Key developments
California sues former 23andMe over breach
California Attorney General Rob Bonta filed suit against Chrome Holding Co., formerly known as 23andMe, over its 2023 breach. The complaint says a credential-stuffing attack on the DNA Relatives feature exposed sensitive genetic and personal data tied to about 855,000 California residents and enabled mass scraping of linked profiles. California alleges the company failed to implement basic security controls and properly notify affected users.
Why it matters
The case could raise the bar for security and notice expectations around highly sensitive genetic data.
Sources & driving stories
TECH JACKS SOLUTIONS SECURITY COMMAND CENTER · Tech Jacks Solutions
Tech Jacks Solutions Security Command Center coverageCarnival confirms breach of nearly 6 million
Carnival Corporation confirmed a breach affecting roughly 6 million customers and employees after a claim of responsibility by ShinyHunters, according to Tech Jacks Solutions Security Command Center. The exposed data included names, addresses, and other personal information. The incident adds to Carnival's breach history and increases regulatory and reputational pressure.
Why it matters
A large repeat-incident breach heightens scrutiny of Carnival's privacy and cybersecurity controls.
Sources & driving stories
TECH JACKS SOLUTIONS SECURITY COMMAND CENTER · Tech Jacks Solutions
Tech Jacks Solutions Security Command Center coverageOregon corrections breach exposed 33,000 files
The Oregon Department of Corrections said a former employee at Snake River Correctional Institution improperly accessed agency records from July 7, 2025 through January 2026, with discovery on Jan. 5. More than 33,000 files totaling about 7.5 GB were accessed, including personal information for staff, vendors, adults in custody, and visitors. The agency terminated the employee, is working with law enforcement, and expects mailed notices to take several weeks.
Why it matters
The breach spans multiple groups and may take time to fully scope and notify.
Sources & driving stories
AOL.COM
AOL.com coverageWorth noting
WORTH NOTING
Gmail AI privacy risks
ExpressVPN's guide says Gemini-connected features can access inbox content through smart features and app permissions, making settings and account hardening more important.
WORTH NOTING
Nigeria breach notices center on NDPC portal
Global Law Experts says controllers handling Nigerian personal data face a 72-hour NDPC reporting window and may also need parallel reports to police cybercrime and ngCERT.
WORTH NOTING
Prison tablets pool biometric and contact data
The Yale Law Journal article says carceral tablet systems extract messages, call records, transcripts, and voiceprints at scale, challenging traditional prison-surveillance doctrine.
Still unclear
OPEN QUESTION
Will California's suit raise genetic-data security standards?
The case targets credential-stuffing resilience, notice practices, and protections for highly sensitive DNA-linked profiles.
OPEN QUESTION
How complete will breach notices be?
Carnival and Oregon both involve large, mixed populations whose final affected counts may change as forensics finish.