Key developments
ICE expands iris scanning program
The Department of Homeland Security awarded BI2 Technologies a $25 million no-bid contract last week to expand iris-scanning capacity for ICE enforcement and removal operations. DHS asked for more than 1,500 scanners plus access to BI2's mobile app and iris database. NPR reported a Chicago raid in which officers allegedly photographed Norelly Mejías Cáceres's irises before identifying her, intensifying privacy concerns about centralized biometric retention and reuse.
Why it matters
The expansion could turn a field identification tool into a persistent biometric tracking system for detained migrants and others.
Sources & driving stories
NPR · Meg Anderson
NPR coverageFBI warns of in-person data theft
The FBI issued a flash alert Tuesday warning that the Silent Ransom Group is using callback phishing and physical follow-up visits against U.S. law firms. After posing as IT support and trying to get employees to open remote sessions, the actors can send someone in person to connect a USB or external drive and steal data directly from the victim computer. The group, also known as Luna Moth, Chatty Spider, and UNC3753, has been active since at least 2022.
Why it matters
The tactic mixes social engineering with physical access, making data theft harder to detect and block.
Sources & driving stories
BLEEPINGCOMPUTER · Sergiu Gatlan
BleepingComputer coverageSpectrum breach probe cites 42 million records
Woods Lonergan said it is investigating a reported Charter/Spectrum breach after cybersecurity watchdog reporting on May 24 said ShinyHunters threatened to leak about 42 million unique customer records. The alleged compromise began April 1 with a vishing call that led to access through a Microsoft Entra single sign-on profile and exports from Charter's Salesforce instance. Reported data includes customer names, email addresses, billing and physical addresses, phone numbers, plan information, some customer proprietary network information, and support tickets.
Why it matters
If confirmed, the incident would expose telecom customers' sensitive account and usage metadata at very large scale.
Sources & driving stories
WOODS LONERGAN PLLC
Woods Lonergan PLLC coverageWorth noting
WORTH NOTING
Fluke breach exposed SSNs and disability data
The Maine AG disclosure suggests a recent corporate breach may have affected Social Security numbers, dates of birth, and disability status, making it a concrete privacy harm.
WORTH NOTING
Mytheresa leak exposed 84,000 emails
ShinyHunters' public data dump included names, addresses, phone numbers, and partial card data, showing extortion campaigns are moving into public disclosure.
Still unclear
OPEN QUESTION
How long will ICE retain iris scans?
The report suggests DHS may be storing detainee biometrics in a central database, but retention, sharing, and deletion rules are still unclear.
OPEN QUESTION
Can Charter/Spectrum confirm the breach scope?
The allegation rests on third-party reporting and a law-firm investigation, so the exact extent of any Salesforce/Entra compromise remains unverified.