From Breaches to Governance: A Week in Cyber Accountability Across Schools and States

Cyber incidents are not isolated technical failures; they impact public services, law enforcement priorities, and international justice, besides personal safety.

This week's news coverage shows cybercrime disrupting schools, local governments, and privacy rights, not just corporations or tech companies. It also illustrates responses involving law enforcement, regulators, and diplomats, alongside incident response teams.

Leduc County Confirms Christmas Day Ransomware Attack on Systems

Leduc County confirmed it was hit by a ransomware attack discovered on December 25, disrupting some municipal IT systems. County officials said affected systems were disabled as a precaution while a forensic investigation continues. Authorities, insurers, and financial institutions were notified, with officials saying minimal data appears affected. 

California Launches DROP for Centralized Data Deletion Requests

California has launched DROP, a centralized platform allowing residents to request deletion of personal data held by registered data brokers. Authorized under the Delete Act, the tool enables a single opt-out request covering more than 500 brokers. Data brokers must begin processing requests in August 2026 and have 90 days to comply.

Hackers Claim Resecurity Breach as Firm Says Attack Hit Honeypot

Threat actors calling themselves Scattered Lapsus$ Hunters claimed to have breached cybersecurity firm Resecurity and stolen internal data. Resecurity denied the breach, saying the attackers accessed a prebuilt honeypot containing synthetic information. The company said it detected reconnaissance activity in November and monitored the attackers’ infrastructure.

UK’s Higham Lane School Cyberattack Forces Closure

A UK secondary school has closed temporarily after a cyberattack disrupted parts of its IT systems. Higham Lane School asked staff and students not to access platforms such as Google Classroom and SharePoint. The closure was described as a precaution while investigations and remediation continue. The school is working with education authorities and external cybersecurity specialists.

Companies in Aviation, Defense, and Engineering Breached via Infostealer 

A threat actor known as “Zestix,” also linked to the alias “Sentap,” is offering access to cloud file sharing portals using infostealer harvested credentials. The actor is logging in with valid usernames and passwords. Victims listed span multiple sectors and include ShareFile, Nextcloud, and OwnCloud portals without MFA enforcement.

Founder of pcTattletale Spyware App Pleads Guilty in Stalkerware Case

Bryan Fleming, founder of the spyware app pcTattletale, pleaded guilty to federal charges tied to advertising illegal surveillance software. The case was part of a Homeland Security investigation of explicit marketing of the app for spying on partners. pcTattletale shut down in 2024 when a data breach exposed it and about 138K users. The conviction marks the first U.S. federal prosecution of a stalkerware operator in over a decade.

UK Admits Cyber Failures, Launches Centralized Government Cyber Action Plan

The U.K. government has admitted its long-standing approach to public sector cybersecurity has failed to sufficiently reduce risk. A new Government Cyber Action Plan will introduce mandatory controls and a centralized Cyber Unit for accountability across departments. Officials also warned that earlier goals to secure government bodies by 2030 are unattainable due to the old model.

Prince Group Chairman Chen Zhi Arrested, Extradited to China

Cambodian authorities have arrested and extradited Chen Zhi, chairman of the Prince Group, to China. U.S. prosecutors accuse him of running scam compounds involving forced labor and large-scale cyber fraud. Western governments previously imposed sanctions and linked the case to multi-billion-dollar crypto seizures. Prince Group has denied wrongdoing.

IBM Bob AI Agent Vulnerability Enables Prompt Injection Malware Execution

Security researchers at PromptArmor disclosed a prompt injection flaw in IBM’s AI coding agent Bob that allows malware execution. The issue lets attackers chain malicious commands behind allow-listed ones, bypassing human approval safeguards. Researchers demonstrated code execution via files such as README.md in untrusted repositories. 

Diplomatic Prisoner Swap Resolves Ransomware Case Without Court Judgment

France and Russia completed a prisoner exchange that freed a Russian national accused in a U.S. ransomware case and a French researcher detained in Russia. Daniil Kasatkin had been detained in France under a U.S. arrest warrant alleging he negotiated for a ransomware gang. The Russian detainee had not been convicted. He was returned to Russia as France secured the release of a French researcher. The swap ended an ongoing extradition process while securing the researcher’s release. 

Spain Arrests 34 Black Axe Suspects in Cyber-Enabled Crime Raids

Spanish and German authorities, supported by Europol, arrested 34 suspects linked to the Black Axe criminal network in coordinated raids across Spain. Investigators said the group used cyber-enabled fraud alongside trafficking and violent crimes to generate illicit profits. Most arrests occurred in Seville, with additional detentions in Madrid, Málaga, and Barcelona. Police also seized cash and froze bank funds tied to millions in suspected losses.

German Court Tries Suspected Online Child Abuse Figure Linked to 764

A 21-year-old man went on trial in Hamburg over alleged online crimes involving child exploitation and coercion. Prosecutors say he was linked to the international “764” network and targeted children across several countries. Prosecutors say he groomed minors online, coercing them into self-harm and abusive acts through digital platforms. He used recorded material to control victims online.

Cybercrime, Accountability, and the Limits of Enforcement

Acknowledging shortcomings in its public sector cyber defenses and creating a centralized enforcement unit, the U.K. government signaled a shift toward accountability-driven national cybersecurity governance.

This week's news highlights that technical controls alone are no longer sufficient. Decisions around incident response, disclosure, compliance, and resilience go together with legal, regulatory, and geopolitical consequences.