DataBreachToday.com

State Accused Tech Giant of Geolocation, Incognito Search, Biometric Violations
Texas has reached a nearly $1.4 billion settlement agreement with technology giant Alphabet after accusing its Google subsidiary of violating state privacy laws via its geolocation, incognito search and biometric data capture and retention practices.

Noodlophile Steals Credentials and Wallets Under AI Video Guise
Hackers are targeting users into downloading infostealers by tricking them into clicking on links that claim to produce AI-generated videos. The attackers build websites and promoted them on high-visibility Facebook groups, some exceeding 60,000 views.

Malware Targets Western Officials, NGOs and Journalists
Russian cyber espionage hackers are using a new malware strain dubbed "Lostkeys" in a targeted espionage campaign aimed at Western officials, NGOs and journalists. Google researchers attribute Lostkeys to the threat group Coldriver, an operational unit within the Federal Security Service.

Pharmaceutical companies typically have more mature cyber programs than other healthcare factions, but these firms also face unique risks involving their large attack surfaces, complex manufacturing, supply chains and sensitive intellectual property, said Joshua Mullen of Booz Allen Hamilton.

Strategic Plan Includes Human Risk Management Platform Expansion, IPO Preparation
Bryan Palma outlines his vision to grow KnowBe4 beyond security awareness training by investing in agentic AI, expanding email and behavioral tools and positioning the company for IPO readiness. He highlights Vista Equity's support and platform depth as key assets.

Also: Cyber IPOs and the Investment Climate, the Urgency of AI Explainability
In this week's update, ISMG editors unpacked Trump's teased "grand cyber plan" amid budget cuts to the Cybersecurity and Infrastructure Security Agency, key business takeaways from RSAC Conference 2025 and why explainability in artificial intelligence is becoming critical to trust and security.

Government Officials Sound 'Wake Up' Alarms
A rash of cyber incidents felt by British businesses add up to a wake-up call that cybersecurity is an absolute priority, top government officials warned during an annual conference hosted by the National Cyber Security Centre. The NCSC unveiled cyber resilience measures timed for the conference.

Partners Use Bedrock, SageMaker for Threat Detection, Response, Vital to Innovation
AWS is enabling cybersecurity firms to enhance detection, triage and response capabilities by embedding generative AI into services like Bedrock and SageMaker, while reinforcing its position as a partner-centric cloud security leader, said Managing Director Rohan Karmarkar.

After Vendor Paid for Data-Deletion Promise, Criminals Extort Schools Directly
Students, gather round for the sad story of how PowerSchool got schooled by hackers, who stole data on students and teachers. After PowerSchool paid a ransom for a guarantee that the data would be deleted, the bad hackers failed to honor their promise.

Union Health System Among Many Cerner Legacy Data Clients Affected by Breach
An Indiana health system is among the first healthcare organizations notifying regulators and thousands of people affected by the Oracle hack in January. Attackers compromised legacy patient data hosted by Cerner servers that were set to migrate to Oracle's cloud environment.

CISOs Seek Real Value as Vendors Tout the Latest Batch of AI-Driven Solutions
As the conversation shifts from generative to agentic AI, it's clear that AI holds tremendous potential to ease zero trust fatigue, but only when guided by business context, quality data and human oversight. CISOs see AI as a "basket of opportunities but plenty of "vendor blind spots."

Srivatsan Replaces Prakash Panjwani, Who Led WatchGuard's Push Beyond the Network
The former chief operating officer of SentinelOne and chief strategy officer of Palo Alto Networks has been named interim leader of MSP security stalwart WatchGuard. WatchGuard tapped Vats Srivatsan to serve as interim CEO beginning Wednesday and tasked him with scaling its platform.

Also: Iberian Blackout, Delta Faces Lawsuit Linked to CrowdStrike Outage
Every week, ISMG rounds up cybersecurity incidents and breaches around the world. This week: Mirai Botnet Exploits Flaws in GeoVision, the Iberian blackout under investigation, dueling cybersecurity advisories from India and Pakistan, Delta must face a lawsuit linked to CrowdStrike outage.

Criminals Extort School Employees After Vendor Paid for Data-Deletion Promise
Students, gather round for the sad story of how PowerSchool got schooled not once, but twice. Surprise: attackers who received a ransom payment in return for a promise to delete data they stole from PowerSchool pertaining to students and teachers didn't actually delete the data.

Not Just Ransomware But Verbal Disclosure of Personal Data Common, Watchdog Finds
Two decades after California Senate Bill 1386 introduced the world to data breach notifications, organizations have collectively battened down their cybersecurity hatches and fixed the problem once and for all. Of course, I'm joking, with the results of recent data breach root cause report in hand.

Exposes Details of Victims, 'Aggressive' Negotiations, Cryptocurrency Addresses
One year to the day after an international law enforcement operation unmasked and indicted the leader of the notorious LockBit ransomware group, a hacker has sent the group another love letter.