Privacy Alerts
Most people only hear about a data breach long after their information is already out. Privacy Alerts exist to shorten that gap. Each report explains what happened in plain language: what data was exposed, who is affected, and what the documented record shows so far.
Where there are steps you can take to protect yourself, the reports point to them. The aim is to make privacy risk understandable without the jargon and without the scare tactics. Select an alert below to read the full report.
data breaches
23andMe Breach: When Your DNA Becomes the Stolen Data
The 23andMe data breach exposed genetic information of 6.9 million users through credential stuffing attacks exploiting the DNA Relatives feature. Unlike credit card numbers or passwords, genetic data cannot be changed. The breach included ancestry information, genetic health predispositions, and family connections that could be used for discrimination, surveillance, or targeting of ethnic groups. 23andMe subsequently filed for bankruptcy, raising urgent questions about what happens to genetic databases when biotech companies fail.
Read alert →Change Healthcare Ransomware: The Largest Healthcare Breach
The Change Healthcare ransomware attack in February 2024 exposed protected health information of approximately 100 million Americans, making it the largest healthcare breach in US history. The attack disrupted prescription processing, medical billing, and healthcare operations nationwide for weeks. Parent company UnitedHealth Group paid $22 million ransom to BlackCat ransomware group. The breach exposed names, addresses, dates of birth, Social Security numbers, medical records, billing information, and insurance details.
Read alert →legislation tracker
CCPA Rights: How to Exercise California Privacy Law
The California Consumer Privacy Act and California Privacy Rights Act provide California residents with rights to access, delete, and limit the use of their personal information held by businesses. These rights extend significantly beyond GDPR for residents and offer some of the strongest privacy protections in the United States. This guide explains each right and how to exercise them effectively.
Read alert →COPPA Enforcement: Protecting Children Online Privacy
The Childrens Online Privacy Protection Act prohibits collecting personal information from children under 13 without parental consent. The FTC has cited major platforms including YouTube, TikTok, and Epic Games for violations resulting in record settlements. The proposed COPPA 2.0 would extend protections to teens. Enforcement gaps allow continued violations particularly in education technology and social media.
Read alert →GDPR 2026: Record Fines and AI-Era Privacy Enforcement
GDPR enforcement continues to intensify with cumulative fines exceeding 4.5 billion euros since the regulation took effect in 2018. The year 2026 marks a shift toward AI-related enforcement actions, with data protection authorities investigating AI training data collection, automated decision-making without adequate transparency, and biometric processing without explicit consent. The Meta 1.2 billion euro fine for illegal US data transfers established a precedent that continues to reshape transatlantic data flows.
Read alert →opt out guides
Complete Guide to Deleting Your Google Activity Data
Google collects an extraordinary amount of data about its users including search queries, location history, YouTube watch history, voice recordings from Google Assistant, Chrome browsing data, and ad interaction profiles. Most users are unaware of the scope of collection or how to delete it. This guide covers every deletion option available, from individual activity types to complete account data removal, with instructions current as of 2026.
Read alert →Data Broker Opt-Out: Complete 2026 Removal Guide
Data brokers collect and sell personal information from public records, online activity, and purchases. Opting out is tedious but possible for major brokers. This guide provides direct opt-out URLs and procedures for the largest data brokers including LexisNexis, Acxiom, Spokeo, BeenVerified, and dozens of others. California, Colorado, and other states with privacy laws require honoring deletion requests from residents of those states.
Read alert →privacy tools
Apple iCloud Privacy: What Apple Can and Cannot See
Apple iCloud uses different encryption for different data types. Photos, backups, and iCloud Drive are encrypted with keys Apple holds, allowing Apple to access content under legal process. Advanced Data Protection enables end-to-end encryption for most data types where Apple cannot access content. This analysis explains the technical details and practical implications for user privacy.
Read alert →Brave Browser: Complete Privacy Configuration Guide
Brave browser provides built-in privacy protections including ad blocking, tracker blocking, fingerprint randomization, and optional Tor routing. This guide covers optimal configuration for maximum privacy while maintaining website compatibility, including Shields settings, search engine selection, cookie management, and advanced security features.
Read alert →Password Manager Comparison: Choosing the Right Tool
Password managers are essential security tools but choosing the right one matters. Bitwarden offers free open-source security with self-hosting options. 1Password provides polished experience and family sharing. Proton Pass integrates with Proton ecosystem. Dashlane focuses on enterprise features. This comparison helps choose based on security model, features, pricing, and trust factors.
Read alert →Phishing Detection: Spotting Modern AI-Powered Attacks
Phishing attacks have grown increasingly sophisticated with AI generating convincing impersonations free of grammatical errors that previously identified scams. Spear phishing targets individuals using personal details from social media. Voice cloning enables phone-based attacks impersonating executives or family members. Effective protection requires awareness of new techniques alongside traditional vigilance. This guide covers current phishing methods and detection strategies.
Read alert →Ransomware Protection: Practical Defense Guide
Ransomware attacks increasingly target individuals and small businesses, not just large enterprises. Effective protection requires layered defense including offline backups, software updates, email caution, and incident response planning. The 3-2-1 backup rule, multi-factor authentication, and patch management address most attack vectors. This guide provides practical steps appropriate for non-technical users and small business owners.
Read alert →Two-Factor Authentication: Best Methods Compared
Two-factor authentication adds critical security beyond passwords by requiring a second verification factor. Methods range from SMS codes (least secure) to hardware security keys (most secure). Passkeys represent the emerging standard combining security and usability. This guide compares methods, provides setup instructions for major platforms, and covers recovery planning.
Read alert →Make your voice heard
Free to get started. No credit card required.
Join Open Public Voice