Key developments
France opens probe into ANTS breach suspect
French prosecutors opened a formal investigation into a 15-year-old detained April 25 over the alleged hack of France Titres (ANTS), the state agency that manages identity cards, passports, driving licenses, and license plates. Authorities say the suspect used the alias "breach3d" and tried to sell 12 million to 18 million lines of stolen data on hacker forums; ANTS said it detected unusual network activity on April 13 and later confirmed the posted data was authentic. BleepingComputer reported that ANTS disclosed access to account data including names, emails, birth dates, postal addresses, and phone numbers, and said 11.7 million accounts were impacted.
Why it matters
The breach underscores the scale of privacy risk created by centralized national identity databases.
Sources & driving stories
CLAIMS JOURNAL
Claims Journal coverageBLEEPINGCOMPUTER · Ionut Ilascu
BleepingComputer coverageSenate panel advances AI companion age checks
The Senate Judiciary Committee advanced the GUARD Act, which would bar children from using AI companions and require all users to pass age-gating before interacting with chatbot-style systems. The bill would require ongoing verification and could force users to produce ID, biometric identifiers, or financial data each time they talk to an AI companion. It also requires chatbots to disclose that they are not human and lack professional credentials, and it sets fines of up to $100,000 per violation.
Why it matters
If enacted, the proposal would normalize repeated collection of highly sensitive identity data for everyday AI use.
Sources & driving stories
THE RECORD · Suzanne Smalley
The Record coverageMichigan Medicine reports third-party record access
Michigan Medicine said third-party companies accessed medical records for about 551 patients without confirmed authorization, with the access window running from Oct. 18, 2023, through Nov. 12, 2025. Epic Systems notified the health system on Jan. 13 after detecting unusual activity tied to third-party requests through a health information exchange connection, and Epic separately sued Health Gorilla over allegations that its network enabled unauthorized access to nearly 300,000 records. Michigan Medicine said it found no Social Security numbers in the accessed files and believes identity-theft risk is low.
Why it matters
The case shows how health-information exchange plumbing can widen privacy exposure far beyond the originating provider.
Sources & driving stories
DETROIT FREE PRESS
Detroit Free Press coverageWorth noting
WORTH NOTING
Congress extends FISA surveillance law 45 days
The stopgap keeps current surveillance authorities in place while lawmakers postpone the fight over warrantless searches.
WORTH NOTING
ADT confirms limited customer data access
The disclosure adds another consumer breach involving names, phone numbers, addresses, and some birth dates and tax or Social Security digits.
WORTH NOTING
LinkedIn accused of browser extension scanning
The allegation raises fresh consent and device-tracking questions after reports that scripts probed thousands of installed extensions.
Still unclear
OPEN QUESTION
Can AI age checks avoid repeated sensitive-data collection?
The GUARD Act would require recurring verification with identity, biometric, or financial data, which could create a new privacy baseline for consumer AI.
OPEN QUESTION
Will France decentralize ANTS data after the breach?
The case exposed the risk of concentrating identity documents and contact details in one government repository.