OpenAI Breach, Student Privacy & EU Social Media Ban – 11/27/2025

This privacy digest highlights critical developments, including the OpenAI data breach via a vendor hack and Comcast’s $1.5M fine for a similar incident. Also covered are the EFF’s efforts to protect student privacy from school surveillance and the EU Parliament’s call for social media restrictions for minors. Stay informed on these key issues impacting data protection and digital rights.

Top 5 Critical Privacy Alerts

• OpenAI discloses API customer data breach via Mixpanel vendor hack. OpenAI is notifying ChatGPT API customers of a data breach at Mixpanel, exposing limited identifying information. Read more
• Comcast to pay $1.5M fine for vendor breach affecting 270K customers. Comcast will pay $1.5 million to settle an FCC investigation into a vendor data breach exposing nearly 275,000 customers’ data. Read more
• Multiple London councils’ IT systems disrupted by cyberattack. Several London councils, including Kensington and Westminster, experienced service disruptions due to a cybersecurity incident. Read more
• EFF to Arizona Federal Court: Protect Public School Students from Surveillance. EFF urges court to protect students’ off-campus speech, arguing school-issued devices don’t negate privacy rights. Read more
• European parliament calls for social media ban on under-16s. The European Parliament passed a resolution advocating for a ban on social media for children under 16 without parental consent. Read more

Privacy Laws & Regulations

• Helen Dixon on GDPR, SMEs, and Practical Privacy Solutions. An interview with Helen Dixon discusses GDPR’s impact on SMEs and practical privacy solutions. Read more

Regulatory Fines & Enforcement Actions

• Comcast to pay $1.5M fine for vendor breach affecting 270K customers. Comcast will pay $1.5 million to settle an FCC investigation into a vendor data breach exposing nearly 275,000 customers’ data. Read more

Data Minimization & User Consent

• OpenAI discloses API customer data breach via Mixpanel vendor hack. OpenAI is notifying ChatGPT API customers of a data breach at Mixpanel, exposing limited identifying information. Read more
• European parliament calls for social media ban on under-16s. The European Parliament passed a resolution advocating for a ban on social media for children under 16 without parental consent. Read more
• Who’s eligible for a refund from Amazon?. Amazon agreed to pay $2.5 billion to settle FTC charges of enrolling people in Prime without consent and making cancellation difficult. Read more

Cross-Border Data Transfers

• Foreign interference or opportunistic grifting: why are so many pro-Trump X accounts based in Asia?. X’s new location feature reveals many high-engagement, pro-Trump accounts originate overseas, sparking concerns about disinformation. Read more