TL;DR:

  • A federal judge blocked ICE from using IRS taxpayer data. The court ruled the data-sharing agreement likely violates federal privacy laws. Problem is, ICE already requested 1.28 million taxpayer records and got 47,000 matches. The IRS even shared extra address data it wasn't supposed to.
  • Ring killed its Flock partnership after Super Bowl backlash. The "Search Party" ad freaked people out. Now Ring says the integration "would require significantly more time and resources than anticipated." Translation: they got caught building a nationwide doorbell surveillance grid.
  • Figure Technology got breached via social engineering. ShinyHunters leaked 2.5GB of customer data after Figure refused to pay ransom. Names, addresses, dates of birth, phone numbers, all from a blockchain lender that couldn't protect a single employee's credentials.
  • DHS shutdown hits Day 3. CISA still has two-thirds of its staff furloughed. Congress is on recess. Meanwhile, Microsoft's six zero-days from Tuesday remain unpatched across federal systems.
  • Lawmakers introduced the ICE Out of Our Faces Act. The bill would ban ICE and CBP from using facial recognition technology entirely. It would also require deleting all existing biometric data. Four senators, bipartisan support, zero chance of passing right now.

Federal Judge Blocks ICE From Using Your Tax Data. But the Damage Is Already Done.

Judge Indira Talwani issued an injunction on February 12 blocking ICE from accessing or using IRS return information for immigration enforcement. The court found the data-sharing agreement likely violates federal tax confidentiality laws and could discourage tax compliance.

The problem: ICE already used it. In a court declaration filed the same week, IRS Chief Risk and Control Officer Dottie Romo admitted ICE submitted requests for names and addresses of 1.28 million individuals. The IRS fulfilled that request, resulting in over 47,000 matches. For about 5% of those people, the IRS provided additional address details that may have violated even the loose terms of the original agreement.

The Treasury Department notified DHS of the "improper disclosure" in January 2026 and asked for help fixing it. Nobody's said how exactly you "fix" handing immigration enforcement 47,000 taxpayers' personal information.

Yale's Budget Lab estimates the IRS-ICE agreement would cause federal revenues to drop $12 billion for the remainder of fiscal year 2025, and $25 billion in fiscal year 2026. The math is simple: immigrants who fear their tax returns will trigger a deportation order stop filing. The government collects less money while spending more on enforcement.

The original agreement, signed April 2025, was supposed to target only people with final orders of removal or under federal criminal investigation. The 1.28 million request suggests those limits didn't hold.

Sources: FedScoop, Yale Budget Lab, AfroTech, National Immigration Forum

Ring Cancels Flock Partnership After Super Bowl Ad Revealed the Quiet Part Out Loud

Ring is ending its planned integration with Flock Safety after its Super Bowl ad caused an immediate backlash. The ad showed a lost dog being tracked through a network of Ring cameras, and millions of viewers realized what that actually meant for them.

Ring's spokesperson Emma Daniels said the partnership was "never active" and the companies "never announced a date for it to go live." The official explanation: "Following a comprehensive review, we determined the planned Flock Safety integration would require significantly more time and resources than anticipated."

Nobody believes that. The partnership was announced last October. Flock makes AI-powered license plate readers used by over 7,000 police networks across the country. The integration would have let Ring doorbell owners share footage with law enforcement agencies using Flock's software, including, as we reported Friday, agencies searching on behalf of ICE.

The EFF dubbed Ring's vision "the largest civilian surveillance panopticon." The Super Bowl ad made that abstract threat concrete. People saw the dog tracking feature and immediately understood: if they can find a dog, they can find anyone. Some customers started removing their cameras.

We published a full breakdown of the Ring-Flock partnership on February 11. The cancellation doesn't change Ring's core business: selling 90,000+ cameras whose footage can already be shared with police. It just kills the most visible escalation.

Sources: CNBC, Fortune, The Hill, Variety

Blockchain Lender Figure Confirms Breach After Social Engineering Attack

Figure Technology, a blockchain-based lending company, confirmed on February 13 that hackers stole customer data through a social engineering attack. The ShinyHunters group published 2.5 gigabytes of allegedly stolen data after Figure refused to pay a ransom.

The breach started when an employee got tricked into giving up credentials, likely through a phone call. That gave the attackers access to internal files. According to Figure, the stolen data includes customer names, home addresses, dates of birth, and phone numbers.

A ShinyHunters member told reporters that Figure was among several victims of a recent campaign targeting organizations using Okta single sign-on services. Other confirmed victims include Harvard University (115,000 records exposed on February 4) and the University of Pennsylvania.

Figure is offering free credit monitoring "to all individuals who receive a notice." The company also says it's "communicating with partners and those impacted." But the 2.5GB of data is already on dark web forums. Credit monitoring doesn't unring that bell.

The pattern here matters: ShinyHunters has been on a tear in early 2026. They've hit Match Group, Panera Bread, Harvard, and now Figure: all through compromised SSO credentials. If your organization uses Okta, this is your warning.

Sources: TechCrunch, FinanceFeeds, Security Affairs

ICE Out of Our Faces Act Would Ban Facial Recognition at the Border

Senator Edward Markey, Senator Jeff Merkley, Senator Ron Wyden, and Representative Pramila Jayapal introduced the ICE Out of Our Faces Act on February 5. The bill would ban ICE and CBP from acquiring or using facial recognition technology and other biometric identification systems.

It would also require the agencies to delete all data collected through existing biometric systems. Individuals and state attorneys general could sue for civil penalties if the agencies violated the ban.

The timing is pointed. ICE agents are currently using a smartphone app called Mobile Fortify to scan faces of both U.S. citizens and immigrants, pulling up immigration status instantly. CBP just signed a contract for Clearview AI access to 60 billion scraped images. The agencies are buying facial recognition technology faster than Congress can object.

The EFF, EPIC, ACLU, Fight for the Future, and Human Rights First all endorsed the bill. That bipartisan coalition matters. But the bill has zero chance of passing a Republican-controlled Congress. The value is putting lawmakers on record: where do you stand on scanning Americans' faces without consent?

Sources: Senator Markey Press Release, EFF, Rep. Jayapal, EPIC

DHS Shutdown Day 3: Congress Is on Vacation

The DHS shutdown entered its third day on Sunday. Lawmakers left for a weeklong recess without a deal. They're not scheduled back until February 23, meaning at least seven more days of this.

CISA remains at one-third capacity. 1,453 of its 2,341 employees are furloughed. No new cybersecurity guidance. No vulnerability assessments. No incident response coordination. Microsoft's six zero-days from Tuesday's Patch Tuesday are still being actively exploited across federal networks.

The funding fight centers on ICE operations. Democrats want body cameras on agents, warrant requirements for home entries, and restrictions on roving patrols. These demands intensified after ICE agents fatally shot two U.S. citizens in Minneapolis. House Speaker Mike Johnson called them "non-starters."

About 90% of DHS's 260,000+ employees continue working without pay. TSA agents, Coast Guard sailors, Border Patrol, all unpaid. ICE is the exception: separately funded through the One Big Beautiful Bill, they're fully operational.

The pattern is the same as Day 1: surveillance continues, defense gets cut. ICE has the money to run facial recognition apps and tap school cameras. CISA doesn't have the staff to tell you which patches to install.

Sources: Nextgov, The Record, Axios

Quick Hits

HIPAA privacy rule update deadline is today: The Department of Health and Human Services requires health plans and most healthcare providers to update their Notices of Privacy Practices by February 16 to reflect new federal rules for handling substance use disorder information under 42 C.F.R. Part 2. If you're in healthcare, your compliance deadline is now. [Seyfarth Shaw]

Meta's Name Tag facial recognition could launch this year: Internal Meta documents say the company plans to add real-time facial recognition called "Name Tag" to Ray-Ban smart glasses. The same documents say Meta timed the feature's development for "a dynamic political environment where civil society groups...would have their resources focused on other concerns." They're betting you're too distracted to care. We have full coverage. [TechCrunch]

Harvard breach post-mortem published: InfoStealers published a technical and ethical analysis of the February 4 ShinyHunters attack on Harvard's Alumni Affairs and Development department. The breach exposed 115,000 records through compromised Okta SSO credentials, the same attack vector as Figure Technology. [InfoStealers]

Japan Airlines confirms customer data breach: JAL discovered unauthorized access to its systems on February 9. Customer names, phone numbers, email addresses, and travel details were compromised. If you've flown JAL recently, watch for phishing attempts. [Privacy Guides]

Cottage Hospital breach affects 1,600: A New Hampshire hospital disclosed a data breach affecting 1,600 people. The hospital found the breach in December and is still investigating scope and impact. [Valley News]

What to Watch

  • DHS shutdown clock: Congress returns February 23 at the earliest. That's seven more days of CISA gutted while six Microsoft zero-days remain actively exploited. The longer this runs, the wider the window for attackers.
  • FISA 702 countdown, 63 days: Section 702 expires April 20. The White House met with lawmakers on February 11 but still hasn't taken an official position. Senators Durbin and Lee are expected to reintroduce the SAFE Act with a warrant requirement when Congress returns. A classified Senate hearing last week "erupted in frustration" when officials refused to state the administration's stance.
  • ShinyHunters campaign: They've hit Match Group, Harvard, Penn, and Figure, all through compromised Okta SSO. If you use Okta, check your MFA settings. If you're a customer of any breached company, assume your data is on dark web forums.
  • IRS-ICE data fallout: The court blocked future sharing, but what happens to the 47,000 matches ICE already has? The injunction doesn't order data deletion. Those taxpayer records are still in ICE systems.
  • Ring's next move: They killed the Flock partnership. They haven't killed Search Party. The AI feature that scans 90,000+ Ring cameras is still coming. Watch for a quieter launch once the Super Bowl backlash fades.

References

  1. FedScoop - Federal Judge Blocks ICE From Using IRS Data
  2. Yale Budget Lab - Impact of IRS-ICE Data Sharing on Tax Compliance
  3. CNBC - Amazon's Ring Cancels Flock Partnership
  4. Fortune - Ring Ends Flock Partnership
  5. TechCrunch - Figure Technology Confirms Data Breach
  6. FinanceFeeds - Figure Technology Breach Details
  7. Senator Markey - ICE Out of Our Faces Act
  8. EFF - Endorsement of ICE Out of Our Faces Act
  9. Nextgov - CISA Furloughs Under DHS Shutdown
  10. The Record - CISA Chief on Shutdown Impacts
  11. TechCrunch - Meta Plans Name Tag Facial Recognition
  12. InfoStealers - Harvard Breach Post-Mortem
  13. National Immigration Forum - IRS-ICE Agreement Explainer
  14. Security Affairs - Figure Breach Analysis
  15. Seyfarth Shaw - HIPAA February 16 Deadline