Do You Know Where Your Data Are? Former 23andMe CEO’s Non-Profit Wins Bid to Buy Company; Washington Post Journalists’ Email Hacked; Prison for Former GCHQ Intern who Took Home Top Secret Files

Ombudsman Neil Richards, appointed to oversee 23andMe customer data privacy during the company's bankruptcy, says that customers should be allowed to provide formal consent before their data are sold. Richards notes that selling the data without such consent could be at odds with 23andMe's privacy policy. His report follows a June 10, 2025 hearing of the US House Committee on Oversight and government Reform at which legislators grilled Joe Selsavage, 23andMe Interim CEO and Chief Financial and Accounting Officer, about how customer data has been and will be protected. Over the weekend, TTAM Research Institute, a California-based non-profit run by 23andMe co-founder and former CEO Anne Wojcicki, won a bid to acquire the company. Wojcicki resigned from 23andMe in March 2025, at the time of the company's bankruptcy filing.

Read more in

According to an internal Washington Post memo, hackers broke into email accounts of some Washington Post journalists. The breach was detected on Thursday, June 12; the next day, the Post reset all employees' login credentials. According to the memo Executive Editor Matt Murray sent to Post employees, several Washington Post journalists' Microsoft accounts were compromised. The Post has not yet made a public statement about the incident. The story was first reported by the Wall Street Journal, which is behind a paywall.

Read more in

A former intern at the UK's Government Communications Headquarters (GCHQ) has been sentenced to seven and a half years in prison for taking home top secret data during a work placement at the agency in 2022. Two days before his work placement was to have ended, Hasaan Arshad copied top secret data onto his mobile phone and transferred the data onto a personal computer system at his home. A prosecutor in the case said that Arshad's actions posed a threat to national security, risked exposing 17 co-workers, and "threw away many thousands of hours of work, and significant sums of taxpayers' money."

Read more in

The US Cybersecurity and Infrastructure Security Agency (CISA) has published a cybersecurity advisory in response to "ransomware actors leveraging unpatched instances of a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) to compromise customers of a utility billing software provider," indicative of "a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp RMM since January 2025." A patch for the critical path traversal vulnerability (CVE-2024-57727) was released in January. SimpleHelp is remote access software typically used by IT specialists to fix problems or remotely monitor systems.

Read more in

Trend Micro has published a security bulletin announcing Trend Micro Endpoint Encryption (TMEE) PolicyServer version 6.0.0.4013, which patches eight flaws including four evaluated at CVSS 9.8. CVE-2025-49212, CVE-2025-49213, and CVE-2025-49217 are different methods allowing an attacker to remotely execute code before authentication due to insecure deserialization operations. CVE-2025-49216 allows an attacker to modify product configurations while accessing key methods as an admin user, due to an authentication bypass vulnerability. The other flaws patched are all high severity and include additional RCE potential via insecure deserialization as well as privilege escalation due to SQL injection vulnerabilities. The bulletin states that none of the flaws have been observed being actively exploited, and notes that exploitation would generally require physical or remote access to a vulnerable machine. Trend Micro encourages customers to ensure prerequisite software is installed before updating to the most current software version available; the company has also released Network IPS rules and filters "for proactive secondary protection."

Read more in

Ireland-based Ocuco and California-based Episource have recently reported cybersecurity incidents. Ocuco, which provides software for eyecare practices and optical laboratories in countries around the world, reported a network server security incident to the UK Department of Health and Human Services Office for Civil Rights (HHS OCR) in late May. The incident reportedly affects more than 240,000 individuals. Episource, which provides medical coding services, notified the California Attorney General of a cyberattack involving the theft of customer data. The incident occurred in late January and early February 2025; Episource's notification to the California AG is dated June 6, 2025. The company has been sending out individual notification letters since late April.

Read more in

Vehicle sharing platform Zoomcar Holdings, based in India and registered in Delaware after a 2023 merger, has filed form 8-K with the US Securities and Exchange Commission (SEC), disclosing unauthorized access to its systems including a dataset containing personal information of approximately 8.4M users. The data accessed include "names, phone numbers, car registration numbers, personal addresses and email addresses," but do not seem to include "financial information, plaintext passwords, or other sensitive identifiers." Zoomcar activated its incident response plan after employees were contacted on June 9, 2025, by a threat actor who claimed the unauthorized access. The company has since implemented system monitoring and is reviewing access controls in their internal network and cloud, and has informed law enforcement of the attack and engaged third-party cybersecurity experts to investigate. While scope and impacts are still being evaluated, "to date, the incident has not resulted in any material disruption to the Company’s operations."

Read more in

The Register reports that National Health Service Professionals (NHSP), an organization providing temporary staff to NHS trusts in the UK, never publicly disclosed a May 2024 system intrusion and theft of its core Active Directory (AD) database file, which contained sensitive system data including hashed user credentials. NHSP contacts showed The Register the June 2024 incident response report by Deloitte, whom NHSP engaged to investigate alongside the Information Commissioner's Office (ICO). The report states that an attacker gained access using compromised Citrix credentials, escalating privileges before moving laterally through Remote Desktop Protocol (RDP) and Server Message Block (SMB) and deploying malware including malicious use of Fortra red teaming tool Cobalt Strike Beacon, then accessing the domain controller via WinRM and a domain admin account, and "likely exfiltrating the Active Directory database via the established Citrix session," loading it onto a physical drive as a ZIP archive. While an NHSP spokesperson has stated that no service disruption occurred and "no data or other information was compromised," Rob Dyke, director of platform engineering and former site reliability engineer at a London NHS Trust, characterized the database file as "the keys to the kingdom," calling this "a major compromise." Deloitte notes prompt preventative action from NHSP including "resetting authentication certificates, and rotating all user passwords in its domain" also "disabling drive mapping for all user accounts where there was no justifiable business reason for the feature" in Citrix, and reducing all account permissions to the minimum needed. NHSP performed a security self-evaluation in June 2024, determining that "its status 'exceeded' national standards." However, MFA implementation was incomplete at the time of the attack, Endpoint Detection and Response (EDR) solutions were not comprehensively in place, and event log size limits reduced available evidence. The ICO has closed the case, likely because no personal data were accessed.

Read more in

Canadian Airline WestJet is investigating a cybersecurity incident that affected the company's internal systems as well as their website and their app. Transport Canada, a Canadian government agency responsible for transportation policies and programs, and law enforcement are assisting WestJet with their investigation. As of Sunday, June 15, the WestJet website and application had been restored, but the company cautioned that "some guests may temporarily encounter intermittent interruptions or errors while using them." The airline's operations appear not to be affected by the incident.

Read more in

A statement on June 15, 2025, from major US grocery distributor United Natural Foods Inc. (UNFI) states that they are now "receiving orders and delivering products to our grocery store customers across North America" in the wake of major operational disruptions and grocery shortages due to a cyberattack discovered June 5. The company's network had been proactively taken offline, and while no recovery timeline has been given, progress is underway toward restoring electronic ordering systems; meanwhile, UNFI is using "alternative processes" to fulfill customer needs, which may include some pen-and-paper tracking of deliveries. The nature and scope of the attack have not been disclosed.

Read more in