Third-party breach, 38M impacted, European e-commerce sector.
ManoMano disclosed unauthorized access linked to a subcontracted customer support provider. Exposed data reportedly includes PII and support communications.
Authorities notified: CNIL, ANSSI.
Passwords not reportedly accessed.
Subcontractor access revoked.

Key risk vectors:
– SaaS support platforms
– Vendor access governance
– Over-retention of ticketing data
– Centralized customer communication logs
– Supply chain attack surface expansion

This case reinforces that vendor monitoring must go beyond contractual clauses — continuous assessment, least privilege enforcement, data minimization strategies.

How mature is your third-party risk telemetry?
Engage below.

Source: https://www.bleepingcomputer.com/news/security/european-dyi-chain-manomano-data-breach-impacts-38-million-customers/

Follow @technadu for high-signal infosec reporting.

Repost to amplify awareness across the security community.

#Infosec #ThirdPartyRisk #VendorSecurity #SupplyChainSecurity #DataBreach #GDPRCompliance #EcommerceSecurity #CyberRiskManagement #SecurityOperations #GRC

Sector alert: European football club targeted.

Olympique de Marseille confirmed an attempted cyberattack following alleged data leak claims involving:
• ~400,000 supporter records
• 2,050+ Drupal CMS accounts
• E-commerce and membership-related data
No confirmed compromise of banking credentials, investigation ongoing, incident reported to CNIL.
Attack surface observations:
– CMS exposure risk
– High-value fan PII aggregation
– Merchandising platforms as entry vectors
– Sector-wide vulnerability patterns (preceded by FFF breach)
Sports organizations increasingly mirror enterprise-scale digital infrastructures - yet often lack comparable security maturity.

What baseline controls should leagues enforce - MFA mandates, zero trust architecture, CMS hardening standards?

Source: https://www.bleepingcomputer.com/news/security/olympique-marseille-football-club-confirms-cyberattack-after-data-leak/

Engage in the comments.
Follow TechNadu for high-signal infosec coverage.

Repost to amplify sector awareness.

#Infosec #DrupalSecurity #DataBreach #SportsSecurity #ThreatIntelligence #CyberRisk #GDPRCompliance #SecurityOperations #DigitalForensics #CyberDefense

Ai có kinh nghiệm về quy định GDPR nghiêm ngặt? Bài học kinh nghiệm và cách tổ chức để tránh gặp rắc rối?FINE nặng, mọi lời khuyên đều được hoan nghênh #GDPR #quy định bảo mật #luật bảo vệ dữ liệu #DữLiệuCáNhân # dataprotection #GDPRcompliance #bảo mật thông tin

https://www.reddit.com/r/SideProject/comments/1pu52gs/anyone_with_gdpr_experience/

Complaints filed in Europe allege cross-app data tracking involving sensitive personal data categories protected under GDPR, raising questions about consent, transparency, and third-party data brokers.

While no regulatory findings have been issued yet, the case highlights ongoing challenges in enforcing privacy-by-design principles across complex app ecosystems.

How should organizations better operationalize GDPR transparency and data access rights?

Share your insights and follow TechNadu for responsible InfoSec and privacy reporting.

#InfoSec #PrivacyEngineering #GDPRCompliance #DataGovernance #AdTech #UserConsent #TechNadu

Ra mắt truy cập sớm cho dự án SaaS đầu tiên về công cụ phân tích dự án cho GDPR, EU AI Act và Data Act. Công cụ này giúp phát hiện các vấn đề tuân thủ và chỉ ra các điều khoản pháp lý cụ thể. #TuânThủ # GDPR #SaaS #DựÁnMới #Compliance #NewProject #SaasProject #GDPRcompliance #CongCụMới #PhânTíchDựÁn

https://www.reddit.com/r/SideProject/comments/1p1a0gc/i_just_launched_early_access_for_my_first_saas/

Here is the Seventh Article on the AI Website Builder Series:

AI Website Builders: 10Web AI Website Builder Part 7

10Web's AI Website Builder tailored for UK business owners. The article emphasises:

#AIWebsiteBuilder #10Web #WordPressAI #UKWebDesign #GDPRCompliance #UKDataCentre #AIWebDesign #WordPressSEO #UKBusinessWebsite #AIWebDevelopment #DataCompliance #LondonHosting #UKWebsiteBuilder #AIinWebDesign #WordPressHosting #10WebReview #UKWebHosting #AIPoweredWebsites

https://hertfordshirewebdesign.com/ai-website-builders-10web-ai-website-builder-part-7/

Cyber Cops offers comprehensive GDPR compliance audit services to help organizations assess data protection practices, identify compliance gaps, and ensure adherence to EU privacy regulations.

Our experts conduct detailed audits, provide actionable insights, and assist in maintaining full GDPR readiness to safeguard customer data and avoid costly penalties.

#GDPRCompliance #CyberSecurity #DataProtection #CyberCops #PrivacyMatters #ComplianceAudit

Visit Here: https://cybercops.com/compliance/gdpr-compliance

You probably forgot about GDPR. It was a huge deal when it was introduced, but chances are you've forgotten about it. Here's what you need to know in 2025.

#GDPR #GDPRCompliance #AI #cloud #Cybersecurity #datasecurity #SoftwareSecurity

https://medium.com/@heyjoshlee/gdpr-in-2025-why-it-still-matters-and-how-to-stay-updated-7503469b8642

Only 30 days left before Microsoft pulls the plug on Exchange 2016/19 support. Are you ready to fend off cyber threats and compliance nightmares, or will your business face a costly wake-up call?

https://thedefendopsdiaries.com/navigating-the-end-of-support-for-microsoft-exchange-2016-and-2019/

#microsoftexchange
#cybersecurity
#dataprotection
#gdprcompliance
#softwareupgrade