A Look Back – Top Privacy and Security Issues in March 2025

In this first monthly wrap up, we take a look at some of the top privacy and security issues that made headlines this month.

X suffered a platform outage.  On March 10th, the social media service X, was hit with a cyberattack causing a platform outage.  While it was not initially known what caused the outage, a threat group known as “Dark Storm Team” claimed responsibility for a distributed denial-of-service (DDoS) attack on X. 

Social Security fraud.  On March 19^th, the Social Security Administration (SSA) posted an alert warning citizens that they, together with the Office of the Inspector General (OIG), have received an “alarming” number of reports that criminals are impersonating SSA OIG agents and requesting citizens meet them and hand off cash, gold, and other non-traceable currency.  The SSA and OIG advise that any citizen receiving a notification or a request to meet in person to collect money should immediately stop talking to the scammer, report the scam to SSA OIG and the Federal Trade Commission (FTC), and ensure their personal financial accounts are secure. 

23andMe filed for bankruptcy.  On March 23^rd, the DNA testing firm, 23andMe, filed for bankruptcy protection in federal court.  While 23andMe has stated that the bankruptcy filing will not change how it stores, manages or protects consumer data (which includes consumers’ genetic information), many media articles and reports discussed what consumers should know about the bankruptcy filing and their data.  Additionally, New York Attorney General Letitia James urged consumers to “take action to protect their data” and provided an eight step list with instructions on how consumers can delete their account and personal information from 23andMe.

Virginia AI Bill.  This month, Virginia Governor Glenn Youngkin vetoed House Bill 2094, the High-Risk Artificial Intelligence Developer and Deployer Act.  In his veto message, Gov. Youngkin stated that the bill “would establish a burdensome artificial intelligence regulatory framework.”  He further stated that “[t]here are many laws currently in place that protect consumers and place responsibilities on companies relating to discriminatory practices, privacy, data use, libel, and more.”