Whistleblower: DOGE Siphoned NLRB Case Data
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk‘s Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account.
Ex-NSA chief warns AI devs: Don’t repeat infosec’s early-day screwups
AI engineers should take a lesson from the early days of cybersecurity and bake safety and security into their models during development, rather than trying to bolt it on after the fact, according to former NSA boss Mike Rogers. “So when we created this hyper-connected, highly networked world, which we all live in, which data is so critical, we did not consider defensibility, redundancy, and resilience as core design characteristics,” said Rogers, a retired US Navy admiral who helmed both the National Security Agency and US Cyber Command between 2014 and 2018. Rogers was speaking on a panel about AI and national security at the Vanderbilt Summit on Modern Conflict and Emerging Threats.
US Data Breach Victim Count Surges 26% Annually
The number of individuals impacted by data breaches increased by 26% year-on-year (YoY) in the first three months of 2025, despite overall incident volumes remaining flat, according to the Identity Theft Resource Center (ITRC). The non-profit records all publicly available information on corporate “data compromises” in the US – that is, data breaches, exposures and leaks. It posted a total of 824 such events in Q1 2025, versus a slightly higher 841 a year ago. However, while there were 72.5 million victims in the first three months of 2024, the number had increased to over 91.3 million by the first quarter of 2025.
Verizon Reports Surge in Breaches Tied to Edge Devices
Hackers targeting victims’ networks last year primarily wielded stolen credentials, exploits for known and zero-day vulnerabilities in edge and VPN devices and phishing attacks to gain initial access, according to Verizon’s 2025 Data Breach Investigations Report. More vulnerabilities are being exploited than ever before to gain initial access. The Wednesday report shows that a fifth of breaches last year – up by one-third from the year before, when they also rose – traced to hackers first exploiting a vulnerability.
Gen Z know the risks but still reuse passwords
A new survey of 2,300 adults worldwide reveals that 79 percent of Gen Z believe reusing the same password across multiple accounts is risky, however, 72 percent still admit to doing so. The study from Bitwarden ahead of next Thursday’s World Password Day also shows 59 percent of Gen Z admit to reusing an existing password when updating an account with a company that has experienced a data breach, this is compared to just 23 percent of Boomers. Gen Z is often regarded as the most digitally aware generation yet the findings suggest a degree of password fatigue. 72 percent of both Gen Z and Millennial respondents estimate they have fewer than 25 unique passwords, while 38 percent of Gen Z and 31 percent of Millennials report changing only a single character or reusing an existing password when prompted to update a credential. Despite growing up online, 62 percent of Gen Z report some level of stress when it comes to managing passwords.
