10 Data Security Stories to Know About (March 2026)

March’s data‑security landscape was dominated by ransomware’s reach into local government, as evidenced by the Foster City incident that halted municipal services and prompted an emergency declaration. Such attacks illustrate how municipalities, often under‑funded in cyber defenses, are becoming attractive targets for financially motivated actors. The potential exposure of citizen data adds a layer of public‑trust risk that extends beyond immediate operational disruption.

In the private sector, the breach of Russell Cellular, a Verizon‑authorized retailer, leaked personal details of more than 6.3 million customers, while Intuitive’s phishing‑driven compromise exposed both client and employee information. Parallel threats surfaced on platform ecosystems like Salesforce, where misconfigured public sites invite opportunistic exploitation. GuardDog Telehealth’s deceptive acquisition of patient records for resale and Crunchyroll’s 100 GB user‑data leak further demonstrate that attackers are exploiting both health‑care privacy expectations and entertainment‑service data stores, underscoring the need for tighter access controls and continuous monitoring.

The FBI’s admission of purchasing commercially available location data adds a policy dimension to the security conversation, raising questions about the balance between investigative utility and privacy rights under the Electronic Communications Privacy Act. As law‑enforcement agencies expand data‑buying practices, regulators and industry groups are likely to push for clearer transparency and stricter oversight. Companies must therefore embed privacy‑by‑design principles and prepare for heightened scrutiny, ensuring that data‑governance frameworks can withstand both external attacks and internal policy shifts.