Key developments
Lawmakers demand DHS details on Palantir surveillance
On Apr. 20, Reps. Dan Goldman and Nydia Velázquez and Sen. Ron Wyden sent a letter to DHS and acting ICE Director Todd M. Lyons seeking records on Palantir-developed immigration-enforcement systems. The request cites Clearview AI facial recognition, PenLink social monitoring, L3Harris stingray tools, Paragon cellphone surveillance, and ICE's Elite app, and asks for contracts, datasets, retention safeguards, and false-positive data by Apr. 24.
Why it matters
Congress is pressing DHS to explain how much personal data is being collected, linked, and retained in immigration enforcement.
Sources & driving stories
BIOMETRICUPDATE.COM
BiometricUpdate.com coverageVercel breach traced to Context.ai compromise
Vercel disclosed unauthorized access to internal systems after attackers compromised Context.ai, a third-party AI tool used by an employee. Reporting from TechRadar and The Hacker News says the intruders used a hijacked Google Workspace account to reach internal environments and non-sensitive environment variables; Vercel said sensitive variables stayed encrypted, saw no evidence they were accessed, and is notifying a limited subset of affected customers while working with law enforcement.
Why it matters
The incident shows how third-party AI and identity compromise can expose internal environments and customer secrets.
Sources & driving stories
TECHRADAR · Sead Fadilpašić
TechRadar coverageTHE HACKER NEWS · Ravie Lakshmanan
The Hacker News coverageBooking.com breach disclosure sparks phishing warnings
Booking.com said hackers may have accessed customer names, email addresses, physical addresses, phone numbers, and some limited financial data in a potential breach disclosed about a week before user complaints intensified. Cybersecurity Insiders reported UK customers then receiving messages and Telegram posts urging them to reconfirm details or reset passwords, which were widely viewed as phishing attempts tied to the incident.
Why it matters
Customer booking data can be quickly weaponized into account takeover and reservation hijacking.
Sources & driving stories
CYBERSECURITY INSIDERS · Naveen Goud
Cybersecurity Insiders coverageWorth noting
WORTH NOTING
P3 Global Intel breach claim investigated
Edelson Lechtzin LLP says it is probing a reported March incident in which hackers claimed to steal 93GB of data, including more than 8 million law-enforcement tips, from the anonymous tip platform.
WORTH NOTING
Cyble logs 702 March ransomware attacks
The monthly report shows a continued breach-heavy environment, citing 54 major breach and leak incidents and 20 underground access-sales cases in March.
Still unclear
OPEN QUESTION
How broad are DHS data-retention rules?
The letter asks for datasets, safeguards, and false-positive rates, but those controls are still opaque.
OPEN QUESTION
How many Vercel secrets were exposed?
Vercel says sensitive variables stayed encrypted, yet the exact customer and credential impact remains unclear.