DataBreachToday.com

Tyler Buchanan, a 23-year-old Scottish Man Extradited to the US on Wednesday
Spanish authorities extradited on Wednesday the suspected head of the Scattered Spider cybercrime group to the United States, where he is being held without bail in a downtown Los Angeles federal prison. Tyler Buchanan, 23, faces charges for wire fraud, aggravated identity theft and conspiracy.

Hackers Hit Maryland Medical Group and California Hospital, Claim 480 GB Data Theft
Two separate ransomware hacks of a Maryland medical group and a California hospital resulted in data thefts affecting more than 1.1 million patients, according to recent reports to regulators. Cybercriminals claim to have leaked 480 gigabytes of data from one of the attacks.

US Cyber Agency Denies Looming Deadlines Amid Reports of Expanded Workforce Buyouts
The U.S. Cybersecurity and Infrastructure Security Agency on Friday dismissed as false reports of a looming buyout deadline and expanded resignation offers, calling them misinformation. There is no Monday deadline, a spokesperson said.

Company Eyes Product Innovation and Strategic M&A After Rapid 30x ARR Growth
CEO Varun Badhwar says Silicon Valley-based Endor Labs will use its $93 million Series B funding to build AI-powered code security tools, boost community outreach and target key acquisitions, helping enterprises secure faster, AI-assisted software development.

Also: Supply Chain Security in Wake of US Tariffs, AI's Role in the SOC
In this week's update, ISMG editors discussed takeaways from Verizon's annual Data Breach Investigations Report, the cybersecurity ripple effects of the disruptive U.S. tariff policy, and why artificial intelligence tools still aren't ready to take over the security operations center.

Challengers Include Ex-OpenAI Staff, Geoffrey Hinton, Margaret Mitchell
A coalition comprising AI experts and former OpenAI staffers urged regulators to halt the artificial intelligence giant's plan to convert into a for-profit corporation. They contend that handing over full operational reins could dismantle safeguards to ensure AI serves humanity, not shareholders.

Incident Is Largest Health Data Breach Reported So Far to Feds in 2025
Yale New Haven Health System is notifying more than 5.5 million patients that their information was potentially among data stolen in a March hack. The incident, which is among several other recent major hacks, ranks is the largest health data breach reported to federal regulator so far this year.

Void Dokkaebi Campaigns Using Russia for Cryptocurrency Theft
North Korean hackers look north toward Russia for the internet infrastructure behind the many online scams that Pyongyang has built to funnel stolen cash into the rouge nation. Void Dokkaebi hackers participate in the North Korean scam of social engineering IT job seekers.

Hackers Deploying Infostealers for Data and Credential Theft
Hacks targeting cloud infrastructure rose significantly last year, with attackers exploiting misconfiguration and single sign-on features to deploy infostealers for data and credential theft. Hackers target centralized cloud assets secured with single sign-ons.

Experts Say White House AI Plan May Spur Innovation But Leave School Data at Risk
The White House issued an executive order Wednesday to expand the use of new artificial intelligence tools in U.S. K–12 schools, drawing expert warnings over the lack of cybersecurity safeguards to prevent data leaks or misuse by AI firms for model training.

AI-Powered Tools Protect Containerized Environments Against Sophisticated Attacks
Container security experts skilled in AI-driven defense tools are becoming critical as organizations rely more on containerized applications. These experts must contend with ephemeral workloads, secure CI/CD pipelines and implement real-time anomaly detection to protect cloud-native environments.

2019 Phishing Incident at California-Based PIH Health Affected Nearly 190,000
A regional healthcare network with three California hospitals serving Los Angeles and Orange Counties has agreed to pay federal regulators $600,000 and implement a corrective action plan to resolve potential HIPAA violations identified during an investigation into a 2019 phishing breach.

Series D Round Comes at $3.5B Valuation, Fuels Product Expansion Beyond Containers
Chainguard’s $356 million Series D haul will help it push beyond securing containers to protecting virtual machines and language libraries. CEO Dan Lorenc says customers want security that scales with open-source adoption, especially amid rising software supply chain threats.

European Commission Also Fines Apple 500 Million Euros
European regulators said Facebook conducted an end run around privacy regulations by requiring users to pay a monthly subscription fee or else accept that their personal data would be fed to advertisers. The European Commission fined the social media giant 200 million euros.

Breach Victim Tally Soars Since Firm Filed an Initial Breach Report in Early April
Kelly Benefits is notifying nine large clients and nearly 264,000 individuals that their sensitive personal information was potentially compromised in a December data theft incident. The tally of affected people has climbed eight-fold since the company's first estimate earlier this month.

Expert Lauds 'Textbook Cyber Crisis Communications' as M&S Details Some Disruption
It's rare to see a corporation lauded for its hacking incident communications, but British retailer Marks & Spencer has executed an admirable version of what informing the world of bad news should look like. M&S notified customers directly about the cybersecurity incident.

Bureau Endorses Enhanced Information Sharing With Global Allies to Curb Cybercrime
The FBI strongly supported recent efforts to expand information sharing with international partners and launch new efforts to curb global cybercrime, including working with Indian authorities to combat cyber-enabled financial crimes and transnational call center fraud.