Data Privacy + Cybersecurity Insider
CYBERSECURITY
CISA + Partner Warn that Automatic Tank Gauge Systems Are Being Targeted
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Department of Energy (DOE), the Environmental Protection Agency (EPA), the Transportation Security Administration (TSA), the Department of Transportation (DOT), and the U.S. Department of Agriculture (USDA) recently issued an alert warning of...recent malicious cyber activity “involv[ing] cyber threat actors compromising internet-exposed ATG systems and subsequently modifying them through command execution.”
This means that cyber actors could “disrupt or manipulate the below critical functions by interfacing directly with the tank management as though they possessed legitimate physical access to the system console.” Read more
ENFORCEMENT + LITIGATION
Doxim Data Breach Settlement Underscores Third-Party Data Security Risk
On May 5, 2026, the parties in In re Doxim, Inc. Data Security Incident Litigation (E.D. Mich. June 13, 2024), filed a proposed $5.5 million class action settlement arising from a cyber incident involving Doxim, a software provider serving credit unions, wealth management service providers, and banking sectors in the United States and Canada.
Doxim detected suspicious activity on December 30, 2023, in the part of its network supporting credit union services. It later determined that files had been removed from its network and that those files included names, mailing addresses, account numbers, and/or Social Security numbers. Doxim began notifying affected individuals on approximately May 31, 2024. Read more
DATA PRIVACY
Kaiser Tracking Tech Case Moves Toward Class Certification
A member of Kaiser Permanente, an integrated managed care consortium headquartered in Oakland, California, has asked a federal judge in Seattle to certify nationwide classes and California subclasses in a privacy lawsuit against Microsoft and Qualtrics over tracking technologies allegedly embedded in Kaiser’s website and patient portal. The plaintiff, identified as Jane Doe, claims that Microsoft’s Universal Event Tracking tool and Qualtrics’ website technologies secretly collected sensitive information from Kaiser members as they scheduled appointments, reviewed test results, searched health topics, and managed care through Kaiser’s online services. Read more
ARTIFICIAL INTELLIGENCE
Anthropic Suggests Global “Pause” on AI Development
AI giant Anthropic has suggested that the world temporarily “pause” on AI development because of AI tools’ ability for “‘recursive self-improvement’– that is, being able to make better and more powerful versions of itself. Recursive self-improvement is a bugbear of AI safety researchers, viewed as the key step for AI to become superintelligent and therefore unleash widespread consequences on humanity.”
Anthropic’s post cautioned of a “trend” of increasing capability in its product Claude which, “taken far enough and given enough compute … points to an AI system capable of fully autonomously designing and developing its own successor.” As a result, there is a risk of “humans losing control over AI systems.” Read more
AI Governance Is Not Just a Policy Problem – Your Contracts Matter
AI governance is often discussed through the lens of policies, frameworks, and responsible AI principles. Those tools matter, but they are not where many of the most important AI decisions are actually being made. In practice, AI governance is increasingly happening in contracts. Vendor agreements now decide who can use data, whether customer inputs may be used for training, what rights exist around outputs, what evidence a vendor must provide, and when a customer can suspend or terminate use. Those are not just legal terms. They are operational controls. Read more
PRIVACY TIP #495
What We Can Learn from The Worst Breaches of 2026
TechCrunch recently issued a report outlining the worst breaches of 2026.
What can we learn from these trends?
According to TechCrunch, “the attacks are getting bolder, more destructive, and harder to contain.” The trends confirm that as technology advances, so must defenses equally. Cybersecurity measures must be sophisticated enough to block attackers so they will move on to the next victim. A mature cybersecurity posture, both personally and professionally, must be a priority to prevent becoming victimized.
Read this week's Privacy Tip to learn more about the myriad of attacks that threat actors have effectuated in 2026, so far. Read more



