Intelligence Report - January 2026 :

CNIL issues a record €42 Million Fine for Telecoms Operator’s Free & Free Mobile

On 13 January 2026, France’s data protection authority, the CNIL, issued two enforcement decisions against telecom operators FREE MOBILE and FREE, imposing fines of €27 million and €15 million respectively over failures to adequately safeguard subscribers’ personal data.

According to the CNIL, the sanctions were triggered by inadequate technical and organisational security measures, which left customer data exposed to unauthorized access.

Key issues cited included:
- Insufficient safeguards to prevent unauthorized access to subscriber accounts
- Delays or shortcomings in detecting and responding to data security vulnerabilities.

China starts enforcement on Maritime Satellite Communications

Chinese authorities have begun actively enforcing a long-standing ban on the use of Starlink satellite internet services by vessels operating in Chinese waters, requiring all maritime digital communications to be routed through licensed Chinese domestic gateways.
According to information obtained available to Veneto Privacy, regulators are now tightening oversight of LEO) satellite communication services, including Starlink, amid concerns over unauthorized data transmission.


In December 2025, the Maritime Safety Administration investigated a foreign-flagged vessel found to be using Starlink issued equipment, marking the first publicly reported enforcement case of its kind in China.

EU steps up push to remove Chinese suppliers from critical infrastructure

The European Union is taking steps to mandate the removal of Chinese-made equipment from critical infrastructure, including excluding companies such as Huawei and ZTE from telecommunications networks and solar energy systems.

While current measures to limit the use of high-risk vendors are voluntary, the EU’s proposed cybersecurity framework is expected to make such restrictions compulsory for member states, according to the report, which cited unnamed officials.

Larger EU members have historically resisted network swap outs. The United States blocked approvals for new telecommunications equipment from Huawei and ZTE in 2022 and has urged its European partners to follow suit.

Brightspeed U.S suffers security incident still under investigation

Brightspeed, one of the largest fiber broadband providers in the United States, is reportedly investigating a possible security incident involving the theft of data impacting more than one million customers.
Over the first weekend in January, a hacking group known as the Crimson Collective published a message on its Telegram channel claiming responsibility. The group alleges that the stolen data includes personally identifiable information such as customer names, email addresses, mailing addresses, account details tied to user or session IDs, payment histories, partial credit or debit card information.

Brightspeed has not yet verified these allegations. There is currently no reference to a data breach on the company’s website or social media accounts, and it appears that the incident is still under investigation.