TL;DR:

  • Federal lawsuit: DHS labeled ICE observers "domestic terrorists." People watching immigration enforcement in Maine were told they’d be added to databases and watchlists. One viral video shows an agent saying "cause we have a nice little database." Protect Democracy filed the class action February 23.
  • WhatsApp-NSO case finalized. Damages slashed from $168M to $4M, but NSO Group is permanently banned from targeting WhatsApp users with Pegasus spyware. The company is appealing.
  • PayPal exposed SSNs for six months before anyone noticed. A coding bug in the Working Capital loan app leaked SSNs, DOBs, and business data from July to December 2025. About 100 customers affected. Unauthorized transactions confirmed.
  • Conduent breach now affects 25 million people. Texas AG Ken Paxton’s investigation revealed the scope jumped from 4 million to 15.4 million in Texas alone. Combined with Oregon, it could be the largest breach in U.S. history.
  • Schools’ Flock cameras used for ICE searches. Police in four states used school district surveillance feeds to search for immigration targets. The Ring-Flock partnership is dead, but Flock’s ICE connections run deeper.

"You Are Now Considered a Domestic Terrorist"

Colleen Fagan was standing on a public sidewalk in Portland, Maine, watching ICE agents conduct an enforcement operation at an apartment complex. A federal agent walked up to her, scanned her face with a smartphone, and recorded her license plate.

When she asked why, the agent’s response went viral: "Cause we have a nice little database."

Another observer was told directly: "You are now considered a domestic terrorist."

On February 23, the nonprofit Protect Democracy filed a federal class action lawsuit alleging DHS agents are unconstitutionally retaliating against people who legally observe and record immigration enforcement. The lawsuit says agents are using facial recognition tools and the Mobile Companion app (which scans license plates) to identify observers, then threatening them with watchlist placement and arrest.

The complaint alleges First Amendment violations. Watching police work is protected activity. So is recording them. But DHS agents have turned observation into grounds for surveillance and intimidation.

This isn’t an isolated incident. We’ve documented ICE’s pattern of targeting observers: scanning faces, revoking Global Entry privileges, driving to observers’ homes. A federal judge already ordered ICE to stop retaliating. The surveillance continues.

The lawsuit seeks a court order stopping DHS from collecting records on observers and demanding that existing records be expunged. It names DHS, CBP, and ICE as defendants.

Sources: NPR

WhatsApp vs. NSO: $4 Million and a Permanent Ban

The final tally in Meta’s lawsuit against NSO Group: $4 million in damages. Down from $168 million. But with an important catch.

Judge Phyllis Hamilton issued a permanent injunction barring NSO Group from ever targeting WhatsApp or its users with Pegasus spyware. The company that hacked 1,400 journalists, activists, and dissidents in 2019 is now legally banned from the platform.

NSO is appealing. The Israeli spyware manufacturer argued the original damages were excessive and that the company acts only as a vendor: governments choose the targets. That argument didn’t save them from liability, but it may have influenced the reduced payout.

The case established important precedent. A spyware company can be held accountable in U.S. courts for helping clients surveil American platforms. That matters as other lawsuits against surveillance vendors proceed.

Meanwhile, a separate class action filed January 23 alleges that Meta itself can read WhatsApp’s "encrypted" messages through internal tasking systems. That case is just beginning.

Sources: The Record, CyberScoop

PayPal Coding Bug Exposed SSNs for Six Months

For half a year, a bug in PayPal’s Working Capital loan application exposed Social Security numbers, dates of birth, and business information to unauthorized access. Nobody noticed until December.

The exposure ran from July 1, 2025 to December 13, 2025. PayPal says roughly 100 customers were affected. But the company also confirmed something worse: attackers actually used the stolen data. Unauthorized transactions occurred on some accounts before PayPal caught the problem.

What was exposed:

  • Full names
  • Social Security numbers
  • Dates of birth
  • Email addresses and phone numbers
  • Business addresses and PII

PayPal is offering two years of credit monitoring through Equifax. The enrollment deadline is June 30, 2026. If you applied for a PayPal Working Capital loan in the second half of 2025, check for notification letters.

A coding bug leaking SSNs for six months isn’t a sophisticated hack. It’s basic security failure. And the fact that attackers found it before PayPal did tells you how well they were monitoring their own systems.

Sources: Cybernews, Cybersecurity News

Conduent Breach Swells to 25 Million: "Largest in U.S. History"

The Conduent data breach keeps getting worse.

When Texas Attorney General Ken Paxton launched his investigation on February 12, the reported victim count was 4 million Texans. That number has since jumped to 15.4 million, nearly half the state’s population. Combined with Oregon victims, the breach now affects approximately 25 million Americans.

The attackers had access to Conduent’s systems from October 21, 2024 through January 13, 2025. During that time, they stole protected health information from Texas Medicaid recipients and Blue Cross Blue Shield customers. The stolen data includes names, Social Security numbers, medical information, and health insurance details.

AG Paxton issued Civil Investigative Demands to both Conduent and Blue Cross Blue Shield of Texas, demanding documents on their security measures and compliance with state law. His statement: "Texans deserve to know that their private health information is being handled responsibly and in full compliance with the law."

Class action lawsuits are piling up. At least ten have been filed. Some attorneys are calling this potentially the largest data breach in U.S. history by victim count.

If you received Medicaid benefits or had Blue Cross Blue Shield coverage in Texas, assume your data was compromised. The deadline to enroll in Conduent’s credit monitoring is April 30, 2026.

Sources: Texas Attorney General, WRDW, Rolling Out

School Surveillance Cameras Used for ICE Searches

Police departments in Florida, Georgia, Indiana, and Tennessee have used school district Flock Safety cameras to search for immigration targets.

The searches were tagged with reasons including "Immigration (criminal)" and "Immigration (civil/administrative)." That means cops are running plates through school camera systems to help federal deportation efforts. Your kid’s school parking lot is part of the surveillance net.

This comes as the Ring-Flock partnership officially died. Amazon cancelled the integration February 12 after backlash from the Super Bowl ad. But Flock’s connections to law enforcement (and by extension, to ICE) go far beyond Ring.

Flock maintains it doesn’t directly partner with ICE. But their cameras are in police systems. Police share data with federal agencies. The surveillance pipeline exists whether Flock acknowledges it or not.

Several cities are pushing back. We’ve tracked the growing rebellion against Flock cameras, including cities canceling contracts and communities destroying cameras. The Ring partnership cancellation was a win. But the fight isn’t over.

Sources: The 74, TechCrunch

Quick Hits

Aflac breach affected 22.6 million people: The insurance giant finished notifying victims from its June 2025 breach. Stolen data includes SSNs, passport numbers, and health insurance details. Suspected threat actor: Scattered Spider. Enrollment deadline for identity protection: April 18, 2026. [TechCrunch]

Data breach transparency "on life support": The ITRC’s annual report found record 3,322 data compromises in 2025. But companies are increasingly refusing to say how attackers got in. Only 30% provided attack method details. This helps criminals and hurts defenders. [Insurance Journal]

Grocery stores scanning your face at checkout: Wegmans announced facial recognition at some stores. Walmart, Kroger, and Home Depot confirmed they’re doing the same. The stated purpose is loss prevention. The data collection is real. [WRAL]

ICE Out of Our Faces Act reintroduced: Senators Markey, Merkley, Wyden, and Rep. Jayapal introduced legislation banning ICE and CBP from using facial recognition. The bill would also ban acquisition of biometric identification systems. No chance of passage in the current Congress, but it sets a marker. [Rep. Jayapal]

FISA Section 702 countdown, 54 days: The warrantless surveillance law expires April 20. The SAFE Act is expected to be reintroduced this week. [Our explainer]

What to Watch

  • DHS lawsuit developments: The class action against DHS for targeting ICE observers just filed. Watch for government response and potential TRO motions.
  • Conduent investigation: Texas AG Paxton’s demands could reveal how the breach happened and why it took so long to disclose.
  • NSO appeal: The spyware company is fighting the WhatsApp injunction. Outcome could affect other surveillance vendor lawsuits.
  • School camera audits: Now that we know police are using school Flock cameras for immigration searches, expect more districts to review their contracts.
  • Retail facial recognition expansion: Wegmans, Walmart, Kroger, Home Depot. Who’s next? And what are they doing with the data?

References

  1. NPR - DHS Domestic Terrorist Lawsuit
  2. The Record - NSO WhatsApp Verdict
  3. Cybernews - PayPal Breach
  4. Texas AG - Conduent Investigation
  5. The 74 - School Flock Cameras
  6. TechCrunch - Aflac Breach
  7. Insurance Journal - ITRC Report
  8. Rep. Jayapal - ICE Out of Our Faces Act