Episode 249

11th May – 14th May 2026

Sanctions

US Targets Global Networks Supporting Iran’s Weapons and UAV Programmes

The US Department of the Treasury has imposed sanctions on 10 individuals and companies across the Middle East, Asia, and Eastern Europe for supporting Iran’s military procurement efforts, including weapons and components used in Shahed‑series unmanned aerial vehicles and ballistic missiles. The action, taken under the Economic Fury campaign, includes designations against entities linked to Iran’s Centre for Innovation and Technology Cooperation and the Islamic Revolutionary Guard Corps, as well as firms supplying aerospace‑grade materials to Iranian programmes. The State Department also designated four additional entities connected to Iran’s conventional arms activities. As a result of the sanctions, all property of the designated parties under US jurisdiction is blocked, and US persons are generally prohibited from conducting transactions with them. The Treasury Department stated that the measures aim to disrupt procurement networks and limit Iran’s ability to develop and deploy weapons systems. The State Department press release is here.

US Treasury and State Departments Expand Sanctions and Issue Alerts Targeting IRGC Oil Revenue

On 11th May 2026, the United States government announced a coordinated series of actions aimed at disrupting the financial networks of Iran’s Islamic Revolutionary Guard Corps (IRGC), specifically targeting its illicit oil operations and associated money laundering schemes. These measures include new sanctions against individuals and entities, a multi-million dollar reward for information, and a financial alert detailing the IRGC’s use of "shadow banking" and digital assets.

The Department of the Treasury’s Office of Foreign Assets Control (OFAC) designated 12 individuals and entities for their roles in enabling the IRGC’s sale and shipment of Iranian oil to the People's Republic of China. Among those designated are three senior officials from the Shahid Purja’fari Oil Headquarters, namely Ahmad Mohammadi Zadeh, Samad Fathi Salami, and Mohammadreza Ashrafi Ghehi, who are responsible for managing foreign currency and coordinating payments for oil sales.

The action also targets several front companies based in Hong Kong, Dubai, Sharjah, and Oman. These entities, including Hong Kong Blue Ocean Limited and Universal Fortune Trading LLC, reportedly arranged shipments worth tens of millions of dollars using a "shadow fleet" of sanctioned tankers. As a result of these designations, all property and interests in property of these individuals and entities within the US must be blocked and reported to OFAC.

These measures are part of the administration’s "Economic Fury" initiative which is described as a maximum pressure campaign designed to target the Iranian regime’s ability to generate and move funds. Treasury officials stated that this campaign has already disrupted billions in projected oil revenue and led to the freezing of nearly half a billion dollars in regime-linked cryptocurrency.

To bolster enforcement, the US Department of State’s Rewards for Justice programme is offering a reward of up to $15 million for information leading to the disruption of the IRGC’s financial mechanisms. Additionally, the government noted that foreign financial institutions facilitating these activities could face secondary sanctions, including restrictions on their ability to maintain correspondent accounts in the United States.

The Financial Crimes Enforcement Network (FinCEN) issued a parallel alert to help financial institutions identify funding streams supporting the IRGC. The alert details how the IRGC utilises "shadow banking" networks, which are comprised of exchange houses and front companies, to conduct transactions through the international financial system without repatriating funds to Iran.

According to FinCEN, the IRGC also relies on a "shadow fleet" of older vessels which operate outside standard maritime regulations. To hide the origin of the product, Iranian oil is often blended with oil from other countries or relabelled with forged documents. Furthermore, the IRGC has increasingly integrated digital assets, particularly stablecoins, into its financial operations due to their liquidity and ease of settlement. Financial institutions have been advised to watch for red flags, such as unusual digital asset payments from petroleum or shipping companies and efforts to disguise vessel information.

UK Imposes New Sanctions on 85 Russian Individuals and Entities Over Child Deportations and Election Interference

The UK government has announced a new package of sanctions targeting 85 Russian individuals and entities linked to the forced deportation and militarisation of Ukrainian children, as well as organisations involved in information operations and attempts to influence foreign elections. The measures, published on 11th May, form part of what ministers described as some of the toughest action taken to date against hostile Russian activity.

According to the government, 29 of the designations relate to Russia’s systematic transfer and indoctrination of Ukrainian children, including facilities involved in military‑style training and officials responsible for issuing Russian documentation to children from occupied territories. The remaining 56 targets include individuals associated with the Social Design Agency, which the UK says has been tasked by the Kremlin to run influence campaigns abroad, including efforts to shape political outcomes in Armenia. The UK also highlighted the role of ANO Dialog, an organisation it states has coordinated with Russian intelligence services on malign influence activity.

Foreign Secretary Yvette Cooper said the sanctions aim to expose and disrupt Russian operations designed to undermine democratic processes and weaken international support for Ukraine. The announcement coincided with Sanctions Minister Stephen Doughty’s visit to Brussels, where he confirmed an additional £1.2m in UK funding for initiatives to identify and trace Ukrainian children who have been removed from their communities. The government reports that more than 20,000 children have been forcibly transferred or deported since the start of the conflict, with around 6,000 sent to re‑education camps.

The UK has now sanctioned more than 3,300 individuals and entities connected to Russia’s war effort, including those involved in military supply chains and information operations. Officials said the latest measures are intended to reinforce efforts to counter malign activity and support Ukraine’s sovereignty. The press release is here, and the notice can be found here.

UK Adds 12 Individuals and Entities to Iran Sanctions List

The UK government has added 12 individuals and entities to its Iran sanctions regime following updates published on 11th May 2026. The designations, made under The Iran (Sanctions) Regulations 2023, include asset freezes, travel bans, and director disqualification measures.

According to the Foreign, Commonwealth and Development Office, the listed individuals are assessed as being involved in, or associated with, hostile activity linked to the Government of Iran. Several are suspected of threatening, planning, or conducting attacks against people or assets in the UK or other countries. Others are designated for providing financial services or support to networks alleged to facilitate destabilising activity.

The update also includes sanctions on three financial exchange entities and the Zindashti Network, which the UK states has been involved in hostile activity by an armed group backed by Iran. The designations require UK persons and firms to freeze any related assets and report holdings to the Office of Financial Sanctions Implementation.

The notice reiterates that breaching UK financial sanctions may constitute a criminal offence and provides guidance on compliance, reporting obligations, and contact points for further information.

OFSI Marks 10th Anniversary with International Conference on Evolving Sanctions Landscape

The Office of Financial Sanctions Implementation (OFSI) marked its 10th anniversary with an international conference in late April, bringing together representatives from UK government departments, industry, and international partners including the EU, US, Ukraine, Australia, Japan, Canada and the Cayman Islands. The event highlighted OFSI’s role in convening cross‑sector stakeholders and provided a platform to outline its new strategic direction while discussing shared challenges in the global sanctions environment.

In her remarks, Economic Secretary to the Treasury Lucy Rigby MP said financial sanctions help protect the integrity of the UK financial system and support national resilience, noting the increasingly complex geopolitical context and the need for sustained pressure on Russia while managing wider economic risks. Senior HM Treasury officials emphasised the central role sanctions now play in national security and the importance of strong partnerships across government and industry.

Panels throughout the day examined the evolution of the UK’s autonomous sanctions framework since leaving the EU, including the rapid expansion of measures introduced in 2022. Industry representatives described significant investment in sanctions compliance capabilities and the need for continued dialogue to manage uncertainty and overcompliance. International partners stressed that coordinated action and information‑sharing remain essential to effective implementation, particularly as evasion techniques and the use of crypto assets continue to develop.

Looking ahead, speakers highlighted the growing role of technology, including artificial intelligence and data‑driven tools, in strengthening analysis and decision‑making. They also noted the importance of maintaining human oversight as sanctions, anti‑money laundering and fraud risks become increasingly interconnected. OFSI’s new strategy, which is built around the pillars of Promote, Enable, Respond and Change, was referenced throughout discussions, with examples of how it is being applied in licensing, enforcement and system‑wide coordination.

Closing the conference, OFSI Director Giles Thomson said the effectiveness of sanctions depends on collective effort across government, industry and international partners. He noted that while the pace of change since 2022 has been significant, the UK is well positioned for the future due to strengthened capabilities and partnerships.

UK Implements Amendments to Sanctions Regulations Affecting Relevant Firms

New amendments to the UK’s sanctions framework have officially come into force, introducing notable procedural and regulatory updates for financial and commercial entities. The changes under the Sanctions (EU Exit) (Miscellaneous Amendments) Regulations 2026 aim to streamline regulatory compliance, align domestic frameworks, and modernise communication methods between firms and enforcement authorities.

Across all UK sanctions regulations, monetary reporting thresholds for high-value dealers and art market participants have transitioned from euros to pounds sterling. The previous €10,000 limit has been officially replaced by a £10,000 threshold. This adjustment aligns sanctions obligations with upcoming updates to the UK money laundering regulations, eliminating the administrative burden of reporting in two different currencies.

The legislation has been updated to remove outdated technical requirements regarding digital communications. The Office of Financial Sanctions Implementation (OFSI) and other relevant authorities are now formally authorised to issue electronic notices for licences without requiring prior consent from the recipient. This statutory update officially codifies current operational practices.

Furthermore, the regulations provide legal clarification regarding the existing exception for HM Treasury debt. The amendment explicitly states that this exception extends to all fund transfers across the entire payment chain, including intermediary entities.

The statutory instrument also broadens the scope of the prior obligations licensing ground. This update grants OFSI increased flexibility to issue licences for legitimate pre-designation obligations on a case-by-case basis, while continuing to maintain strict safeguards against the circumvention of sanctions.

To assist firms with the transition and address operational questions, official guidance has been updated. This includes revisions to FAQs 137 and 138, alongside the introduction of a newly drafted FAQ 185. Firms operating within the UK are advised to review the newly enforced regulations to ensure ongoing compliance with the updated framework.

EU Imposes Sanctions on 16 Individuals and Seven Entities Over Unlawful Transfer of Ukrainian Children

The Council of the European Union has adopted new sanctions against 16 individuals and seven entities it says are involved in the unlawful deportation, forced transfer, and ideological indoctrination of Ukrainian children during Russia’s ongoing war against Ukraine. The measures target officials, youth‑camp leaders, and organisations linked to Russian state structures which host or re‑educate minors taken from occupied Ukrainian territories. According to EU figures, nearly 20,500 children have been deported or forcibly transferred since the conflict began, actions the Council describes as violations of international law and the rights of the child. The listed individuals and entities now face asset freezes and travel bans, while EU citizens and companies are prohibited from providing them with funds or economic resources. The announcement coincided with a high‑level meeting of the International Coalition for the Return of Ukrainian Children, where the EU reiterated its call for the safe and unconditional return of all affected minors.

Fraud

Former GWG Holdings Chairman Convicted in $150 Million Fraud Scheme

A federal jury has convicted Bradley Heppner, former chairman of GWG Holdings, Inc, of securities fraud, wire fraud, conspiracy, and making false statements to auditors in connection with what prosecutors described as a multi‑year scheme to divert more than $150 million from the publicly traded company. The verdict followed a three‑week trial in the Southern District of New York, where evidence showed that between 2018 and 2021 Heppner used a shell entity he controlled to fabricate a $141 million debt and direct GWG funds for his personal benefit. According to the US Attorney’s Office, Heppner misrepresented the ownership of the shell company to GWG’s board, and funds transferred under the guise of repaying the debt ultimately flowed into his personal accounts. Prosecutors said Heppner used the proceeds for personal expenses, including home renovations, private jet travel, and jewellery. The jury also heard that Heppner created backdated documents and falsified board minutes to mislead auditors and the US Securities and Exchange Commission. Heppner, 60, is scheduled to be sentenced on 7th October 2026 and faces statutory maximum penalties of up to 20 years in prison on each securities fraud, wire fraud, and false‑statement count, and up to five years on the conspiracy charge.

Ringleader Sentenced to 12.5 Years for $27 Million Fraud and Money Laundering Scheme Targeting Seniors

A Chinese national has been sentenced to more than 12 years in federal prison for leading a multinational fraud and money‑laundering scheme which targeted approximately 2,000 elderly victims across the United States, according to the US Attorney’s Office for the Southern District of California. Zhao Wang, also known as “Oscar,” received a 151‑month sentence after admitting his role in a network which operated technical‑support, bank‑impersonation, government‑impersonation, and refund scams between 2021 and 2023. Prosecutors said victims were contacted through unsolicited calls, emails, and pop‑up messages and were directed to call India‑based scam centres, where conspirators used remote‑access software and social‑engineering tactics to obtain money. According to court documents, victims were falsely told they had been over‑refunded and were instructed to send cash or wire transfers, which Wang and co‑conspirators collected using fake identities. Investigators identified more than $27 million in losses. Wang also admitted laundering proceeds through cryptocurrency and retaining a portion of the funds. The case was investigated by the FBI and multiple federal, state, and local agencies.

Former Healthcare CEO Sentenced to Five Years for Role in $212 Million Investment Fraud Scheme

The former chief executive officer of a publicly traded healthcare services company has been sentenced to five years in federal prison for his role in a scheme which defrauded investors in connection with a $212 million transaction, according to the US Attorney’s Office for the District of New Jersey. Parmjit “Paul” Parmar, 55, pleaded guilty in May 2025 to conspiracy to commit securities fraud and was sentenced on 5th May 2026 to 60 months’ imprisonment, three years of supervised release, and more than $125 million in restitution.

Court documents state that between 2015 and 2017, Parmar and two co‑conspirators used falsified financial information to inflate the value of the company as they sought funding to take it private. Prosecutors said the group misrepresented the performance of subsidiary entities, some of which did not exist or generated far less income than claimed, and diverted proceeds from secondary offerings into accounts they controlled. According to the government, the conspirators created fictitious customers, altered bank statements, and fabricated records to present a misleading picture of revenue and operations.

The scheme led investors to value the company at more than $300 million for financing purposes. It collapsed in 2017 when Parmar and others resigned or were removed from their roles, and the company filed for bankruptcy the following year, attributing its failure in part to the fraud. The investigation was conducted by the FBI, with the case prosecuted by the US Attorney’s Office in Newark.

Justice Department Highlights Nearly $1 Billion in Fraud Through Nationwide Enforcement Actions

The US Department of Justice’s National Fraud Enforcement Division has announced a series of recent enforcement actions across the country involving almost $1 billion in alleged and proven fraud, according to a press release from the Office of Public Affairs. The update outlines cases involving benefits fraud, health care fraud, government programme fraud, tax offences, and financial schemes, with multiple defendants sentenced or pleading guilty in federal courts.

According to the department, recent actions include sentences of 151 months and 36 months for two individuals involved in submitting more than $522 million in fraudulent claims for medically unnecessary genetic tests. Other cases highlighted include a 144‑month sentence in Pennsylvania for a $59 million public‑benefits fraud scheme, guilty pleas in student loan and COVID relief fraud cases, and a 16‑year sentence for a former NFL player convicted in a $197 million Medicare fraud conspiracy.

Additional matters include prosecutions related to stolen US Treasury cheques, fraudulent tax filings, misuse of COVID‑19 relief programmes, and schemes involving stolen tax refund cheques. The department said these actions reflect the Fraud Division’s mandate to investigate and prosecute fraud affecting federal programmes and taxpayers, following its establishment in April as part of a broader government effort to address fraud, waste, and abuse.

Justice Department Launches Compensation Process for Victims of AirBit Club Fraud Scheme

The US Department of Justice has initiated a remission compensation process for victims of AirBit Club, a purported virtual‑currency investment programme which prosecutors determined was a pyramid scheme, according to a departmental announcement. AirBit Club promoters falsely claimed that membership fees generated guaranteed daily returns through cryptocurrency mining and trading, while no such activity occurred. Five individuals, including co‑founders Pablo Renato Rodriguez and Gutemberg Dos Santos, were charged in 2020 and later sentenced, with courts ordering the forfeiture of substantial assets. More than $400 million in forfeited funds are now available for eligible victims, who will be contacted by the remission administrator, RCB Fund Services, to submit petitions. The Justice Department emphasised that neither it nor the administrator will request payment from victims and urged caution regarding impersonation or recovery‑fraud scams.

Two Men Indicted in Miami for Alleged $13 Million Cryptocurrency Fraud and Money Laundering Scheme

A federal grand jury in the Southern District of Florida has indicted two men for their alleged roles in a cryptocurrency fraud and money‑laundering scheme which investigators say caused more than $13 million in losses.

According to court documents, Trenton Richard David Johnston, a 19‑year‑old Canadian national who had overstayed his visa, is accused of operating a sophisticated scheme from the Miami area. Prosecutors allege that Johnston and unnamed co‑conspirators impersonated support representatives from a major search engine and cryptocurrency‑related companies to gain unauthorised access to victims’ digital accounts and wallets. Once inside, they allegedly transferred cryptocurrency for their own benefit. Investigators estimate losses exceed $13 million, with additional victims still being identified.

The indictment also charges 28‑year‑old Brandon Michael Tardibone of Miami with knowingly harbouring Johnston while he was unlawfully in the United States, allegedly providing lodging at a luxury residence to help him evade immigration authorities. Both men are further accused of laundering proceeds through financial transactions designed to conceal the source of the funds. Prosecutors say more than $1 million in illicit proceeds was spent on luxury vehicles, high‑end jewellery and entertainment.

Johnston faces up to 20 years in prison on conspiracy counts related to wire fraud and money laundering. Tardibone faces up to 20 years for money‑laundering conspiracy and up to 10 years for harbouring an undocumented individual.

The case is being investigated by Homeland Security Investigations Miami, with support from several federal agencies. Prosecutors emphasised that the indictment is an allegation and that both defendants are presumed innocent unless proven guilty in court.

Money Laundering

FCA Sends Convicted Money Launderer Back to Prison After Failing to Repay Confiscation Order

A convicted money launderer has been returned to prison after failing to repay the full amount owed under a court‑ordered confiscation ruling, according to the Financial Conduct Authority (FCA). Richard Faithfull, 36, who was jailed in 2021 for laundering £2.5 million as part of a transnational organised crime group, has been handed an additional 499 days’ imprisonment after paying only £349,214 of the £529,961 he was ordered to return. The FCA said Faithfull’s actions enabled millions to be stolen from victims of boiler‑room investment frauds, with a judge previously describing the offending as “serious” and the funds as being “slaughtered” rather than invested. The new sentence was activated at a City of London Magistrates’ Court hearing on 8th May, despite Faithfull having been released from custody in June 2025. He remains liable for the outstanding balance, which continues to accrue daily interest, and any recovered funds will be used to compensate victims.

FINMA Opens Consultation on Targeted Revision of Anti‑Money Laundering Ordinance

The Swiss Financial Market Supervisory Authority (FINMA) has launched a consultation on proposed amendments to its Anti‑Money Laundering Ordinance (AMLO‑FINMA), with feedback invited until 9th June 2026. The revision aims to align the ordinance with recent changes to Switzerland’s Anti‑Money Laundering Act, incorporate recommendations from the Financial Action Task Force, and formalise elements of current supervisory practice.

The draft updates clarify expectations for financial intermediaries, including a requirement fully to understand customer ownership and control structures. The proposal also expands guidance on preventing breaches of coercive measures under the Embargo Act. In correspondent banking, the revisions specify that payments via transitory accounts may only be executed if client information can be provided upon request to meet due‑diligence obligations. Additionally, intermediaries would be required to obtain a beneficial‑owner declaration when contracting parties maintain sub‑accounts for individual clients.

FINMA has published accompanying documents and key points to support stakeholders participating in the consultation process.

Bribery and Corruption

ICAC to Open Public Inquiry into Alleged Misconduct at City of Parramatta Council

The NSW Independent Commission Against Corruption (ICAC) started its public inquiry on 11th May 2026 to examine allegations that senior figures at the City of Parramatta Council, including former Chief Executive Officer Gail Connolly and employees Angela Jones‑Blayney and Roxanne Thornton, engaged in serious misconduct. The investigation, known as Operation Navarra, is probing claims that since April 2023 council officials subverted proper processes, misused internal systems and information, and conducted targeted electronic surveillance of staff and a councillor for personal advantage, to benefit associates, or as reprisal. ICAC is also examining whether recruitment and promotion processes were manipulated to favour friends and associates, and whether public trust was breached through the misuse of public funds and disclosure of confidential information. The inquiry, presided over by Chief Commissioner the Hon John Hatzistergos AM and assisted by counsel Joanna Davidson SC and Claire Palmer, is expected to run for four weeks, with proceedings open to the public and available via livestream.

Other Financial Crime

UK, France and Switzerland Convene International Conference to Strengthen Cooperation on Economic Crime

The Serious Fraud Office has hosted an International Economic Crime Conference in London, bringing together more than 100 investigators and prosecutors from the UK, France and Switzerland to discuss cross‑border financial crime, according to the UK government. The two‑day event, held at Drapers’ Hall, formed part of a joint taskforce established last year by the SFO, France’s Parquet National Financier and Switzerland’s Office of the Attorney General.

The conference opened with remarks from Baroness Margaret Hodge, the UK’s Anti‑Corruption Champion, who highlighted the impact of economic crime and the importance of international cooperation. Sessions covered topics including case detection, information sharing, corporate prosecutions, asset recovery and the role of cryptocurrency in financial crime.

On the second day, Joe Powell MP, Chair of the All‑Party Parliamentary Group on Anti‑Corruption and Responsible Tax, addressed attendees, highlighting parliamentary support for efforts to combat economic crime. According to the SFO, the conference aimed to strengthen operational partnerships and improve coordination in tackling increasingly complex cross‑border financial offences.

FCA Reports Rise in Whistleblowing Disclosures in First Quarter of 2026

The Financial Conduct Authority (FCA) received 355 new whistleblowing reports between January and March 2026, an increase from 281 during the same period in 2025, according to its latest quarterly data. The regulator said most disclosures were submitted through its online reporting form, and the majority included contact details which allowed follow‑up engagement. The 355 reports contained 906 allegations, and the FCA closed 265 cases during the quarter, taking significant action in 23 instances and harm‑reduction measures in 80. Over half of the closed reports informed the FCA’s wider supervisory work without requiring direct intervention. The FCA also highlighted its participation in an International Organisation of Securities Commissions roundtable, where it shared approaches to whistleblower protection and programme design.

FCA Bans and Fines Adviser £755,000 for Misconduct in Pension Transfer Advice

The Financial Conduct Authority has banned financial adviser Frank Breuer from working in the UK financial services sector and imposed a £755,000 penalty after finding he repeatedly acted without integrity in relation to defined benefit pension transfer advice.

Breuer, joint owner and sole director of Bluesky Wealth Management Limited, continued to advise on defined benefit pension transfers despite the firm lacking appropriate professional indemnity insurance from April 2019. According to the FCA, he completed at least 16 transfers while uninsured, exposing customers to the risk of being unable to claim compensation if the advice proved unsuitable.

The regulator found that Breuer repeatedly misled it about the firm’s insurance position and ignored restrictions imposed in 2019 to protect customers and company assets. During this period, he extracted significant funds from Bluesky through dividends, personal loans, and transfers to connected accounts.

By 2022, the Financial Ombudsman Service had begun upholding complaints about Bluesky’s defined benefit transfer advice, and in April 2023 Breuer placed the firm into insolvency, leaving at least £214,772 in liabilities to be met by the Financial Services Compensation Scheme.

Therese Chambers, the FCA’s joint executive director of enforcement and market oversight, said Breuer had “sought to evade paying compensation due to customers” and was “not fit to work in financial services.”

Affected customers are encouraged to check their eligibility for compensation through the FSCS. The Final Notice is here.

FRC Sanctions Former Carillion Finance Directors and Senior Accountants for Reckless Misconduct

The Financial Reporting Council (FRC) has issued sanctions against five former senior finance professionals at Carillion plc after concluding they acted recklessly and failed to meet required standards of integrity in preparing the company’s financial information ahead of its collapse in 2018.

Former Group Finance Director Richard Adam and his successor, Zafar Khan, admitted misconduct relating to several areas of Carillion’s business, including major UK construction contracts, specific transactions and a supply chain finance facility. Their actions were found to have contributed to materially inaccurate financial reporting between 2013 and 2017.

Three additional former senior accountants also admitted misconduct. The FRC chose not to name them, citing exceptional confidential circumstances, but confirmed that each had acted recklessly and failed to uphold expected professional standards.

Sanctions include exclusions from their professional bodies ranging from two to 15 years, severe reprimands and financial penalties. Adam’s fine was reduced to £222,019 and Khan’s to £60,228 to reflect related penalties previously imposed by the Financial Conduct Authority, as well as settlement discounts.

The FRC said the penalties reflect the seriousness of the failures, noting the wide‑ranging consequences of inaccurate financial reporting for investors, suppliers, employees and public bodies. The regulator added that the conclusion of these cases marks the end of its investigations arising from Carillion’s liquidation.

Cybercrime

ICO Fines South Staffordshire Water Companies £963,900 Over Prolonged Cyber Attack and Data Breach

The Information Commissioner’s Office (ICO) has fined South Staffordshire plc and South Staffordshire Water plc a combined £963,900 following a major cyber-attack which compromised the personal data of 633,887 customers and employees. The breach, traced back to an initial phishing email in September 2020, went undetected for nearly two years before being discovered in July 2022.

According to the ICO, the attacker gained access after a staff member opened a malicious email attachment, enabling malware to remain inside the company’s systems for 20 months. In May 2022, the intruder escalated privileges to a domain administrator level and later attempted to distribute a ransom note. Between August and November 2022, more than four terabytes of stolen data were published on the dark web.

The compromised information included names, addresses, dates of birth, contact details, and, for some customers, bank account numbers and online account credentials. Employee data such as National Insurance numbers was also exposed.

The ICO found that South Staffordshire had failed to implement adequate security measures, citing limited monitoring, which covered only 5% of the IT environment, use of outdated software, and insufficient vulnerability management. The regulator emphasised that water companies, as critical national infrastructure, must maintain robust data protection standards.

South Staffordshire made an early admission of liability and cooperated with the investigation, leading to a 40% reduction in the final penalty. The ICO said the case highlights the need for organisations to strengthen cyber resilience, ensure effective monitoring, and retire unsupported systems.

Instructure Says Stolen Canvas Data Returned After Breach, but Security Concerns Persist

The education technology company Instructure reports it has reached an agreement with the hackers behind a major breach of its Canvas learning platform, stating the stolen data, which potentially affected up to 275 million students across 9,000 institutions, has been returned and “digitally confirmed” as destroyed. The firm has not said whether a ransom was paid to the group claiming responsibility, ShinyHunters, and experts caution there is no guarantee the data will not resurface. Instructure detailed two instances of unauthorised access in late April and early May, prompting temporary shutdowns and security reviews, and many Australian institutions remain cautious as they restore access. Authorities warn students and staff of an elevated risk of scams following the incident, while investigations and security enhancements continue.

Google Threat Intelligence Warns of Rapid Expansion in AI‑Enabled Cyber Operations

A recently published blog post from Google’s Threat Intelligence Group reports a marked escalation in the use of artificial intelligence by both state‑sponsored and criminal threat actors, highlighting AI’s growing role in vulnerability discovery, malware development and large‑scale operational support.

According to the post, Google analysts have observed adversaries moving from early experimentation with generative models to industrial‑scale integration of AI across the attack lifecycle. This includes the first documented case of a zero‑day exploit believed to have been developed with AI, as well as increased interest from groups linked to China and North Korea in using AI to accelerate vulnerability research.

The report also details the emergence of AI‑enabled malware capable of autonomous decision‑making. One example, PROMPTSPY, uses a large language model to interpret device states and generate commands dynamically, allowing it to navigate user interfaces, maintain persistence and evade detection without direct operator input.

Google notes that threat actors are also leveraging AI to enhance social engineering, reconnaissance and information operations, including the creation of synthetic media and deepfake‑based influence content. At the same time, attackers are targeting AI systems themselves, exploiting weaknesses in software dependencies, agent frameworks and supply‑chain components which support AI deployments.

The blog post emphasises that while AI is enabling more sophisticated attacks, it is also strengthening defensive capabilities. Google highlights its use of AI‑driven agents to identify and remediate software vulnerabilities and its ongoing work with industry partners to develop standards for secure AI development and deployment.