Key developments
Congress grants Section 702 a six-week reprieve
Congress approved a six-week extension of FISA Section 702 hours before the surveillance law was set to expire, after the House passed the stopgap 261-111 and the Senate stripped out an unrelated crypto ban. The deal also advanced Sen. Ron Wyden's push to declassify a March 17 intelligence court ruling that found analyst filtering tools had evaded privacy safeguards; Sens. Tom Cotton and Mark Warner later asked the Trump administration to release the ruling. The temporary renewal keeps warrantless foreign-intelligence collection operating while lawmakers continue arguing over new limits on access to Americans' data.
Why it matters
It preserves a major surveillance authority while the fight over privacy safeguards remains unresolved.
Sources & driving stories
GV WIRE
GV Wire coverageHouse group unveils SECURE Data Act
The House Energy and Commerce Privacy Working Group introduced the SECURE Data Act on May 1 as a new federal privacy framework built from more than 20 state privacy laws. The bill would create national rights to access, correct, delete, and port personal data, plus opt-outs for targeted advertising and data sales, while requiring affirmative consent for sensitive data and a national data-broker registry. Enforcement would sit with the FTC and state attorneys general, with a 45-day cure period, no private right of action, and broad preemption of state laws that relate to its provisions.
Why it matters
It is a fresh attempt to set a single national baseline for U.S. privacy law.
Sources & driving stories
JD SUPRA
JD Supra coverageAmtrak breach may expose 2.1 million customers
BetterWorld Tech reported that Amtrak is facing scrutiny after a suspected data breach potentially exposed personal information for more than 2.1 million customers. The material reportedly listed on Have I Been Pwned includes names, addresses, and customer support records, and security researchers suspect ShinyHunters targeted cloud-based CRM systems such as Salesforce. Amtrak has not officially confirmed the full scope, but the exposed support history could help attackers craft convincing phishing messages.
Why it matters
A large, still-unconfirmed exposure could create major consumer and phishing risk.
Sources & driving stories
BETTERWORLD TECH · John Jordan
BetterWorld Tech coverageWorth noting
WORTH NOTING
Delta Dental settles MOVEit breach penalty
New York regulators said cybersecurity failures let hackers exploit MOVEit Transfer and access names, addresses, Social Security numbers, financial account details, and health information.
WORTH NOTING
Spain AEPD launches breach monitor
The agency replaced monthly PDF breach reports with an interactive real-time interface for tracking incidents by sector, date range, and attack type.
WORTH NOTING
Vimeo confirms vendor-linked breach
Vimeo said Anodot access exposed technical data, video metadata, and some email addresses, while saying video content, login credentials, and payment cards were not taken.
Still unclear
OPEN QUESTION
Will Amtrak confirm the full breach scope?
Official confirmation would determine how many customers were affected and whether support records or other sensitive data were actually exfiltrated.
OPEN QUESTION
Will Congress release the March 17 ruling?
Public access to the intelligence court's findings could reshape the next Section 702 reauthorization fight.