CyberGhost began 2026 with the same message it ended last year with: requests for user data keep coming, and the company says it still has nothing to hand over. In its transparency report covering January through March 2026, the VPN provider disclosed 53,533 DMCA complaints and four police requests, all tied to attempts to connect activity on its network to identifiable users.
The figures matter because they show the constant legal and investigative pressure facing privacy services. They also test a central claim made by VPN providers: that a no-logs system is only meaningful if it holds when copyright holders or law enforcement come asking for records.
A no-logs policy only matters when it is tested
According to the report, CyberGhost received 19,296 DMCA complaints in January, 15,973 in February, and 18,264 in March. Police requests were far rarer, with two in January, two in February, and none in March. The company says its response was identical in every case because it does not retain traffic logs, connection timestamps, or browsing histories that could link a VPN IP address to a customer.
That distinction is central to how privacy infrastructure works. A VPN can mask a user’s public-facing IP address, but the privacy promise depends on what the provider itself stores behind the scenes. If logs exist, they can become a map from online activity to a person. If they do not exist, the demand for data reaches a practical limit. CyberGhost says its RAM-only infrastructure supports that model by wiping server data on reboot, reducing the amount of persistent information available to anyone seeking records after the fact.
Copyright notices arrive at industrial scale
The overwhelming majority of requests were copyright complaints rather than criminal inquiries. That is consistent with the way large rightsholders and their agents operate online: automated systems scan public IP addresses, issue notices in bulk, and attempt to identify the subscriber or account holder behind them. For VPN companies, those requests often collide with the design of the service itself, since many users share infrastructure and the provider may intentionally separate account identity from network activity.
Compared with the 56,053 DMCA complaints CyberGhost reported for the final quarter of 2025, the first quarter of 2026 brought a modest decline. Even so, the total remained high enough to show that copyright enforcement is still one of the most persistent external pressures on consumer privacy services.
Bug bounty results show privacy also depends on secure engineering
The company also reported 20 bug bounty submissions through its YesWeHack program during the quarter. Five were judged valid and patched, while 15 were classified as invalid or informational. That ratio is not unusual for public vulnerability reporting programs, where many submissions turn out to be duplicates, low-risk observations, or issues that do not meet the threshold for a security flaw.
What matters more is the existence of a structured process for finding weaknesses before criminals do. VPNs are marketed as trust products. That makes security testing more than a technical exercise: it is part of the evidence a provider offers when asking users to route sensitive traffic through its systems.
The wider threat landscape is growing more disruptive
CyberGhost’s report places those internal security efforts against a harsher backdrop. Among the incidents it highlighted were a major breach affecting TELUS Digital customers, a cyberattack that disrupted services at ignition interlock provider Intoxalock, destructive attacks attributed to the group Handala against medical technology giant Stryker, and an FCC warning about ransomware targeting telecom operators.
Taken together, those cases point to a broader shift in cyber risk. The damage is no longer confined to stolen files or temporary outages on office networks. Third-party suppliers can expose huge stores of sensitive data. Connected systems can interrupt daily life in physical ways. Wiper attacks can destroy operations rather than merely extort money. And telecom networks have become high-value targets because they sit so close to critical communications infrastructure.
For users, the lesson is narrower but still important. A VPN can help shield identity and traffic from some forms of surveillance and data collection, but it is not a complete defense against the wider failures of vendors, device makers, employers, or critical service providers. Privacy tools matter. So does the security of every system your data passes through.
