Privacy Roundup #0234 • January 2026
January brought a wave of government surveillance deals, fresh data broker fines, large corporate breaches and a renewed fight over encryption.
1. ICE Is Going on a Surveillance Shopping Spree
The EFF set out how ICE signed new contracts for phone tracking, social media monitoring, face surveillance and spyware. The agency now spends ten times its old budget on these tools, building one of the largest domestic surveillance systems in history.
2. Inside ICE's Tool to Monitor Phones in Entire Neighbourhoods
404 Media revealed Webloc, a tool that lets ICE watch a city block for phones and trace each device home and to work. The data comes from hundreds of millions of phones and can be queried without a warrant.
3. EFF Calls on Tech Companies to Encrypt It Already
The EFF asked Meta, Apple, Google, Bluesky, Telegram and Amazon Ring to keep their promises on end to end encryption. The campaign wants default encryption for group chats, backups and home cameras.
4. CalPrivacy Brings New Enforcement Actions Against Data Brokers
California fined Datamasters, run by Rickenbacher Data LLC, and S&P Global for failing to register under the Delete Act. Datamasters had resold lists of people grouped by health condition, age and perceived race.
5. Worried About Surveillance, States Enact Privacy Laws and Restrict Licence Plate Readers
States across the political spectrum moved to curb licence plate readers, and several blocked ICE from reaching their driver record databases. Democratic led cities also dropped contracts with Flock Safety, the largest supplier of the cameras, over fears the scans fed federal surveillance.
6. Crunchbase Confirms Data Breach After Hacking Claims
Crunchbase confirmed a breach after the group ShinyHunters published stolen records. The attackers used voice phishing to steal an employee single sign on credential and claimed to take more than two million records.
7. Target's Dev Server Offline After Hackers Claim to Steal Source Code
Around 860 gigabytes of Target source code and developer documents appeared online, and staff confirmed the files were real. The theft began with an infostealer on an employee workstation that held wide internal access.
8. Data Thieves Borrow Nike's 'Just Do It' Mantra, Claim They Ran Off With 1.4TB
A group calling itself WorldLeaks published what it said was 1.4 terabytes of internal Nike data. The files covered product design, factory training and manufacturing processes, though they did not appear to hold customer records.
9. Blue Shield of California Notifies Members of Potential Privacy Breach
A record merge fault let some Blue Shield members view another member's details in the portal. The exposed data included names, diagnoses, medications and claims information.
10. Who Operates the Badbox 2.0 Botnet?
Krebs traced how a disclosed vulnerability was used to build a vast botnet running on cheap Android television boxes. The person in control launched denial of service attacks, doxing and a swatting raid against the researcher and reporter.
11. Patch Tuesday, January 2026 Edition
Microsoft fixed at least 113 flaws, with eight rated critical and one already under attack. Two Office bugs could run code just from viewing a message in the preview pane.
12. CNIL Fines Free Mobile and Free 42 Million Euros
The French regulator fined the two telecoms firms over weak security after an attacker reached data on 24 million subscriber contracts. The breach exposed bank account numbers for customers of both companies.
13. Illinois State Agency Exposed Personal Data of 700,000 People
The Illinois Department of Human Services revealed that it had posted the records of more than 700,000 residents on public mapping platforms. The data, which included addresses and benefits status, stayed open to view for years before staff took it down.
14. ICE Takes Aim at Data Held by Advertising and Tech Firms
ICE published a request for information to learn how ad tech and big data providers could feed its investigations. Privacy experts warned the move could let the agency buy its way around warrant rules.
15. AI and the Rise of Bulk Spying
Bruce Schneier argued that artificial intelligence lets governments and firms move from targeted watching to mass surveillance. He warned that cheap analysis removes the old limits that once protected privacy.
16. Instagram Denies Breach Amid Claims of 17 Million Account Data Leak
A dataset said to hold records on more than 17 million Instagram accounts appeared on a hacking forum, listing names, emails, phone numbers and addresses. Meta denied any breach of its systems and said it had fixed a bug that let attackers mass request password reset emails.
17. Coalition Urges Congress to Block Funding for ICE Surveillance
Forty four groups asked lawmakers to cut funding for what they called an ICE surveillance panopticon. They warned that the spending threatened the rights of citizens and immigrants alike.
18. ICE and Activists Clash Over Doxing and Privacy
The Washington Post reported on court and street fights as ICE used surveillance tools against protesters. Civil rights groups said the agency was infringing the privacy and speech rights of citizens.
19. France Travail Fined 5 Million Euros Over Job Seeker Data
The CNIL fined the French employment agency for failing to secure the data of job seekers. The penalty added to a busy month of European enforcement against poor data protection.
20. Match Group Breach Exposes Data From Hinge, Tinder, OkCupid, and Match
The group ShinyHunters leaked about 1.7 gigabytes of files said to hold roughly ten million records from the dating apps run by Match Group. The attackers reached the data through a social engineering attack that captured company single sign on credentials.
Enjoyed this post?
Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.
Tags
Category:
Year: