Notices by Zack Whittaker (zackwhittaker@mastodon.social)

New: Senior White House official Russell Vought, who's also the acting head of the Consumer Financial Protection Bureau, has scrapped a plan that would have blocked data brokers from selling Americans' personal and financial information, including Social Security numbers.

https://techcrunch.com/2025/05/14/white-house-scraps-plan-to-block-data-brokers-from-selling-americans-sensitive-data/

Good news! An encryption backdoor bill in Florida has failed.

https://techcrunch.com/2025/05/09/florida-bill-requiring-encryption-backdoors-for-social-media-accounts-has-failed

PowerSchool paid a hacker’s ransom, but now schools say they are being extorted.

https://techcrunch.com/2025/05/08/powerschool-paid-a-hackers-ransom-but-now-schools-say-they-are-being-extorted/

If there's one thing I've learned about covering cybersecurity over the past decade or so, is that the cybersecurity community (the fixers and breakers) and the cybersecurity industry (profits above all else) are two very, very different things.

Electronic Frontier Foundation and dozens of leading cyber and election security experts have signed an open letter saying they "unequivocally condemn" the "spurious and retaliatory targeting" of former CISA director Chris Krebs — and urge the rescinding of the Trump order targeting him.

https://www.eff.org/press/releases/eff-leads-prominent-security-experts-urging-trump-administration-leave-chris-krebs

@carlypage Carly, it's been the absolute privilege of my professional career to have worked with you, one of the finest cybersecurity journalists in the world today. it's gutting that TechCrunch is losing some incredibly talented staff (and for no good reason). you are an astounding reporter, a deft editor, and you brought everything to this job and it showed.

For anyone reading this; hire @carlypage.

Powerful words from former CISA director Jen Easterly in a post on LinkedIn, warning of the "targeting and removal of nonpartisan public servants and the normalization of loyalty oaths."

"If we — who aim to protect critical systems — can’t defend the humans who manage and maintain them, what exactly are we securing?"

Full read: https://www.linkedin.com/pulse/what-we-really-securing-jen-easterly-auyae

New, by me: Blue Shield of California said it's notifying at least 4.7 million people that it shared their personal and protected health information with Google over several years.

Blue Shield blamed a misconfiguration of its use of Google Ads, and said the collected data may have been used "to conduct focused ad campaigns" on affected members.

https://techcrunch.com/2025/04/23/blue-shield-of-california-shared-the-private-health-data-of-millions-with-google-for-years/

Good read from @hrbrmstr on the Trump administration's retaliation against Chris Krebs, given that the RSA conference is rapidly approaching.

"Silence is not safety. Silence is capitulation. If the cybersecurity community cannot defend its own when the truth is under attack, then what exactly are we protecting?"

https://rud.is/b/2025/04/17/trumps-retaliation-against-chris-krebs-and-the-cybersecurity-industrys-deafening-silence/

New: Someone hacked audio-enabled crosswalk buttons across Silicon Valley over the weekend to upload voices that sound like Mark Zuckerberg and Elon Musk.

"They say money can't buy happiness…I guess that's true. God knows I've tried," said one button hacked to sound like Musk. "F--k I'm so alone."

https://techcrunch.com/2025/04/14/silicon-valley-crosswalk-buttons-hacked-to-imitate-musk-zuckerberg-voices/

Per Reuters, one unnamed cybersecurity executive said that by going after someone as high-profile as his own former CISA chief, Trump was cowing the industry into silence.

"If they are willing to crush Krebs, what do you think they'll do to me or others like me?" he said, speaking on condition of anonymity for fear of retaliation.

Stellar reporting by @aj_vicens and @razhael.

https://www.reuters.com/world/us/cybersecurity-industry-falls-silent-trump-turns-ire-sentinelone-2025-04-10

Cannot unsee. https://velvetshark.com/ai-company-logos-that-look-like-buttholes

New, by me: Sen. Ron Wyden has put a hold on the Trump administration's nomination of Sean Plankey to serve as CISA director. Wyden cited a “multi-year cover up” of security weaknesses across the U.S. telecom network.

Confirming Reuters' report.

https://techcrunch.com/2025/04/09/senator-puts-hold-on-trumps-nominee-for-cisa-director-citing-telco-security-cover-up/

Out for lunch and saw a guy with a t-shirt that read, "Today Satan."

New, by me: UnitedHealth has scrubbed much of its website mentioning its diversity, equity, and inclusion (DEI) policies, including pulling down blog posts and large sections of its website.

TechCrunch saw UnitedHealth take down the pages in real-time this morning because we've used a webpage monitor for the past year to keep track of Change Healthcare's data breach notice, and saw the DEI-related pages removed as it happened.

https://techcrunch.com/2025/03/26/unitedhealth-removes-mentions-of-dei-from-its-website/

Holy shit. https://www.theatlantic.com/politics/archive/2025/03/trump-administration-accidentally-texted-me-its-war-plans/682151/

A federal judge on Thursday blocked DOGE's access to systems at the Social Security Administration that store huge amounts of highly sensitive information on millions of America, calling the access tantamount to a "fishing expedition."

https://techcrunch.com/2025/03/20/federal-judge-blocks-doges-access-to-social-security-administrations-banks-of-personal-information/

New, by me: Marko Elez, the DOGE staffer who resigned after his racist posts resurfaced (and was rehired soon after), violated Treasury rules when he sent an unencrypted email containing personally identifiable information to two Trump administration officials.

https://techcrunch.com/2025/03/17/doge-staffer-violated-treasury-rules-by-emailing-unencrypted-personal-data/

NEW by @carlypage: CISA had another round of layoffs, per people directly affected, said to be more than a hundred CISA employees. Red team staffers and its Cyber Incident Response Team (CIRT) are affected.

More: https://techcrunch.com/2025/03/11/doge-axes-cisa-red-team-staffers-amid-ongoing-federal-cuts/

Hats off to DataBreaches.net journalist @PogoWasRight for going public and publishing details about the legal demand they received from U.K. law firm Pinsent Masons, on behalf of the hacked health firm HCRG.

You can read more about the legal demand on DataBreaches.net.

https://databreaches.net/2025/03/05/hcrg-cares-lawyers-claimed-an-injunction-issued-in-a-private-hearing-required-us-to-remove-two-posts-we-didnt-comply/