Data security stories in March saw cybercriminal hackings, data accessed under false pretenses, and legal data purchases that leave some concerned. Here, Security magazine reviews 10 events that made headlines last month in the data security and privacy world. 

1. Foster City Cyberattack

Foster City, California experienced a cyberattack on Mar. 19. This was reportedly a ransomware attack affecting almost all municipal services, and it caused city officials to declare a state of emergency. 

At this time, it is unknown if citizen data was impacted. Given the reports that this was a ransomware attack, it is possible that some data was compromised. 

Learn more about the Foster City cyberattack. 

2. FBI Purchases Data, Confirmed 

During a Senate hearing on Mar. 18, FBI Director Kash Patel revealed has been buying data to track a person’s movement and location history. Patel stated that this purchased data falls in line with Electronic Communications Privacy Act and is commercially available. While some support the FBI’s purchase of data, others express concern about data protection and privacy. 

Learn more about the FBI’s data purchasing. 

3. Former Trump Official Investigated for Potential Leak 

Joe Kent, the former top counter-terrorism official for President Trump, is being investigated for potential leaks of classified information. According to an individual close to the situation, this investigation predates Kent’s departure. 

Learn more about the investigation into Kent. 

4. Verizon Retail Customer Breach

Russell Cellular, a Verizon Authorized Retailer, had a customer database allegedly uploaded to a hacker's forum. The database contains records of more than 6.3 million customers and contains personal data such as names, email addresses, phone numbers and more. 

Learn more about the Russell Cellular breach. 

5. GuardDog Telehealth Accessing Records Under False Pretenses 

GuardDog Telehealth requested patient healthcare data and claimed to utilize it for treatment purposes, but in reality, the organization was selling the information. Sometimes, this data was sold to attorneys seeking clients with specific injuries. 

Learn more about the GuardDog Telehealth situation. 

6. Targeted Activity Against Salesforce

After the breach in October 2025, Salesforce issued a warning on Mar. 7 about a rise in threat actor activity against misconfigured, publicly accessible sites. This activity opened up a broader question: why are platform ecosystems — like Salesforce — so often targeted? 

Learn more about the threats against Salesforce and other platform ecosystems. 

7. Intuitive Data Breach 

Biotech company Intuitive was breached due to a targeted phishing attack. By compromising an employee’s access to the business administration internal network, a malicious actor was able to access: 

• Customer contact information
• Customer business data 
• Intuitive corporate and employee data 

Learn more about the Intuitive breach. 

8. 3.7 Million Records Exposed 

Three publicly exposed databases leaked 3.7 million records. Exposed information includes: 

• Transcriptions of phone calls
• Audio recordings 
• Transcriptions of chat logs

At this time, it is unknown how long the data was exposed for or if a malicious actor accessed it prior to discovery. 

Learn more about the exposure. 

9. University of Hawaii Breach 

The University of Hawaiʻi Cancer Center’s Epidemiology Division faced a data breach after files related to epidemiology studies and recruitment initiatives were exfiltrated. Information impacted may include: 

• Social Security numbers (SSNs)
• Voter registration records (for City and County of Honolulu) 
• Driver’s license numbers

Learn more about the university breach. 

10. Crunchyroll Breach 

100GB of user data was extracted from streaming service Crunchyroll. This data may include:

• IP addresses 
• Email addresses 
• Customer analytics data 
• Credit card details 

Learn more about the Crunchyroll breach.