Key developments
California settles GM connected-car data case
California Attorney General Rob Bonta said General Motors agreed to pay $12.75 million after allegations that it sold the names, contact information, geolocation data, and driving-behavior data of hundreds of thousands of Californians to brokers including Verisk Analytics and LexisNexis Risk Solutions. Under the settlement, GM will stop selling driving data to consumer reporting agencies for five years, delete existing driving data within 180 days unless drivers explicitly allow retention, and maintain a privacy program to review collection practices and breach risk. The case centers on how connected-car telemetry can reveal where people live, work, and spend time.
Why it matters
It imposes one of the clearest recent limits on automakers' monetization of vehicle telemetry.
Sources & driving stories
MASHABLE
Mashable coverageUK seeks suppliers for biometrics platform upgrade
The UK Home Office opened market engagement for two possible procurements covering support, development, and modernization of the Strategic Central and Bureau Platform, the core system behind the Home Office Biometrics program. The notice values the work at about £296 million including VAT over up to 11 years from October 2027 and says the department may split the work into smaller lots after moving the platform to more modern technology stacks. SCBP underpins immigration and law-enforcement biometrics services, and a December 2024 assessment cited urgent obsolescence and security vulnerabilities in Ident1 modernization.
Why it matters
The procurement will shape maintenance and security of a central biometrics system used for immigration and policing.
Sources & driving stories
THE REGISTER
The Register coverageLas Vegas police scale up drone surveillance
The Las Vegas Metropolitan Police Department's Drone as First Responder Blue Sky program has expanded to 75 drones and 13 skyports across Clark County, with more than 10,000 missions last year and about 20,000 expected in 2026. Drones launched from the Fusion Watch Command Center can arrive before officers on 911 calls and stream live video back to responders. Nevada law generally bars warrantless drone flights over homes and curtilage, but Metro is treating the program as covered by an exigent-circumstances exception, drawing privacy and civil-liberties concerns over facial recognition, data retention, and protest monitoring.
Why it matters
It shows how quickly aerial surveillance can expand beyond traditional warrant protections.
Sources & driving stories
THE NEVADA INDEPENDENT · Oona Milliken
The Nevada Independent coverageWorth noting
WORTH NOTING
Canvas breach exposed student messages
Instructure said a criminal threat actor accessed names, email addresses, student ID numbers, and platform messages, and universities including Harvard, Columbia, Rutgers, and Georgetown warned users.
WORTH NOTING
Ollama flaw can leak process memory
Researchers said CVE-2026-7482 could expose environment variables, API keys, system prompts, and other users' conversation data from exposed Ollama servers, while separate Windows updater flaws could enable persistent code execution.
WORTH NOTING
Zara breach exposed 197,400 customers
Inditex said unauthorized access to former-provider databases exposed personal information for 197,400 Zara customers, and attackers later claimed a much larger archive.
Still unclear
OPEN QUESTION
What governance will cover SCBP modernization?
The Home Office is considering splitting the work across more suppliers, but access, retention, and security controls for the biometrics platform are still unresolved.
OPEN QUESTION
Will LVMPD limit drone footage use?
The program is scaling quickly, but rules on retention, facial recognition, and sharing with other agencies remain unclear.