May 2026 kept circling around one idea: the labels we trust are thinner than they look. A hospital breach exposed fingerprints that can never be reset. A lawsuit argued that the questions you ask a chatbot about your health and money may be flowing to advertisers. The FBI read deleted Signal messages off a phone without ever breaking the encryption. And lawmakers pulled in opposite directions at once: some shrinking what privacy law even covers, others handing people simple tools to fight back. The thread running through it all is that “encrypted”, “deleted” and “anonymised” do not always mean what we assume. Here’s what happened this month:
Breaches & Security
⬇ NYC Health + Hospitals Breach Exposes Fingerprints of 1.8 Million People: A months-long break-in through an outside supplier stole medical records, ID documents, location data and biometric fingerprints, one of 2026’s biggest healthcare breaches.
⬇ ShinyHunters’ Cloud Break-In Spree Hits Canvas and 7-Eleven: The same trick of sneaking in through a poorly secured cloud account that breached the Canvas school platform also took roughly 600,000 records from 7-Eleven franchise applicants.
⬆ Encrypted Messaging Finally Crosses the Apple–Android Divide: Texts between iPhone and Android are now scrambled end-to-end by default, closing a years-old gap in everyday messaging security.
AI
⬇ OpenAI Sued for Allegedly Sending Your ChatGPT Queries to Meta and Google: A lawsuit says hidden tracking code on ChatGPT’s website leaked queries to advertisers, alongside a study showing the biggest AI assistants quietly feed chats to ad and analytics companies.
⬇ AI Can Now Find Software Flaws on Its Own: Models from Anthropic and OpenAI can now hunt down unpatched software flaws and build working attacks from them, though the same skill was used to fix 271 Firefox bugs before criminals could touch them.
⬆ UK Regulator Treats AI Attacks as a Present-Day Duty: The ICO set out seven kinds of AI-powered attack that organisations must already defend against under existing data-protection rules.
Government, Surveillance & Regulatory
⬇ FBI Reads Deleted Signal Messages from an iPhone: The encryption held, but the phone had quietly kept readable copies of incoming message previews, defeated by a storage quirk rather than a code-breaking feat.
⬇ EU Orders Google to Share Europeans’ Daily Search Behaviour – AI Chatbots Included: A new rule would push hundreds of millions of people’s search activity to rivals through a daily data feed for five years, a plan even Google says clashes with the GDPR.
⬇ EU Moves to Narrow What Counts as “Personal Data”: A proposed change to the GDPR would shrink the definition of personal data; the EU’s own privacy watchdogs warn it weakens a fundamental right.
⬇ UK King’s Speech Revives a National Digital ID: A new bill puts a central identity scheme back on the agenda, this time labelled voluntary after last year’s backlash over making it mandatory.
⬆ California Moves to Stop Apps Quietly Overriding Your Privacy Settings: A bill barring apps from undoing your privacy choices without consent passed the Assembly unanimously.
⬆ EU Watchdogs Launch a Year of Transparency Enforcement: Privacy regulators across 25 countries will spend 2026 checking whether organisations tell people clearly how their data is used.
⬆ France and Italy Crack Down on Email Tracking Pixels: Regulators ruled that the invisible “open trackers” hidden in marketing emails generally need your consent first.
NYC Health + Hospitals Breach Exposes Fingerprints of 1.8 Million People
NYC Health + Hospitals, the largest public healthcare system in the United States, confirmed that attackers stole the personal data of at least 1.8 million people. Hidden in its network from late November 2025 to February 2026, the intruders copied medical records, insurance details, ID documents including Social Security numbers, location data, and biometric fingerprints and palm prints. The system says they got in through an outside supplier it has not named. The biometrics are what make this breach stand out: a password can be changed, but a fingerprint is permanent, so no monitoring service can undo its exposure.
To limit your exposure, anyone treated by or working at NYC Health + Hospitals should watch for scam messages that quote real medical or job details, freeze their credit with the major reporting agencies, and treat any surprise “your records were affected” message as suspect until verified through an official channel.
Continue reading: Biometrics, Diagnoses and Bank Details Exposed in Major Healthcare Breach (Malwarebytes)
ShinyHunters’ Cloud Break-In Spree Hits Canvas and 7-Eleven
The hacking group ShinyHunters spent the spring running the same trick over and over: find a poorly secured cloud account, slip in through it, then demand payment to keep the stolen data quiet. In early May it hit the Canvas school platform a second time in eight months, claiming records on roughly 275 million students and staff across nearly 9,000 schools; Canvas’s owner took the service offline and reportedly agreed a deal to have the data deleted. The group also claimed more than 600,000 records from 7-Eleven franchise applicants, including Social Security numbers. Across the year it has affected 300 to 400 organisations this way, among them Rockstar, Medtronic and Zara, almost none breached at their own front door.
To reduce this risk, organisations should review every outside tool and cloud service connected to their core systems, give each one only the access it actually needs, and change the passwords and keys those connections use on a regular schedule. If you applied for a 7-Eleven franchise, take up the free identity-theft monitoring on offer and freeze your credit.
Continue reading: Technical Advisory: ShinyHunters Breach of the Canvas Platform (Bitdefender)
Encrypted Messaging Finally Crosses the Apple–Android Divide
For years, texts between iPhones and Android phones dropped back to unprotected messaging the moment they left their own ecosystems, a gap the FBI itself warned hackers were exploiting. This month that gap closed. Apple’s latest update added end-to-end encryption to the modern texting standard that Android has used for a while, so everyday chats between the two platforms are now encrypted by default. The Electronic Frontier Foundation, which had been pressing both firms, marked the win.
To take advantage of this, update both phones to the latest software, use the built-in Messages app on iPhone and Google Messages on Android, and look for the indicator showing a chat is encrypted.
Read more: Victory! Encrypted Texting Comes to Apple and Android Chats (Electronic Frontier Foundation)
OpenAI Sued for Allegedly Sending Your ChatGPT Queries to Meta and Google
A lawsuit filed in California accuses OpenAI of leaking ChatGPT users’ questions and personal details to Meta and Google through hidden tracking code on the ChatGPT website. The complaint points to the same invisible ad-tracking tools that follow people around ordinary websites, and says they passed along query topics, account details and email addresses in real time as people asked the chatbot about their health, money and other private matters. OpenAI is the only company being sued; Meta and Google are named as the firms that received the data. OpenAI did not immediately comment.
The lawsuit lands on top of a wider finding. Researchers in Spain published a study showing that all four major AI assistants (ChatGPT, Claude, Grok and Perplexity) carry trackers from companies including Meta, Google and TikTok – more than 13 in total, none clearly disclosed. In some cases the leak is the chat link itself: Grok and Perplexity were found sending links to conversations to trackers, some readable by anyone who has the link, and Grok even exposed the actual text of messages. The point both stories make is the same: a chatbot feels like a private conversation, but underneath it runs on the same tracking machinery as the rest of the web.
To protect yourself, reject non-essential cookies wherever you can (in the study, rejecting them on Claude switched off a Meta tracker), set your chats to private and turn off conversation sharing, and avoid running sensitive chatbot sessions in a browser you are logged into Facebook or Google on. Above all, treat anything you would not post in public as something not to type into a chatbot at all.
Read more: OpenAI Sued for Allegedly Disclosing Queries to Meta, Google (MediaPost)
Continue reading: Your Conversations With AI May Not Be as Private as You Think (IMDEA Networks)
AI Can Now Find Software Flaws on Its Own
Anthropic recently revealed that one of its AI models can find flaws in software and build working attacks from them with no human expert guiding it and chose not to release the model publicly. In May the picture filled in: a security test found OpenAI’s newest model roughly as capable at the same job, so this is no longer one company’s outlier. The same skill cuts both ways, which is the good news. Pointed at the Firefox browser, an AI surfaced 271 flaws in a single pass, all reported and fixed before any attacker could use them. The real danger is the gap between a flaw being found and a fix being installed, which AI is shrinking faster for attackers than most organisations can on defence.
To prepare, treat that gap as short and closing. For organisations, automatic patching of critical systems is no longer optional. For everyone else, the basics still do most of the work: install software updates the day they arrive, and switch on two-step login (a code or app prompt on top of your password) everywhere you can.
Read more: An AI Model Has Found 271 New Flaws in Firefox (Schneier on Security)
UK Regulator Treats AI Attacks as a Present-Day Duty
The UK’s data-protection regulator, the ICO, published guidance treating AI-powered attacks not as a future worry but as a current legal duty. It listed seven kinds of attacks organisations must now defend against: AI-written phishing emails, deepfake impersonation, automated scanning for weaknesses, AI-powered malware, password attacks, the corrupting of the data an AI learns from, and hidden instructions slipped into content an AI reads. The message is that the existing duty to keep personal data secure already covers these threats, so ignoring them is a compliance gap, not just a technical one.
To prepare, the ICO points to foundations that still carry most of the weight: patch promptly, require two-step login, give each tool only the access it needs, and check on your suppliers’ security. For any organisation running AI tools on sensitive data, it expects a written privacy risk assessment and specific safeguards against the AI-targeted attacks above.
Read more: Five Steps to Protect Your Organisation from AI-Powered Cyber Threats (Information Commissioner’s Office)
FBI Reads Deleted Signal Messages from an iPhone
During a US trial, an FBI agent testified that investigators recovered the contents of incoming Signal messages from a suspect’s iPhone, even though Signal had been deleted from it. The encryption was never broken. The messages survived because the phone had stored copies of the notification previews when they appeared on the lock screen, and forensic tools could read those afterwards. Only incoming messages were recovered, nothing the suspect had sent. Apple has since issued an update fixing the bug.
To protect yourself, open Signal and set notifications to hide message content (Settings, then Notifications, then “No Name or Content”), and keep your phone’s software up to date. The wider lesson applies to every secure app: encryption protects a message while it travels, but anything your phone displays or stores on the device can outlive the app itself.
Read more: FBI Extracts Deleted Signal Messages from iPhone Notification Database (Schneier on Security)
EU Orders Google to Share Europeans’ Daily Search Behaviour – AI Chatbots Included
The European Commission has set out how it wants Google to share its search data with rivals. Under the plan, Google would hand over anonymised records of what people search, which results they click and how those results rank, through an automatic daily feed kept up for at least five years. The twist is who can receive it: the Commission has said AI chatbots that answer search-style questions also qualify, so the data could flow to conversational AI providers as well as to search engines. Critics warn that pushing hundreds of millions of Europeans’ search habits to a shifting pool of outside firms every day carries a real risk that “anonymised” records could be traced back to individuals, and Google itself argues the plan clashes with the GDPR.
To stay informed, watch for the Commission’s final decision, expected around late July, and whether AI chatbots stay in scope. For now, the durable step is to favour search tools, such as Brave, that do not tie your queries to a long-term identity, and to keep sensitive searches off accounts linked to your real name.
Read more: The EU Has Told Google What It Must Do to Share Search Data With Rivals (The Next Web)
EU Moves to Narrow What Counts as “Personal Data”
The EU is weighing a package of “simplification” reforms that includes a change to the very definition of personal data in the GDPR. Instead of asking whether anyone could identify a person from a piece of data, the new wording would ask only whether the specific company holding it is likely to. Privacy groups warn the effect would be sweeping: the everyday identifiers most online tracking relies on, such as cookies, scrambled email addresses and device IDs, could fall outside the definition and so outside the protection of the GDPR altogether.
The EU’s own privacy watchdogs have pushed back hard, jointly urging lawmakers to drop the change and warning it would significantly shrink a fundamental right rather than merely tidy up the law. To engage with this, follow the negotiations over the GDPR part of the package through 2026 and support the groups making the case against the change. As an individual, the strongest move is the familiar one: hand over as little as possible, and favour services that collect little to begin with.
Read more: EU Privacy Watchdogs Raise Key Concerns Over the Reform Package (European Data Protection Supervisor)
Continue reading: EU Watchdogs Reject Many Proposed Changes to the GDPR (noyb)
UK King’s Speech Revives a National Digital ID
The King’s Speech on 13 May confirmed that the UK government will press ahead with a national digital identity scheme through a new bill, this time framed as voluntary. It is not the first attempt. Last year, plans to make digital ID compulsory for right-to-work checks were dropped after civil liberties groups pushed back. The scheme is to be built and run in-house by government teams, drawing on data from several departments. Critics are unconvinced by the “voluntary” label: the campaign group Big Brother Watch called the plans wholly un-British and warned they could become a base for mass surveillance, noting that pulling sensitive identity data into one place invites both misuse and breaches.
To stay informed, follow the bill’s passage through Parliament and the inquiry already examining the scheme’s cost and purpose. For now, you are under no obligation to sign up, and you can keep using the usual non-digital routes to public services while the design and its safeguards are still being debated.
Read more: UK to Relaunch Digital ID Scheme, King’s Speech Confirms (Cybernews)
Continue reading: UK King’s Speech Confirms Digital Access to Services Bill (ID Tech Wire)
California Moves to Stop Apps Quietly Overriding Your Privacy Settings
California’s Assembly unanimously passed a bill that would stop an app or operating system from undoing a privacy setting you have deliberately chosen, without your explicit consent. It defines a privacy setting broadly: any option in an app’s privacy menu that controls how your information is collected, used, shared or kept. The unanimous vote is itself notable, signalling rare cross-party agreement that the quiet reset of privacy choices, a common trick after software updates, should be off-limits.
To take advantage of this, Californians can follow the bill through the Senate, and everyone can build the habit of re-checking privacy settings after major app or system updates, since defaults have a way of drifting back towards more sharing.
Read more: California Bill on Privacy Settings Passes the Assembly (Troutman Privacy)
EU Watchdogs Launch a Year of Transparency Enforcement
Europe’s privacy regulators have launched a coordinated push for 2026 focused on transparency: the rules that require organisations to tell people clearly when and how their personal data is being used. Privacy authorities across 25 countries are taking part, contacting organisations in different sectors to check whether they explain their data use in plain, accessible language, and following up where they fall short. After last year’s joint action on the right to have data deleted, this turns the spotlight onto the basic right to be informed.
To take advantage of this, use it as a prompt to read the privacy notices of the services you rely on, since the campaign should push more of them to be readable, and to exercise your right to ask a company what it holds on you and why. Organisations, for their part, should expect that vague or buried privacy notices will draw attention this year.
Read more: EU Launches Coordinated Enforcement Action on Transparency for 2026 (European Data Protection Board)
France and Italy Crack Down on Email Tracking Pixels
The French and Italian privacy regulators each published guidance on tracking pixels in email: the tiny, invisible images hidden in marketing messages that quietly report back when you open an email, when, and roughly from where. Both authorities concluded that these trackers reach into your device the same way website cookies do and so generally need your consent before they can be used. France’s ruling is binding and gives senders until 14 July 2026 to comply; Italy sets out best practice with a six-month window. Together they close a long-standing grey area that lets email open-tracking run almost unchecked.
To take advantage of this, you can blunt these trackers yourself by setting your email app to block remote images by default, so pixels do not load unless you choose to show them. A privacy-focused email service that does not embed such trackers in the first place removes the problem entirely.
Read more: France’s CNIL Publishes Recommendation on Email Tracking Pixels (Inside Privacy)
Continue reading: Italy’s Garante Guidelines on Email Tracking Pixels, Compared with France (GamingTechLaw)
Recommended Reading
- Crypto-Gram, May 15, 2026 (Schneier on Security)
- Your AI Chatbot May Be Leaking Your Chats to Meta, TikTok and Google (Decrypt)
- List of Recent Data Breaches in 2026 (Bright Defense)
- Cybersecurity & Privacy News and Analysis (Law360)
- WebDAV and Google Drive: does it work? (Mailfence Blog)
- Does Proton Calendar support CalDAV? (Mailfence Blog)
That’s All for This Month’s Newsletter!
May 2026 kept circling around one idea: the labels we trust are thinner than they look. “Encrypted” did not stop deleted Signal messages from surfacing in a phone’s notification store. “Anonymised” is the word doing the heavy lifting in the EU’s plan to stream search data to third parties, and it’s the word its reform package would quietly redefine. “Private” is not what a chatbot conversation is when ad trackers are built into the page. And “voluntary” is how national digital ID schemes always begin. The encouraging counterweight came from people building real protections: cross-platform encrypted texting, a crackdown on hidden email trackers, a regulator refusing to let apps overwrite your choices, and a year-long push to make companies explain themselves plainly. The takeaway is simple: read the labels, then check what is underneath them. Thank you for reading, and we will see you in June.
Best,
Patrick
Get the latest privacy news in your inbox
Sign up to the Mailfence Newsletter.
