TL;DR:

  • Palantir is billing NYC public hospitals. The same company that runs ICE's deportation targeting software has a $4 million contract to process patient health records at NYC Health + Hospitals. They can de-identify your data and use it "for purposes other than research." Immigrant communities served by these hospitals are particularly at risk.
  • DHS shutdown enters Day 5. CISA remains at one-third capacity. Microsoft's six zero-days from Patch Tuesday are still being exploited. Congress won't return until February 23. ICE has full funding. Everyone else works without pay.
  • ShinyHunters leaked 600K Canada Goose customer records. The data includes names, emails, addresses, and partial payment info. Canada Goose claims it's from a third-party processor, not their systems. Either way, 600,000 people just got their shopping history exposed.
  • AltaMed breach exposed patient SSNs. The California healthcare provider is notifying patients and employees of a December 2025 breach. Names, Social Security numbers, medical service dates, and payment info were accessed. Lawyers are already circling.
  • FISA 702 countdown: 61 days. Section 702 expires April 19. The White House wants clean reauthorization. Senators Durbin and Lee plan to reintroduce the SAFE Act with a warrant requirement. The fight starts when Congress returns.

Palantir Gets Your Hospital Records While Running ICE's Targeting Software

New York City's public hospital system has paid Palantir nearly $4 million since 2023 to optimize billing, according to contracts obtained by The Intercept. The same company that builds ICE's deportation targeting platform now processes protected health information for hospitals serving some of the city's most vulnerable immigrant communities.

The contract, set to expire in fall 2026, allows Palantir to "de-identify PHI and utilize de-identified PHI for purposes other than research." That's corporate speak for: they can take your health data, strip your name off it, and use it however they want. The software scans patient health notes to "increase charges captured from missed opportunities": finding billable services that doctors forgot to code.

NYC Health + Hospitals spokesperson Adam Shrier insists the use is "strictly limited to revenue cycle optimization." But privacy advocates aren't buying it. Beth Haroules of the NYCLU put it bluntly: "Any contract sharing New Yorkers' personal data with Palantir puts countless lives at risk."

The context matters. Palantir runs ICE's FALCON and EPIC platforms for tracking deportation targets. They supply software to Israeli military operations. Now they're in hospitals serving immigrant families in the Bronx, Queens, and Brooklyn. Kenny Morris of the American Friends Service Committee: "Same company targeting neighbors for deportation is providing software for our hospitals."

We've covered Palantir's government work before. This is the first confirmed expansion into NYC public healthcare. The contract expires later this year, and whether it gets renewed could become a fight. [Full coverage]

Sources: The Intercept, MuckRock FOIA

DHS Shutdown Day 5: Congress Is Gone, CISA Stays Crippled

The Department of Homeland Security shutdown hit Day 5 on Tuesday with no resolution in sight. Lawmakers left Washington on Thursday and aren't scheduled to return until February 23. Trump's State of the Union is February 24. That's at least ten total days of this.

CISA remains at roughly one-third capacity with about 1,450 of 2,341 employees furloughed. No new vulnerability assessments. No coordinated incident response for federal networks. Microsoft's six zero-days from last Tuesday (including two being actively exploited) are still unpatched across government systems. CISA can't even tell agencies which fixes to prioritize.

The standoff continues over ICE oversight. Democrats want body cameras, warrant requirements for home entries, and restrictions on roving patrols after ICE agents killed two U.S. citizens in Minneapolis on January 20. Republicans call these "non-starters." Nobody's budging.

About 90% of DHS's 272,000+ employees keep working without pay: TSA, Coast Guard, Border Patrol. ICE is the exception: they got separate funding through January's "One Big Beautiful Bill" and are fully operational. The surveillance arm has money. The defense arm doesn't.

Sources: Fox 5 DC, SecurityWeek, Federal News Network

ShinyHunters Leaks 600K Canada Goose Customer Records

ShinyHunters posted roughly 600,000 Canada Goose customer records on their leak site February 14, according to BleepingComputer. The 1.67GB dataset allegedly includes names, emails, phone numbers, billing addresses, shipping addresses, order history, and partial payment card details.

Canada Goose says it wasn't their systems. A spokesperson told BleepingComputer the data "appears to relate to past customer transactions" and that they found "no evidence of a breach of its own systems." ShinyHunters claims the data came from a third-party payment processor breach dating to August 2025.

Security researchers at Cybernews who analyzed samples found most records dated between 2021 and 2023, with significant duplicate entries. Old data or not, if you bought a $1,000 parka in the past few years, your purchase history and contact info may be circulating.

This adds to ShinyHunters' busy February. They've already hit Betterment (1.4M customers), Crunchbase (2M records), Harvard and Penn, Figure Technology, and Panera. Their Okta SSO vishing campaign shows no signs of slowing. If your organization uses Okta, train your staff on voice phishing. Now.

Sources: BleepingComputer, The Register, Cybernews

AltaMed Breach Exposes Patient Social Security Numbers

AltaMed Health Services, one of the largest community health centers in Southern California, is notifying patients and employees of a data breach that exposed Social Security numbers and medical records. The breach occurred on December 14, 2025, but notifications started going out on February 12, 2026.

Compromised data includes names, SSNs, dates of medical services, and payment information. AltaMed says it "immediately activated incident response protocols" when it discovered the breach, but took two months to begin notifications. Affected individuals are being offered "complimentary credit monitoring services": the standard hollow gesture.

Class action lawyers are already investigating claims. AltaMed serves over 300,000 patients across Los Angeles and Orange counties, many of them low-income and uninsured. A breach of this scale at a safety-net provider is particularly damaging: these patients often have fewer resources to monitor for identity theft.

The attack method hasn't been disclosed. Given the timing and target profile, it could be ransomware, credential theft, or part of a larger healthcare campaign. Healthcare breaches keep hitting government-adjacent providers that handle sensitive data without enterprise security budgets.

Sources: ClassAction.org, GlobeNewswire, Cole & Van Note

Quick Hits

FISA 702 countdown, 61 days: Section 702 expires April 19. The White House wants clean reauthorization: no warrant requirement, no reforms. Senators Durbin and Lee are expected to reintroduce the SAFE Act when Congress returns February 23. The fight over whether the government needs a warrant to search Americans' communications starts next week. [Our coverage]

Substack confirmed October breach: The newsletter platform acknowledged last week that a "system issue" in October 2025 allowed unauthorized access to user emails, phone numbers, and account metadata. The disclosure came months after the breach occurred. Substack says passwords weren't exposed. If you run a newsletter there, your subscriber list may have leaked. [WFMD]

23andMe settlement deadline passed: The February 17 deadline to file claims in the $30 million 23andMe data breach settlement has closed. If you were affected and missed it, you're out of luck. The 2023 breach exposed genetic ancestry data for nearly 7 million users. 23andMe is still in business, though barely: the company is exploring a sale. [PIX11]

California surveillance pricing investigation: Attorney General Rob Bonta announced an investigative sweep into "surveillance pricing": businesses using your shopping history, location, and demographics to set individualized prices. The AG sent inquiry letters to major online retailers, grocery chains, and hotels. This is the flip side of data collection: they don't just watch you, they charge you more based on what they see. [Blank Rome]

EFF "Get the Flock Out" event tomorrow: The Electronic Frontier Foundation is hosting an event February 19 on resisting Flock Safety surveillance networks. Following the Ring-Flock partnership collapse and growing city pushback, this is timely. Details at eff.org.

What to Watch

  • DHS shutdown resolution: Congress returns February 23. State of the Union is February 24. Expect a rushed deal or a continuing resolution. CISA stays gutted for at least five more days.
  • Palantir NYC hospital contract: The contract expires fall 2026. Watch for advocacy campaigns targeting renewal. Healthcare workers' unions are already opposed.
  • FISA 702 countdown, 61 days: SAFE Act reintroduction expected next week. The warrant requirement battle is coming. Watch for White House statements on whether they'll oppose reforms.
  • ShinyHunters campaign: February 2026 is their most active month yet. Okta SSO vishing is the attack vector. If you're responsible for security at any mid-size company, run voice phishing simulations this week.
  • AltaMed lawsuit developments: Class action investigations are underway. Healthcare breach litigation often reveals details that breach notifications hide. More information on the attack method may emerge.

References

  1. The Intercept - Palantir Gets Millions From NYC Public Hospitals
  2. Fox 5 DC - No Clear Path to Ending DHS Funding Standoff
  3. SecurityWeek - CISA Navigates DHS Shutdown With Reduced Staff
  4. BleepingComputer - Canada Goose Investigating 600K Record Leak
  5. The Register - Canada Goose Says ShinyHunters Breached Old Data
  6. ClassAction.org - AltaMed Data Breach Investigation
  7. GlobeNewswire - AltaMed Data Breach Claims
  8. Nextgov - Senators to Revive SAFE Act
  9. WFMD - Substack Data Breach Exposes Emails
  10. PIX11 - 23andMe Settlement Deadline
  11. Federal News Network - DHS Shutdown Component Impacts
  12. Cybernews - Canada Goose Breach Claims Analysis