In March, data security incidents included hacking activities, unauthorized access to data, and controversial legal data acquisitions, raising concerns among the public. Here, ten notable events from the previous month in the realm of data security and privacy are summarized.
1. Cyberattack in Foster City
On March 19, Foster City, California was the target of a cyberattack, which was identified as a ransomware incident that impacted nearly all municipal services, prompting city officials to declare a state of emergency.
Currently, it remains unclear whether any citizen data was affected. However, due to the nature of the ransomware attack, there is a possibility that some data may have been compromised.
For additional details regarding the Foster City cyberattack, visit the relevant advisory.
2. FBI Data Purchases Confirmed
During a Senate hearing on March 18, FBI Director Kash Patel disclosed that the agency has been acquiring data to monitor individuals' movement and location history. Patel noted that this data is in accordance with the Electronic Communications Privacy Act and is commercially available. While some individuals support the FBI's actions, others have raised concerns regarding privacy and data protection.
Further information about the FBI’s data acquisition practices can be found in the official statement.
3. Investigation into Former Trump Official
Joe Kent, who previously served as the top counter-terrorism official under President Trump, is currently under investigation for possible leaks of classified information. An insider indicated that this inquiry began prior to Kent's departure from his position.
To learn more about the investigation concerning Kent, refer to the detailed report.
4. Breach at Verizon Retailer
Russell Cellular, an authorized retailer of Verizon, reportedly had its customer database uploaded to a hacker forum. This database contains information on over 6.3 million customers, including personal details such as names, email addresses, and phone numbers.
For further details regarding the Russell Cellular breach, you can check the full disclosure.
5. GuardDog Telehealth Misuses Patient Data
GuardDog Telehealth sought patient healthcare information under the pretense of using it for treatment but instead ended up selling the data. This information was sometimes sold to attorneys looking for clients with specific injuries.
To understand the situation involving GuardDog Telehealth better, visit the official inquiry.
6. Increased Threat Activity Against Salesforce
Following a breach in October 2025, Salesforce issued a warning on March 7 regarding a rise in malicious activity targeting misconfigured public sites. This has raised questions about why platform ecosystems, such as Salesforce, are frequently targeted.
For insights into the threats facing Salesforce and similar platforms, refer to the security report.
7. Intuitive Data Security Incident
Biotechnology firm Intuitive experienced a data breach as a result of a targeted phishing attack. A malicious actor gained access to an employee’s credentials, allowing them to infiltrate the internal business administration network and access:
- Customer contact details
- Business data of customers
- Corporate and employee information from Intuitive
For more information about the Intuitive data breach, check the incident report.
8. Exposure of 3.7 Million Records
Three publicly accessible databases were found to have leaked 3.7 million records, including:
- Transcriptions of phone conversations
- Audio recordings
- Transcriptions of chat interactions
It is currently unclear how long this data was exposed or if any malicious actors accessed it before it was detected.
For further details on the data exposure, refer to the relevant advisory.
9. Data Breach at the University of Hawaii
The Epidemiology Division of the University of Hawaiʻi Cancer Center encountered a data breach after sensitive files connected to epidemiological research and recruitment were exfiltrated. The compromised information may include:
- Social Security numbers
- Voter registration records from the City and County of Honolulu
- Driver’s license numbers
Learn more about the university's breach by visiting the official report.
10. User Data Breach at Crunchyroll
Streaming service Crunchyroll had 100GB of user data stolen. This potentially includes:
- IP addresses
- Email addresses
- Customer analytics
- Credit card information
For more details regarding the Crunchyroll breach, refer to the security advisory.
