Key developments
Ofcom opens Telegram and chat-site probes
UK regulator Ofcom opened Online Safety Act investigations into Telegram over whether it is meeting illegal-content duties, including steps to stop child sexual abuse material from being shared. Ofcom said it relied on evidence from the Canadian Centre for Child Protection and its own assessment before launching the probe. It also opened formal investigations into Teen Chat and Chat Avenue over grooming risks, and is separately probing X over Grok-generated nonconsensual sexually explicit material.
Why it matters
It is a major UK enforcement step that could lead to fines or service-blocking orders against privacy-sensitive platforms.
Sources & driving stories
BLEEPINGCOMPUTER · Sergiu Gatlan
BleepingComputer coverageVercel breach traced to third-party AI app
Vercel said unauthorized access to internal systems began with a compromise of an external AI-based application used by an employee and then moved through a corporate Google Workspace account. Coverage from CX Today, Cybersecurity Insiders, and Escudo Digital said attackers reached some environments and configurations; Vercel said sensitive environment variables were encrypted and it had no current evidence of customer personal data or credentials exposure. The company is working with Mandiant and other vendors and told customers to review logs, rotate credentials, and inspect deployments.
Why it matters
The incident highlights how employee-used AI tools and workspace permissions can become a privacy and supply-chain risk.
Sources & driving stories
CX TODAY · Nicole Willing
CX Today coverageCYBERSECURITY INSIDERS · Naveen Goud
Cybersecurity Insiders coverageESCUDO DIGITAL · Sergio Delgado Martorell
Escudo Digital coverageRestaurant Management Company discloses 120,426-person breach
Restaurant Management Company of Wichita disclosed a breach affecting about 120,426 people nationwide, including 26 Maine residents and 20 New Hampshire residents. According to reporting, unauthorized third-party access ran from Oct. 4 to Oct. 13, 2025 and was detected on Oct. 13; outside investigators and file-review vendors later identified affected individuals and data categories. Exposed information may include names, mailing addresses, dates of birth, financial account information, health insurance information, and Social Security numbers.
Why it matters
The disclosure involves a large consumer base and highly sensitive identity data, raising fraud and notification risks.
Sources & driving stories
CLAIM DEPOT
Claim Depot coverageWorth noting
WORTH NOTING
Georgia Heritage CU breach disclosed
The credit union said a ransomware-related incident affected 43,077 people, adding another fresh financial-sector privacy disclosure.
WORTH NOTING
Comcast settlement claims now open
More than 31 million customers can seek compensation from the $117.5 million settlement tied to the 2023 Citrix Bleed breach.
WORTH NOTING
Providence HIE sharing incident disclosed
Providence says unauthorized HIE sharing through Health Gorilla and Epic may have exposed clinical and insurance data even though its own records were not hacked.
Still unclear
OPEN QUESTION
How much data did Vercel attackers reach?
The privacy impact depends on whether the intruders only saw internal configs or also customer data and credentials.
OPEN QUESTION
Will Ofcom escalate to service blocks?
The probe will test how aggressively the regulator uses fines and access-restriction powers against Telegram and similar platforms.