Security Check-in Quick Hits: Discord Data Breach Backlash, French Crypto Kidnapping Risks, Russian Olympic Cyberattacks, Check Point Startup Acquisitions, and DHS Shutdown Effects
For February 17, 2026
Heads-up: Due to travel for vacation and work, this daily newsletter will take a 3-week hiatus starting February 16, 2026. Want the details of the trip? Read the introduction for THE PROMPT for Microsoft Security - Issue #62 - the weekly newsletter for Microsoft Security updates. But, hey…isn’t it nice to know that this newsletter is still human-generated? :)
Discord’s Age Verification Rollout Sparks Privacy Fury After Major ID Breach
In a move that’s ignited widespread controversy, Discord has unveiled plans for mandatory global age verification to restrict access to adult content. Starting in early March 2026, users will need to submit video selfies for AI-powered facial age estimation or upload government IDs for verification. The company assures that selfies are processed on-device without leaving the user’s phone, and IDs are not stored permanently by Discord or its partners like k-ID. This policy aims to create “teen-appropriate” experiences by default, with most users verifying just once.
However, the announcement comes hot on the heels of an October 2025 data breach where hackers stole 70,000 government IDs from a third-party age verification service used in the UK and Australia. Discord faced extortion attempts and advised affected users to monitor for identity theft, emphasizing that the compromised data should be considered public.
User backlash has been intense, particularly on platforms like Reddit, where concerns about privacy and trust dominate. One user remarked, “Hell, Discord has already had one ID breach, why the fuck would anyone verify on it after that?” Others fear identity theft from uploading sensitive documents, labeling it “asking for identity theft on a global scale.” Critics argue the timing couldn’t be worse, questioning Discord’s ability to safeguard data post-breach.
While Discord stresses robust privacy measures—no permanent storage and on-device processing—the incident underscores the fragile balance between user safety and data security in online platforms. As the rollout approaches, expect ongoing debates about whether this enhances protection or exposes users to greater risks.
Data Leaks in France Turn Crypto Wealth into Real-World Kidnapping Targets
France is grappling with a surge in crypto-related physical crimes, fueled by data breaches that expose high-value targets to organized criminals. A recent case involves Ghalia C., a French tax authority employee accused of accessing internal databases to compile and sell personal details of crypto holders, prison guards, judges, and even billionaire Vincent Bolloré. The sold data included information on individuals with substantial crypto assets, leading to at least one violent home invasion on a prison officer and his wife in 2025.
Ghalia admitted to providing the info but claimed she was unaware of the buyers’ intentions, apologizing to victims while refusing to unlock her phone or identify sponsors. Payments came via cash deposits and Western Union. This isn’t isolated: A crypto-tax software breach also leaked user data sold to criminals, and masterminds often operate abroad, hiring local operatives for cheap to execute abductions.
High-profile incidents highlight the vulnerability, such as the kidnapping of Ledger co-founder David Balland for crypto ransom, a finger-severing attack on a crypto entrepreneur’s father, and a San Francisco home invasion netting $11 million in forced transfers. These “$5 wrench attacks” exploit the ease of targeting crypto users through leaked data.
The trend reveals a dangerous intersection of digital and physical security. As crypto adoption grows, centralized data repositories become prime targets, pushing innovators to safer jurisdictions. France’s cases serve as a stark warning: Robust data protection isn’t just about preventing hacks—it’s about safeguarding lives.
Russia Sidesteps Olympic Bans with Cyberattacks on Milano Cortina Games
Despite being officially banned from the 2026 Winter Olympics in Milano Cortina due to its invasion of Ukraine and past doping scandals, Russia is making its presence felt through aggressive cyberattacks. Italy’s foreign minister reported thwarting multiple “Russian origin” hacks targeting the event’s infrastructure, continuing a pattern seen in previous Games.
Pro-Russia hacktivist groups have ramped up activities since the February 6 opening, launching DDoS attacks and other disruptions. This echoes Russia’s 2018 PyeongChang Olympics interference, where state-linked actors deployed malware after a doping ban. While 13 Russian athletes compete as “Individual Neutral Athletes” without national symbols, the cyber realm knows no such restrictions.
Experts note that while current attacks stem from low-level hacktivists, state-backed persistence can’t be ruled out. The International Olympic Committee (IOC) imposed the ban post-Ukraine invasion, following a 2019 World Anti-Doping Agency sanction. Yet, cyberattacks persist, targeting participants, spectators, and organizers.
This “Cyberattack Olympics” metaphor highlights Russia’s undeterred digital aggression, even as physical participation is curtailed. As the Games unfold, enhanced defenses are crucial, but the incidents underscore geopolitics’ infiltration into sports and cybersecurity. Rooting against these invisible competitors has never been more literal.
Check Point Bolsters Portfolio with $150M Acquisition of Three Israeli Startups
In a strategic push to enhance its AI and managed services offerings, Check Point Software Technologies has acquired three Israeli startups: Cyata, Cyclops Security, and the talent from Rotate, in deals totaling around $150 million. The moves, announced alongside strong Q4 2025 earnings, aim to accelerate innovation in AI security, exposure management, and MSP tools.
Cyata, founded in 2024, specializes in AI agent governance, enabling organizations to discover, control, and secure AI deployments. Cyclops, established in 2022 with $13.25 million in funding, focuses on continuous threat exposure management (CTEM), providing asset discovery across cloud, on-premises, OT, and SaaS environments. Rotate’s team brings a purpose-built platform for Managed Service Providers (MSPs), boosting Check Point’s momentum in that market.
CEO Nadav Zafrir emphasized the acquisitions’ role in building an end-to-end AI security stack for the “agentic world.” With Cyclops valued at about $85 million, these buys reflect Israel’s vibrant cybersecurity ecosystem and Check Point’s commitment to staying ahead in evolving threats.
This consolidation could reshape enterprise security, offering integrated solutions for AI risks and asset visibility. As cyber landscapes grow complex, such acquisitions signal a proactive stance, potentially benefiting partners and customers alike.
US Government Shutdown Threatens DHS Cybersecurity Amid Funding Deadlock
The latest partial US government shutdown, the third in under six months, has hit the Department of Homeland Security (DHS) hard, potentially undermining cybersecurity resilience at a critical time. Triggered by a collapsed bipartisan funding deal over immigration policies, the impasse leaves nearly 272,000 DHS employees—90% deemed essential—working without pay, including those in cybersecurity operations.
Democrats pulled out after disputes intensified following the killing of two citizens during anti-ICE protests, demanding reforms like banning ICE mask-wearing and requiring judicial warrants for pursuits. Republicans rejected these, and despite White House offers, no agreement was reached. Senate Majority Leader John Thune expressed hope, but House Minority Leader Hakeem Jeffries called the proposals insufficient.
Impacted agencies include TSA, FEMA, Coast Guard, Secret Service, ICE, and CBP, with cybersecurity functions under DHS’s umbrella at risk of strain. While back pay is expected post-resolution, ongoing disruptions could weaken responses to threats like ransomware or state-sponsored hacks.
Congressman Greg Murphy highlighted the shutdown’s risks to border security, TSA, and cybersecurity, urging politics be set aside. As threats evolve, this deadlock exposes vulnerabilities in national infrastructure protection, emphasizing the need for swift bipartisan action to restore full operations.