PrivacySignal
Breach

Your Period Tracker Is (Probably) Spying on You

WIRED — AI · · International · Data Breaches

A new report examines how period tracking apps collect and share sensitive reproductive health data, raising concerns about user exposure, particularly in jurisdictions where abortion access is legally restricted. The broader roundup also covers Russian cyber operations targeting infrastructure, repeated DHS security failures, and a breach revealing an AI music platform's data scraping practices.

Why this matters: Reproductive health data is some of the most personally consequential information a phone can hold. In states where abortion is criminalized, what a period tracker knows about you is not just a privacy issue — it is a legal exposure issue. Most people downloading these apps are not thinking about data brokers or law enforcement requests. They are just tracking their cycle. That gap between what users expect and what apps actually do with that data is where the real harm lives. If an app collects it, someone else can buy it, subpoena it, or steal it.

Who should care: Cybersecurity · Privacy officers · Administrators · General readers · AI governance · Policy

This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.

Related stories

Breach
Volexity · · International

Proxying to Compromise: SonicWall Secure Mobile Access 0-day Exploitation

Security firm Volexity discovered in early July 2026 that threat actors had exploited a zero-day vulnerability in SonicWall Secure Mobile Access VPN appliances, compromising the devices during an active incident response investigation. The attack targeted the remote access hardware that organizations rely on to connect employees securely to corporate networks.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance

#breach#enforcement#security Read original →
Breach
BleepingComputer · · International

Ernst & Young discloses data breach after support system hack

Ernst & Young has begun notifying customers of a data breach stemming from the compromise of a third-party support ticket system used by its IT staff. The breach originated outside EY's own infrastructure, in a vendor tool the firm relied on for internal technical support.

Who should care: Cybersecurity · Privacy officers · Administrators

Breach
HIPAA Journal · · US Federal

All About Women’s Care Data Breach Affects Up to 12,000 Patients

All About Women's Care, a Colorado-based healthcare provider, has notified approximately 12,000 patients that their personal information was exposed in a data breach. The incident was reported in the HIPAA Journal, which covers healthcare data security and compliance.

Who should care: Cybersecurity · Privacy officers · Administrators · Healthcare professionals · Compliance

#breach#healthcare Read original →
Breach
BleepingComputer · · International

Coca-Cola says Fairlife ransomware attack halts US dairy production

The Coca-Cola Company disclosed today that a ransomware attack impacting its Fairlife dairy subsidiary has disrupted operations, temporarily suspending production of Fairlife products across the United States. [...]

Who should care: Cybersecurity · Privacy officers · Administrators

#breach#security Read original →
Breach
DataBreaches.net · · International

The Breach That Won’t End: An Update on Canvas, and how they created an EdTech’s Vendor Trust Problem

Months after a breach at Instructure, the company behind the Canvas learning management system, affected educational institutions are still waiting for individualized findings. As of early July, Instructure had only begun delivering the first wave of institution-specific data packets, with the forensic review dragging well past initial timelines.

Who should care: Cybersecurity · Privacy officers · Administrators

Breach
BleepingComputer · · International

23andMe to pay $18 million in new genetics data breach settlement

23andMe has agreed to an $18 million settlement with a coalition of 43 state attorneys general over its failure to adequately protect customers' genetic data from a breach. The settlement resolves multistate claims that the company did not take sufficient steps to secure some of the most sensitive personal information people can share.

Who should care: Cybersecurity · Privacy officers · Administrators · Lawyers · Compliance

#breach#enforcement Read original →