In this roundup, we’re covering a mix of breaches, data privacy fines, and government crackdowns making headlines. From wallets losing millions to major health data breaches and regulatory action against big names. Let’s look at the details.
Disney Fined $10 Million Over Children’s Data Privacy Violations on YouTube
Disney has agreed to pay a $10 million civil penalty to settle a lawsuit over how it handled children’s data on YouTube. A federal judge approved the settlement after U.S. regulators accused the company of violating the Children’s Online Privacy Protection Act, better known as COPPA.
The case is about Disney’s YouTube videos aimed at kids. According to the Justice Department, Disney failed to properly label hundreds of child-focused videos as “Made for Kids.” That label is important because it tells YouTube to stop collecting personal data and to turn off targeted ads. Without it, children’s data can still be gathered and used for advertising.
Regulators say Disney continued mislabeling content even after YouTube warned the company in 2020 and switched more than 300 Disney videos to the correct setting itself. By then, the damage had already been done. The complaint argues that the wrong labels allowed data collection from viewers under 13 and helped fuel targeted ads, which also generated ad revenue for Disney.
Beyond the fine, the settlement forces Disney to change its practices. The company must clearly notify parents before collecting any children’s data and make sure all kid-directed videos are labeled correctly going forward.
Trust Wallet Loses $8.5 Million After Shai-Hulud Supply Chain Attack
The $8.5 million theft from Trust Wallet has now been linked to a wider software supply chain attack known as Shai-Hulud 2.0.
The attack occurred in late November 2025, when a self-replicating worm spread through the NPM ecosystem. During that wave, attackers gained access to Trust Wallet’s developer GitHub data. With those credentials, the attackers pushed a malicious version of Trust Wallet’s Chrome extension, version 2.68, outside the normal release process.
Between December 24 and 26, anyone who logged into their wallet using that extension was at risk. Trust Wallet later confirmed that 2,520 wallets were drained, with about $8.5 million traced to 17 attacker-controlled addresses. Some wallets not officially tied to Trust Wallet were also affected.
The malicious extension quietly pulled in code from an attacker-owned domain, harvested sensitive wallet data, and allowed fraudulent transactions. While Trust Wallet promised to reimburse affected users, the company has urged everyone to update to version 2.69 immediately.
This attack is not an isolated breach; Shai-Hulud has infected hundreds of packages, compromised thousands of machines, and is still evolving, with a third variant already spotted.
Covenant Health Revises Breach Impact to Nearly Half a Million Patients
US-based healthcare provider, Covenant Health, has revised its May 2025 breach report, confirming that about 478,000 patients may now be impacted. This is an increase from the initial figure of just under 8,000 people that the healthcare provider shared in July. Covenant Health learned on May 26 that attackers had accessed its network eight days earlier and viewed or copied patient data.
The attack was later claimed by the Qilin ransomware group, which stated it stole a large volume of files from the network. Covenant Health has not confirmed that number but acknowledged that the exposed information could include names, home addresses, dates of birth, medical record numbers, Social Security numbers, insurance details, and information related to patient care.
The healthcare provider brought in external forensic experts to review what happened and assess the damage. That review is still ongoing.
Covenant Health says it has taken steps to strengthen its systems and reduce the risk of a repeat incident. Affected patients are being offered 12 months of free identity protection services. Notification letters began going out on December 31.
European Space Agency Faces Cyberattack
The European Space Agency has stated that some of its systems were recently hacked. This comes after a cybercriminal offered to sell data allegedly stolen from the agency.
ESA is now investigating and tightening security on the affected devices. So far, it looks like the breach only hit a few servers outside the agency’s main network. These servers mostly handle non-classified projects with international scientific partners.
The agency reassured the public that everyone involved has been notified and promised to share more details as the investigation continues.
The hacker, going by ‘888,’ claimed on the BreachForums site that they got their hands on about 200 GB of ESA data, including files from private code repositories. They claim that it contains source code, API tokens, credentials, and other sensitive documents, and even shared screenshots as proof.
Ghana’s Multi-Agency Offensive Against Digital Piracy
On January 1, 2026, Ghana’s National Communications Authority and the Cyber Security Authority began a coordinated crackdown on online pay-TV piracy. Regulators say the move is driven by lost tax revenue, financial harm to the creative industry, and growing cybersecurity risks for users.
The action follows a directive issued on December 31, 2025, which set up a stakeholder committee led by the Minister for Communications and Digital Technology. The committee is now working to shut down illegal streaming platforms, many of which authorities say double as entry points for malware and phishing attacks that put users’ data at risk.
Officials also state the effort aims to protect legitimate providers whose recent subscription changes have led to a rise in legal sign-ups. With the Cyber Security Authority fully involved, the government is framing piracy not just as a copyright problem, but as a broader issue of consumer safety and national digital security.
WIRED Magazine Subscriber Data Leak Allegedly Part of Broader Condé Nast Breach
In December 2025, a threat actor operating under the alias “Lovely” published what they claim are 2.3 million WIRED subscriber records online after allegedly gaining unauthorized access to systems owned by Condé Nast, WIRED’s parent company. The leaked dataset, with entries dating as recently as September 2025, includes email addresses and display names for all exposed accounts. For a subset of users also full names, phone numbers, dates of birth, gender, geographic locations, and physical addresses.
According to security researchers and breach monitors, portions of the leaked data have been validated as authentic through cross-referencing with compromise logs and public breach services, though no passwords or payment information have been found in the published files. The threat actor first posted the release in underground forums in late December and has threatened to disclose up to 40 million additional records spanning multiple Condé Nast brands such as Vogue, The New Yorker and others, intensifying concerns over broader exposure across the media conglomerate’s centralized user infrastructure.
While Condé Nast has not publicly confirmed the full scale of the incident, cybersecurity analysts warn that the exposure of extensive personally identifiable information could facilitate phishing campaigns, identity theft, account takeover attempts, and other forms of targeted fraud if users and organizations do not promptly adopt protective measures.
It’s 2026, and staying informed is part of staying safe.
If you want to learn more, you can download our 2025 Threat Intelligence Report on Artificial Intelligence and join our newsletter for ongoing updates.