Key developments
Congress races to resolve FISA 702 fight
Congress is only days from the April 20 expiration of FISA Section 702. The Verge reported that Speaker Mike Johnson is delaying a vote while reformers push the bipartisan Government Surveillance Reform Act, which would require warrants for Americans' communications and some brokered data. The Washington Times reported House leaders are also weighing an 18-month extension under special rules, keeping the core fight unresolved.
Why it matters
The decision will determine whether the government keeps broad surveillance access or accepts new warrant requirements and oversight.
Sources & driving stories
THE VERGE
The Verge coverageWASHINGTON TIMES · Susan Ferrechio
Washington Times coverageLAPD files leak triggers citywide backlash
Los Angeles is investigating a third-party discovery-system breach that exposed sensitive LAPD and Internal Affairs records. The LA Times said the ransomware group WorldLeaks claimed responsibility, while NBC Los Angeles reported roughly 7.7 terabytes and more than 337,000 files were involved. The fallout reached City Hall when the Los Angeles Police Protective League rescinded its endorsement of City Attorney Hydee Feldstein Soto.
Why it matters
The incident raises major questions about how law-enforcement records are stored, shared, and protected in outside systems.
Sources & driving stories
LOS ANGELES TIMES
Los Angeles Times coverageNBC LOS ANGELES
NBC Los Angeles coverageEurail breach exposed passport data
Eurail said a breach discovered in January affected customers who booked Interrail or Eurail passes directly or through distributors. The company said attackers may have taken names, birth dates, gender, passport numbers, email addresses, phone numbers, physical addresses, and countries of residence, and it has begun notifying users and regulators. DigitalShield reported the stolen data was offered for sale on the dark web and some was posted on Telegram, while Cybersecurity Insiders said notifications pointed to about 1.3 terabytes exfiltrated and more than 300,000 travelers affected.
Why it matters
Passport and contact data can fuel identity theft, account takeover, and travel-fraud follow-on attacks.
Sources & driving stories
DIGITALSHIELD · Alberto Payo
DigitalShield coverageCYBERSECURITY INSIDERS · Naveen Goud
Cybersecurity Insiders coverageWorth noting
WORTH NOTING
OneDigital warns clients of Salesforce breach
The firm said as many as 28,414 people may have been affected, including names and Social Security numbers, underscoring SaaS and chat-tool exposure.
WORTH NOTING
Spring ISD email leak triggers leave
The district said an email to partners exposed employees' names, SSNs, and birth dates, turning a routine message into a reportable privacy incident.
WORTH NOTING
Concord Orthopedics settles breach suit
The settlement closes claims from a 2024 intrusion affecting more than 72,000 people and shows the litigation tail on health data breaches.
Still unclear
OPEN QUESTION
Can Congress act before April 20?
Whether Section 702 lapses or gets renewed with new guardrails will shape the next phase of US surveillance policy.
OPEN QUESTION
How much leaked data is still circulating?
The answer will determine the real privacy harm from the LAPD and Eurail incidents and how much mitigation remains possible.