August 2025 Privacy Pulse: The Cybersecurity Landscape
August Privacy Pulse:
The Latest Threats
1. Minnesota lawmaker shooting—data brokers played a role
In June, Minnesota was shaken by violence that revealed how dangerous open access to personal data has become.
Vance Boelter allegedly assassinated State Rep. Melissa Hortman and her husband, and shot State Sen. John Hoffman and his wife.
Court records show Boelter used people-search websites (data brokers) to track home addresses. He even kept a notebook listing 11 data broker sites and dozens of potential targets (Politico).
Lawmakers, including Senators Amy Klobuchar and Ron Wyden, said the attack highlights how easily accessible personal information can enable violence and called for tighter regulation of data brokers.
This case underscores that data exposure is not just a digital risk—it is a real-world safety issue.
2. Data brokers hiding opt-out pages from search
New reporting shows that many data brokers are actively trying to make it harder for people to exercise their rights.
A joint WIRED/CalMatters investigation found at least 35 major data brokers—including IQVIA, Comscore, and Telesign—using technical tricks to hide their “delete my data” pages from Google and Bing (WIRED).
Senator Maggie Hassan demanded answers by September 3, calling this tactic a “dark pattern” designed to keep personal data flowing and make opting out nearly impossible (WIRED).
If brokers are deliberately burying opt-outs, consumers and organizations need trusted partners to ensure rights are exercised effectively.
3. ShinyHunters Salesforce and enterprise breaches
The cybercrime group ShinyHunters has escalated its attacks on corporate systems, targeting CRM and SaaS platforms.
Google: The company itself admitted falling victim to a Salesforce-related breach via social engineering (ITPro).
Workday and Chanel confirmed similar breaches, with attackers stealing employee and customer contact data.
Allianz Life: The worst case so far—2.8 million sensitive records leaked, including SSNs, tax IDs, addresses, and birthdates (TechRadar).
ShinyHunters thrives on data broker-style information—employee names, emails, phone numbers—that fuels phishing, fraud, and deeper breaches.
4. Healthcare: cyber incidents on the rise
The healthcare sector continues to face record-breaking attacks, with millions of patients and providers exposed.
DaVita ransomware impacted 2.7 million people, encrypting parts of its lab database across ~3,000 clinics (Reuters).
1.2 million unsecured devices leaked sensitive scans and images (MRI, X-rays, bloodwork) worldwide (TechRadar).
Texas Digestive Specialists reported a ransomware incident affecting 41,500 patients (MySA).
Episource (Optum-owned) suffered a breach hitting 5.4 million people, with names, addresses, SSNs, and phone numbers exposed (Tom’s Guide).
HHS reports 307 healthcare breaches already in 2025, on pace to exceed last year’s record (WSJ).
The trend is clear: patient safety and trust are being undermined by a combination of ransomware, poor data governance, and weak device security.
Why this matters
Physical safety risks: Data broker exposure has already been linked to stalking, harassment, and violence.
Cyber risks: Criminal groups like ShinyHunters are using public and brokered data to compromise enterprise systems.
Deceptive practices: Brokers are burying opt-outs, betting you won’t find them.
Organizational risk: Employee contact details online make it easy for attackers to impersonate staff or target executives.
Healthcare fallout: Breaches in patient records and devices put lives, reputations, and operations at risk.
What you can do now
Personal protections
Enable multi-factor authentication (MFA) on all critical accounts (email, bank, mobile).
Use strong, unique passwords—password managers make this simple.
Freeze your credit reports at Experian, TransUnion, and Equifax.
Be cautious with calls or emails—verify before sharing information or clicking links.
Organizational protections
Remove employee and organizational data from data brokers. This reduces the fuel attackers use for social engineering. mePrism Privacy automates this process, escalating legal requests and continuously monitoring for re-exposure.
Harden SaaS and CRM platforms: enforce least-privilege access, use phishing-resistant MFA, and restrict third-party app permissions.
Secure medical and IoT devices: change defaults, segment networks, and actively monitor for leaks.
Strengthen governance: don’t just comply—review what data you retain, and minimize exposure.
Quick Action Checklist
ShinyHunters / Social Engineering Defense Checklist
Strong Authentication
Use phishing-resistant MFA (FIDO2, hardware keys, passkeys).
Retire SMS/voice MFA
Require re-authentication for sensitive actions.
Access Controls
Apply least privilege everywhere.
Use just-in-time admin access.
Monitor for logins from unknown devices or geographies.
Employee Awareness
Train staff on real attacker playbooks (fake IT calls, phishing scripts).
Run phishing/vishing simulations.
Provide an easy way to report suspicious activity.
SaaS Security Hardening
Whitelist apps—block unapproved tools.
Review third-party app permissions.
Alert on large exports or unusual activity.
Incident Response
Keep a playbook for SaaS credential compromise.
Collect and review SaaS logs.
Run tabletop exercises.
External Exposure Reduction
Remove employee data from data brokers.
Limit org chart and contact details posted publicly.
Continuously scan for re-emerging data.
Take back control
Data brokers profit by selling your personal and organizational data. Criminals—from stalkers to ransomware gangs—are using that same data to target people, businesses, and institutions.
You can’t prevent every attack, but you can shrink your exposure:
Lock down your accounts.
Freeze your credit.
Remove your information—and your employees’ information—from the open web.
Ready to try mePrism yourself?
At mePrism, we help you take back control of your personal data. Our service scans the web for your exposed personal information—like your name, address, and contact details—and removes it from data broker sites that sell it without your consent. Whether you're protecting your privacy, reducing spam, or guarding against identity theft, we make the process simple, secure, and effective. Ready to clean up your online footprint?
Click here to create your Free Basic account.Explore more from Our Team
Browse more posts written by our team to help you stay in control.
Be Part of the Conversation