# Data Privacy and Security Weekly Update

## Europe Strengthens AI and Data Protection Rules

The European Union is making major changes to how AI systems must work. New rules require companies to clearly mark content created by artificial intelligence, especially images, videos, and audio. Even more importantly, the EU is banning AI 'nudifier' systems—software that creates fake intimate images of real people without permission. These strict new rules show how governments worldwide are taking AI safety more seriously. The European Union is also requiring that companies get permission before using personal data to teach AI systems to reduce bias, which protects people's privacy while these systems learn.

## United States Expands Privacy Protection for Consumers

Across the United States, privacy protection is expanding at record speed. Oklahoma recently became the twentieth state to pass a comprehensive consumer data privacy law, following the example set by states like Virginia and California. This new Oklahoma law, which starts on January 1, 2027, protects people by requiring companies to be careful with their personal information. Meanwhile, the California Privacy Protection Agency is working to make privacy rules easier for people to understand and use. These updates mean average citizens have stronger protections when companies collect their data.

## Major Data Breaches Impact Millions Worldwide

Several serious cyberattacks happened this week, putting millions of people at risk. The European Commission's cloud system was hacked on March 24, 2026, exposing data from their main website Europa.eu. Threat actors claimed to have stolen over 350GB of sensitive information. In another major incident, healthcare provider CareCloud experienced a cyberattack that temporarily disrupted their patient record systems. The breach may have exposed personal health information, though the full extent is still being investigated. These incidents show that even large, powerful organizations struggle to protect digital information.

## Government and Corporate Systems Under Attack

The FBI has labeled a recent Chinese cyberattack on US government surveillance systems a 'major incident', meaning it poses serious danger to national security. Chinese hacking groups have deeply embedded themselves in American critical infrastructure including power stations, water facilities, and ports. Another Chinese group successfully breached major American phone companies and stole millions of call records, FBI wiretap data, and private communications. These attacks show that protecting sensitive government information remains extremely challenging.

## Technology Supply Chain Vulnerabilities Exposed

Cybercriminals are finding new ways to attack companies by compromising the software and tools they depend on. The Cisco company suffered a major breach when attackers used stolen passwords from a supply chain attack to break into their development systems. Hackers were able to access over 300 code repositories and steal source code for AI products and unreleased technologies. A new malware discovered this week, called LiteLLM Supply Chain Malware, enabled large-scale theft of security keys and cloud secrets, giving attackers backdoor access to developer environments and entire cloud systems. These incidents highlight why protecting the tools developers use is just as important as protecting final products.

## Privacy Laws Continue Evolving Globally

The United Kingdom is preparing for new data protection rules that take effect on June 19, 2026, under the Data (Use and Access) Act. These rules set clear standards for how organizations must handle complaints about data privacy. In Korea, a new amendment to their data protection law significantly increases penalties for companies that violate privacy rules, with fines reaching up to 10% of total business earnings for serious violations. These global changes show that companies everywhere must take data protection more seriously, or face major financial consequences. While advanced AI systems continue to develop, most privacy and security focus remains on protecting basic personal information rather than specifically addressing autonomous AI agents or agentic systems in daily use.