More than 5 million people in the UK could be entitled to compensation from Google if a class action against the internet giant for allegedly harvesting personal data is successful.

A group led by the former executive director of consumer body Which?, Richard Lloyd, and advised by City law firm Mischon de Reya claims Google unlawfully collected personal information by bypassing the default privacy settings on the iPhone between June 2011 and February 2012. They have launched a legal action with the aim of securing compensation for those affected. The group says that approximately 5.4 million people in Britain used the iPhone.

Britain said on Friday it believed North Korea was behind the “WannaCry” cyber attack in May that disrupted businesses and government services worldwide, including the National Health Service (NHS) in England.

Security Minister Ben Wallace said Britain believed “quite strongly” that the ransomware attack came from a foreign state. "North Korea was the state that we believe was involved in this worldwide attack on our systems," he told BBC radio. “We can be as sure as possible - I can’t obviously go into the detailed intelligence but it is widely believed in the community and across a number of countries that North Korea had taken this role.” 

Privacy rights group Privacy International says it has obtained evidence for the first time that UK spy agencies are collecting social media information on potentially millions of people.

It has also obtained letters it says show the intelligence agencies’ oversight body had not been informed that UK intelligence agencies had shared bulk databases of personal data with foreign governments, law enforcement and industry — raising concerns about effective oversight of the mass surveillance programs. The documents have come out as a result of an ongoing legal challenge PI has brought against UK intelligence agencies’ use of bulk personal data collection. 

Transport for London plans to make £322m by collecting Tube users' location data and potentially selling it to third parties. At the end of 2016, TfL ran a pilot which tracked the Wi-Fi signals from 5.6 million phones as people moved around the London Underground, even if they weren't connected to a Wi-Fi network.

TfL publicly stated that the purpose of the scheme was to use the aggregated, anonymised data "to better understand how people navigate the London Underground network, allowing TfL to improve the experience for customers". It is now in consultation about tracking passengers on a permanent basis.

UK home secretary Amber Rudd has called on messaging apps like WhatsApp to ditch end-to-end encryption, arguing that it aids terrorists.

Writing in The Telegraph on Tuesday, the Conservative minister said that "real people" don't need the feature and that tech companies should do more to help the authorities deal with security threats. But activists have reacted with concern to her remarks, blasting them as "dangerous and misleading." Strong end-to-end encryption involves encoding messages or data so it cannot be read by anyone other than the intended recipient — including the company whose tech encrypts it, or law enforcement with a warrant.

The British government issued new guidelines on Sunday requiring manufacturers of internet-connected vehicles to put in place tougher cyber protections to ensure they are better shielded against hackers.

The government said it was concerned that smart vehicles, which allow drivers to do things such as access maps and travel information, could be targeted by hackers to access personal data, steal cars that use keyless entry systems, or take control of technology for malicious reasons. The new guidelines will also ensure that engineers seek to design out cyber security threats as they develop new vehicles, the government said.

The government digital service is to make users of its data.gov.uk website change their passwords, following a security breach. It said a database of usernames and email addresses had been discovered on a publicly accessible system during a routine security review.

The data.gov.uk site lets registered users browse information published by a variety of government departments. The GDS has informed the information commissioner of the leak. A GDS spokeswoman told that the breach had affected only data.gov.uk accounts, and people with separate accounts for other government websites were not affected.

Parliament has been hit by a cyber attack, officials at Westminster say. The "sustained" hack began on Friday night, prompting officials to disable remote access to the emails of MPs, peers and their staff as a safeguard.

The parliamentary authorities said hackers had mounted a "determined attack" on all user accounts "in an attempt to identify weak passwords". Government sources say it appeared the attack has been contained but it will "remain vigilant". A parliamentary spokeswoman said they were investigating the attack and liaising with the National Cyber Security Centre.

The UK’s Trident submarine fleet is vulnerable to a “catastrophic” cyber-attack that could render Britain’s nuclear weapons useless. The report, Hacking UK Trident: A Growing Threat, warns that a successful cyber-attack could “neutralise operations, lead to loss of life, defeat or perhaps even the catastrophic exchange of nuclear warheads”.

The Ministry of Defence has repeatedly said the operating systems of Britain’s nuclear submarines cannot be penetrated while at sea because they are not connected to the internet at that point. But the report’s authors, the British American Security Information Council, expressed scepticism.

Cyberattacks against businesses operating in the UK are more prevalent than ever yet many customers may never become aware about major hacking incidents as the majority of firms are not required by law to report breaches to public bodies.

Survey results released by DCMS stated that "nearly half" of UK firms sampled had identified a "breach or attack" in the last year. It was carried out by Ipsos Mori and included 1,523 UK-based businesses in total. "While breaches do not always result in a material outcome, such as loss of data or network access, in cases where this does happen, it has a significant impact on the organisation," it warned.