Key developments
7-Eleven breach exposes franchise applicant SSNs
All About Cookies reported that 7-Eleven confirmed unauthorized access on April 8 to systems storing franchise application documents. More than 185,000 applicants were notified after the company said the stolen files included names, home addresses, phone numbers, email addresses, dates of birth, Social Security numbers and driver license details. The report says ShinyHunters demanded a $250,000 ransom and later published a 9.4GB archive on May 24 after 7-Eleven refused to pay.
Why it matters
It exposes highly sensitive identity data for a large applicant pool and creates clear fraud and identity-theft risk.
Sources & driving stories
ALL ABOUT COOKIES · Thomas Kent
All About Cookies coverageMeta employee tracking tool draws EU scrutiny
LatestLY, citing Reuters and internal documentation, reported that Meta's Model Capability Initiative records mouse movements, clicks, navigation patterns and website usage across more than 200 applications to train autonomous AI agents. Internal FAQs reportedly say emails and direct messages sent to international colleagues can be ingested, even as Meta says the tool runs only on U.S. devices and does not aim to capture non-U.S. data. Privacy experts say the design raises GDPR purpose-limitation, access and deletion concerns, and Meta says it has informed the Irish Data Protection Commission.
Why it matters
It could become a test case for workplace surveillance limits and cross-border employee-data processing.
Sources & driving stories
LATESTLY
LatestLY coverageCalifornia sues 23andMe over breach
The Los Angeles Times and Patch reported that California Attorney General Rob Bonta filed suit against Chrome Holding Co., the bankruptcy debtor name used by 23andMe, over the company's 2023 breach. The complaint alleges the attack exposed raw genetic information, health reports and related profile data tied to nearly 7 million people nationwide, including more than 850,000 Californians, and that attackers used credential stuffing and went undetected for five months. Bonta says the company misled consumers and failed to take obvious safeguards as its genetic-data assets moved through bankruptcy and sale proceedings.
Why it matters
It adds fresh enforcement pressure around the handling of deeply sensitive genetic data during bankruptcy and ownership transfer.
Sources & driving stories
LOS ANGELES TIMES
Los Angeles Times coveragePATCH · CBS San Francisco
Patch coverageWorth noting
WORTH NOTING
Community Bank reports AI breach
The Pennsylvania bank said an unauthorized AI application used to handle confidential customer information exposed names, Social Security numbers and dates of birth.
WORTH NOTING
Nursa notifies 13,168 Washington residents
The healthcare staffing platform disclosed unauthorized access to clinician profiles and confirmed names and full dates of birth were exposed.
Still unclear
OPEN QUESTION
Will Irish regulators probe Meta?
The reported ingestion of messages involving international colleagues could force the Irish Data Protection Commission to assess whether Meta's employee-tracking tool complies with GDPR.
OPEN QUESTION
Will 23andMe data transfer face limits?
The new lawsuit could further constrain how millions of genetic profiles are handled while the company moves through bankruptcy and asset ownership changes.