Key developments
Congress Passes 10-Day Section 702 Extension
Reuters reported Congress approved a 10-day extension of Section 702 on April 17 after the House failed to advance a five-year reauthorization backed by President Donald Trump. The stopgap keeps alive the NSA authority to collect foreigners' communications from U.S. digital infrastructure and leaves unresolved demands for limits on warrantless access to Americans' data. Senate Majority Leader John Thune said he was open to reforms but that any compromise would depend on workable details.
Why it matters
The extension preserves a major surveillance power while lawmakers keep negotiating privacy limits on warrantless data access.
Sources & driving stories
WTVB · David Morgan
WTVB coverageTHE GUARDIAN
The Guardian coverageEuropean Commission Confirms 300GB AWS Breach
The European Commission confirmed attackers stole more than 300GB from its AWS environment after using an API key compromised in the Trivy supply-chain attack. CERT-EU said the key let hackers create new credentials, run reconnaissance, and pull data from websites used by 71 EC and EU-affiliated clients; ShinyHunters later posted leaked records including names, email addresses, usernames, and tens of thousands of user-submitted messages. The Commission revoked the credentials, notified regulators, and said internal systems were not affected.
Why it matters
It shows a supply-chain compromise can expose large volumes of user data even when core systems stay online.
Sources & driving stories
OODA LOOP
OODA Loop coverageEyemart Express Files Texas Breach Notice
Eyemart Express, a national optical retailer with nearly 250 stores across 42 states, posted a Texas Attorney General breach filing on April 17 after ransomware group Payouts King claimed on March 10 to have 435GB of internal data. The filing says exposed information included names, addresses, Social Security numbers, driver's license numbers, dates of birth, medical information, and health insurance information. The number of affected individuals has not been publicly disclosed.
Why it matters
The breach mixes identity and medical data, increasing the potential for fraud and privacy harm.
Sources & driving stories
CLAIM DEPOT
Claim Depot coverageWorth noting
WORTH NOTING
Amtrak breach claim added to HIBP
Troy Hunt added the alleged dataset after reviewing ShinyHunters' claim, but Have I Been Pwned cautioned that the listing is not official confirmation from Amtrak.
WORTH NOTING
Montana judge keeps BCBS probe alive
The ruling lets the state continue investigating a breach that could have exposed names, medical information, and other private data for up to 462,000 Blue Cross Blue Shield of Montana members.
WORTH NOTING
Bihar plans facial-recognition traffic system
The state says its AI traffic network would use facial-recognition cameras at 500 to 700 sites, creating a large new public-surveillance footprint.
Still unclear
OPEN QUESTION
Will Section 702 gain warrant limits?
The 10-day extension only postpones the privacy fight over warrantless searches and other surveillance reforms.
OPEN QUESTION
How many Eyemart Express victims were exposed?
The filing confirms sensitive PII and health data exposure but does not disclose the affected population.