TL;DR:

  • Trump bans Anthropic from federal contracts. Pentagon declares AI company a “supply chain risk” after Anthropic refused to remove safeguards preventing mass surveillance and autonomous weapons. $200 million contract terminated. OpenAI already in talks to fill the gap.
  • IRS-ICE data sharing continues despite 42,695 violations. DC Circuit appeals court rejected a request to block taxpayer data transfers. The same data sharing a federal judge just found illegal 42,695 times.
  • Odido hackers leak another 1 million records. ShinyHunters escalating after ransom rejection. Total published: 1.68 million Dutch telecom customers.
  • Texas AG Conduent investigation expands. Ken Paxton now demanding documents from Blue Cross Blue Shield. “Largest breach in U.S. history” confirmed at 26+ million.
  • FISA 702: 51 days until sunset. Clean extension vs. warrant requirement battle intensifies.

Trump Bans Anthropic After AI Company Refuses Surveillance, Weapons Use

President Trump ordered every federal agency to stop using Anthropic’s technology Friday. The Pentagon simultaneously designated the company a “supply chain risk to national security.”

The showdown had been brewing for weeks. Anthropic held a $200 million Pentagon contract signed last summer. Defense Secretary Pete Hegseth demanded the company remove safety restrictions that prevent its Claude AI from being used for mass domestic surveillance and fully autonomous weapons.

Anthropic CEO Dario Amodei refused. “We cannot in good conscience accede to their request,” Amodei said Wednesday. “Threats do not change our position.”

The company offered a compromise: Claude could be used for “defensive” applications including missile defense, cybersecurity, and threat analysis. But it drew a hard line on mass surveillance of Americans and weapons that kill without human authorization.

That wasn’t enough. The Pentagon insisted AI models must be available for “all lawful purposes.”

OpenAI wasted no time. Reports emerged Friday that Sam Altman is already in talks with the Pentagon to fill the gap. OpenAI dropped its own restrictions on military use last year.

The implications extend beyond one contract. Anthropic now faces potential exclusion from the defense supply chain entirely. Other AI companies are watching closely, resist Pentagon demands, lose federal business.

Sources: Washington Post, CNN, NPR, Fortune

Full coverage: Trump Bans Anthropic from Federal Contracts Over AI Ethics Guardrails

Court Allows IRS-ICE Data Sharing Despite Violations Ruling

One day after a federal judge found the IRS broke the law 42,695 times, an appeals court said the data sharing can continue.

The DC Circuit on Tuesday rejected a request from immigrant rights groups to temporarily block the IRS from sharing taxpayer data with ICE. The court acknowledged the violations but declined to halt the program during appeals.

Translation: The IRS admitted breaking federal privacy law roughly 90% of the time it shared data. A judge counted 42,695 specific violations. And the data pipeline stays open.

The legal battle now splits across two jurisdictions. A Massachusetts federal judge ordered the IRS to stop sharing data. The DC Circuit refused to enforce similar restrictions. Until the circuit split gets resolved, ICE keeps receiving addresses.

The Treasury-DHS data sharing agreement covers 1.2 million names ICE submitted for cross-referencing. The IRS verified roughly 47,300 of them. Court filings revealed ICE submitted thousands of requests with “Failed to Provide” or “NA NA” as addresses, and the IRS handed over taxpayer information anyway.

Sources: Washington Post, Federal News Network, CPA Practice Advisor

Our coverage: IRS 42,695 Violations | Courts in Conflict

Odido Hackers Leak Another Million Records

ShinyHunters kept their promise. Another 1 million lines of stolen Odido customer data hit the dark web Friday.

The Dutch telecom breach now has 1.68 million records publicly exposed. ShinyHunters released 680,000 earlier this week; the Friday dump nearly doubles that. The hackers say they’ll keep releasing until Odido pays the ransom or they run out of data.

Odido refuses to pay. Dutch authorities are investigating but ShinyHunters operates from jurisdictions that won’t cooperate with European law enforcement.

The group originally compromised 6.2 million customers, roughly one-third of the Netherlands. The stolen data includes names, addresses, phone numbers, dates of birth, bank account numbers (IBANs), passport details, and driver’s license information.

Security researchers say the data has already been scraped and incorporated into criminal databases. The damage from each new release is incremental, most of the harm was done when ShinyHunters first obtained the files.

ShinyHunters used the same playbook that hit Wynn Resorts, Harvard, TransUnion, and Figure Technology in recent weeks: vishing attacks that social-engineer past SSO protections.

Sources: NL Times, The Register

Our coverage: Odido Breach | ShinyHunters SSO Campaign

Texas AG Expands Conduent Investigation

Ken Paxton wants answers from Blue Cross Blue Shield now too.

The Texas Attorney General issued Civil Investigative Demands to both Conduent and BCBS of Texas on February 12, demanding documents about what is being called the largest data breach in U.S. history.

The scope keeps growing. Conduent, a government technology contractor, processes Medicaid, food assistance, and child support payments for state governments. The ransomware attack that hit in January 2025 compromised at least 26 million Americans, 15.4 million in Texas alone, effectively half the state.

The SafePay ransomware group claims they stole 8 terabytes over a three-month intrusion. Stolen data includes Social Security numbers, medical records, and health insurance details. At least 10 federal class action lawsuits have been filed.

Paxton’s investigation focuses on both companies’ compliance with Texas law and their security measures before the breach. BCBS contracted with Conduent for claims processing. Both face scrutiny over whether adequate protections were in place.

Conduent still hasn’t finished notifying victims, more than a year after the attack began.

Sources: Texas AG, Cybersecurity News, HIPAA Journal

Our coverage: Conduent Breach: 26 Million Americans

Quick Hits

Harvard breach confirmed: 115,000 records. ShinyHunters hit Harvard’s Alumni Affairs and Development department on February 4 via vishing attack. Compromised records include donor information. The same group behind Odido, Wynn, and a dozen other recent breaches. [InfoStealers]

UMMC ransomware: Day 9. Mississippi’s largest hospital system still operating on paper. Clinics remain closed. No confirmation on data exfiltration yet. Recovery could take weeks. [Full coverage]

Government Surveillance Transparency Act reintroduced. Senators Wyden, Daines, Booker, and Lee pushing bipartisan reform. The bill would require law enforcement to notify targets about surveillance after investigations conclude. [FedScoop]

California Privacy Protection Agency board met February 27. Ongoing work on Delete Act implementation and data broker registration. DROP platform requiring brokers to process deletion requests every 45 days going live later this year. [CPPA]

UK Cyber Security and Resilience Bill advancing. Committee stage ongoing. Represents biggest overhaul of UK cybersecurity regulation since 2018. Mandatory incident reporting, expanded regulator powers. [Trowers]

What to Watch

  • March 3 Senate DHS oversight hearing: Senate Judiciary questioning DHS on surveillance, ICE operations, biometrics. Expect fireworks over IRS data sharing.
  • March 5 Penlink deadline: Congress demanded briefing on ICE’s warrantless phone tracking. Five days left.
  • Anthropic fallout: Will other AI companies maintain safety guardrails or follow OpenAI’s path to unrestricted military access?
  • Odido data releases: ShinyHunters threatening continued leaks. At least 4.5 million customers still unexposed.
  • UMMC patient notifications: If ransomware group exfiltrated data, disclosure letters coming soon.

Surveillance Law Countdown

FISA Section 702 expires in 51 days (April 20, 2026). The SAFE Act offers warrant requirements. Clean extension means two more years of warrantless collection of Americans’ communications. Understand what’s at stake.

References

  1. Washington Post - Anthropic Pentagon Standoff
  2. CNN - Trump Orders Agencies to Cease Anthropic Use
  3. Washington Post - IRS Data Sharing Continues
  4. NL Times - Odido Million Record Leak
  5. Texas AG - Conduent Investigation
  6. FedScoop - Surveillance Transparency Act