4. Texas DOT Breach Leaks 300K Crash Reports

The Texas Department of Transportation is warning of a data breach after hackers used a compromised account to access and download nearly 300,000 crash reports from its Crash Records Information System. Discovered on May 12th, the breach exposed sensitive personal information including names, addresses, driver’s license numbers, and car insurance policy details contained within the stolen reports. Although TxDOT confirmed its internal systems were not breached and no money was stolen, it began notifying victims on May 26th, warning them to be wary of targeted phishing attempts. The state agency has shut down the compromised account and, despite claiming no legal requirement to inform the public, has created a dedicated call line for those impacted by the incident.

5. Cyberattack Disrupts UNFI Food Deliveries

United Natural Foods (UNFI), North America’s largest publicly traded food distributor and a primary supplier for Whole Foods, has suffered a cyberattack that is disrupting its operations. The company discovered the incident on Thursday, June 5th, and proactively took certain systems offline, which has temporarily impacted its ability to fulfill and distribute customer orders. UNFI has notified law enforcement and engaged external cybersecurity experts to investigate the breach, while implementing business continuity plans and workarounds to continue servicing its customers. While the nature of the attack and whether data was stolen remains undisclosed, this incident highlights the food and agriculture sector’s ongoing vulnerability to disruptive cyberattacks.

6. Illinois HFS Employee Phishing Leaks Data

The Illinois Department of Healthcare and Family Services (HFS) is alerting the public to a data breach affecting 933 individuals after a hacker successfully phished one of its employees in February 2025. The attacker sent a deceptive email from another compromised government account, leading to the HFS employee’s emails and documents being breached. Stolen information includes highly sensitive data such as names, Social Security numbers, driver’s licenses, and financial details related to child support and Medicaid. HFS, which notified all affected individuals by May 23rd, is now advising victims to place fraud alerts or security freezes on their accounts with consumer reporting agencies.

7. FBI Taps Brett Leatherman As New Cyber Chief

Career FBI official Brett Leatherman has been named the new assistant director of the bureau’s Cyber Division, taking over for the recently retired Bryan Vorndran. Leatherman, who has over two decades of experience including leading the National Cyber Investigative Joint Task Force, pledged to “impose cost on our cyber adversaries” and make their activity unsustainable. He succeeds Vorndran, who is credited with making the FBI more aggressive in its cyber operations, shifting its focus from just arrests to include infrastructure disruption and clawing back ransom payments. This strategy, which Leatherman praised, also included popularizing joint agency advisories to give the private sector greater insight into digital threats and improve resilience.

8. Texas Creates Largest US State Cyber Command

Texas Governor Greg Abbott has signed House Bill 150 into law, establishing the Texas Cyber Command as the largest state-based cybersecurity department in the United States. Funded with a $135 million investment, the new San Antonio-based agency will launch a cyber threat intelligence center and coordinate incident response to protect against what the governor called “constant attack” from foreign actors. The command is designed to leverage the region’s significant cyber expertise by partnering with key federal agencies already located in the area, including the Sixteenth Air Force, NSA, and FBI. Governor Abbott, who declared the command an emergency legislative item, stated its ultimate mission is to prevent and protect against cyber breaches and make Texas a national leader in cybersecurity.

9. WordPress Fight Leads To New FAIR Manager

A collective of former WordPress developers, backed by the Linux Foundation, has launched the FAIR Package Manager, a new independent distribution system for trusted WordPress plugins and themes. This launch is a direct response to a recent legal conflict between hosting giants Automattic and WP Engine, which saw the latter banned from the official WordPress.org update platform amid mutual accusations and cease-and-desist letters. The FAIR Package Manager provides a vendor-neutral, decentralized alternative that returns control to developers and hosts, aiming to unify the ecosystem and build security into the software supply chain. By replacing reliance on a single company’s APIs and allowing hosts to set up their own mirrors, the project seeks to ensure the long-term stability and sustainability of the WordPress platform.