit.com/r/SideProject/comments/1pu52gs/anyone_with_gdpr_experience/

Complaints filed in Europe allege cross-app data tracking involving sensitive personal data categories protected under GDPR, raising questions about consent, transparency, and third-party data brokers.

While no regulatory findings have been issued yet, the case highlights ongoing challenges in enforcing privacy-by-design principles across complex app ecosystems.

How should organizations better operationalize GDPR transparency and data access rights?

Share your insights and follow TechNadu for responsible InfoSec and privacy reporting.

#InfoSec #PrivacyEngineering #GDPRCompliance #DataGovernance #AdTech #UserConsent #TechNadu

Ra mắt truy cập sớm cho dự án SaaS đầu tiên về công cụ phân tích dự án cho GDPR, EU AI Act và Data Act. Công cụ này giúp phát hiện các vấn đề tuân thủ và chỉ ra các điều khoản pháp lý cụ thể. #TuânThủ # GDPR #SaaS #DựÁnMới #Compliance #NewProject #SaasProject #GDPRcompliance #CongCụMới #PhânTíchDựÁn

https://www.reddit.com/r/SideProject/comments/1p1a0gc/i_just_launched_early_access_for_my_first_saas/

Here is the Seventh Article on the AI Website Builder Series:

AI Website Builders: 10Web AI Website Builder Part 7

10Web's AI Website Builder tailored for UK business owners. The article emphasises:

#AIWebsiteBuilder #10Web #WordPressAI #UKWebDesign #GDPRCompliance #UKDataCentre #AIWebDesign #WordPressSEO #UKBusinessWebsite #AIWebDevelopment #DataCompliance #LondonHosting #UKWebsiteBuilder #AIinWebDesign #WordPressHosting #10WebReview #UKWebHosting #AIPoweredWebsites

https://hertfordshirewebdesign.com/ai-website-builders-10web-ai-website-builder-part-7/

You probably forgot about GDPR. It was a huge deal when it was introduced, but chances are you've forgotten about it. Here's what you need to know in 2025.

#GDPR #GDPRCompliance #AI #cloud #Cybersecurity #datasecurity #SoftwareSecurity

https://medium.com/@heyjoshlee/gdpr-in-2025-why-it-still-matters-and-how-to-stay-updated-7503469b8642

Only 30 days left before Microsoft pulls the plug on Exchange 2016/19 support. Are you ready to fend off cyber threats and compliance nightmares, or will your business face a costly wake-up call?

https://thedefendopsdiaries.com/navigating-the-end-of-support-for-microsoft-exchange-2016-and-2019/

#microsoftexchange
#cybersecurity
#dataprotection
#gdprcompliance
#softwareupgrade

https://youtu.be/As4z5i1YwdM

🎙️ SOMETHING LEGENDARY IS COMING 🎙️

I'm absolutely BUZZING to announce a new hashtag#podcast that I believe is not just needed—it's going to be very special.

Yes, we may look a bit vintage (just like good radio should), but I promise you the topics will be very present, modern, and futuristic. You can bet on this.

📡 ITSPmagazine Europe: The Transatlantic Broadcast 📡
Where #cybersecurity #technology, and #society meet — across borders and perspectives.

Your Hosts:
🎙️ Marco Ciappelli (Florence/Los Angeles) - Political Science, Sociology of Communication
🎙️ Sean Martin, CISSP (New York City) - Cybersecurity Analysis & Editorial Leadership
🎙️ Rob Black (London) - UK Cyber Citizen 2024, International Relations

Our Pilot Episode:
Broadcasting from Los Angeles and UK, Rob and I get the waves up in the air!

The Transatlantic Broadcast is the flagship podcast of ITSPmagazine Europe — a new editorial initiative dedicated to cybersecurity, technology, and society through a distinctly European lens.

Recorded between Florence, London, Los Angeles, NYC and beyond — the show explores the stories, policies, and people shaping digital life across Europe. With our rotating host format and guests from academia, public policy, private sector, and civil society, we highlight European perspectives while drawing occasional comparisons to developments in the U.S. and beyond.

What we're exploring in this pilot:
The Birth of a Transatlantic Conversation
European Approaches to Digital Transformation
The Sociological Lens We're Missing
Building Bridges, Not Walls
Cross-Border Collaboration for a Global Digital Future

This isn't just another hashtag#tech podcast. We're creating space for European voices to explain their approaches in their own terms—not as responses to American innovation, but as distinct philosophical and practical approaches to technology's role in democratic society.

Enjoy the teaser below and watch the full pilot episode

Here youtu.be/As4z5i1YwdM

Who's ready to join this transatlantic conversation?

#EuropeanCybersecurity #TransatlanticTechnology #DigitalSovereignty #EUTechPolicy #EuropeanDigitalRights #GDPRCompliance #EuropeanInnovation #CybersecurityWorkforce #TechRegulation #DigitalTransformation #EuropeanVsAmericanCybersecurity #TransatlanticTechCooperation #UKCyberCitizen2024 #EuropeanAIRegulation #CybersecurityLeadership #infosec #infosecurity