- within International Law topic(s)
One Stolen Password, 200,000 Wiped Devices: The Stryker Attack
Iran-linked hacktivist group Handala compromised a Microsoft Intune Global Administrator account at medical device company Stryker through an adversary-in-themiddle phishing attack, then used the platform’s built-in wipe command to factory-reset between 80,000 and 200,000 devices across 79 countries overnight. No malware was deployed , only a legitimate IT management tool turned against its owner. Ordering, manufacturing and shipping systems went offline; surgical procedure delays were reported at hospitals relying on Stryker equipment. CISA issued an emergency advisory on 18 March urging all organisations to require multi-admin approval for high-impact Intune actions, enforce phishing-resistant MFA on admin accounts, and deploy Privileged Identity Management for just-in-time access.
AI Act Introduces Hybrid Enforcement Model in the EU
The EU Artificial Intelligence Act establishes a hybrid enforcement model, with responsibilities shared between Member States and the European Commission. While most AI systems are supervised at national level through designated authorities, general-purpose AI models are enforced directly by the European Commission. The framework is supported by several EU-level bodies, including the AI Office, the European AI Board and a scientific panel of experts. The Act follows a risk-based approach, imposing different obligations depending on the level of risk posed by AI systems.
EDPB and EDPS Back Single Entry Point for Breach Notifications
The EDPB and the European Data Protection Supervisor issued a joint opinion endorsing the Commission’s proposal to create a singleentry point through which organisations could simultaneously satisfy incident notification obligations under the GDPR, NIS2, DORA, eIDAS and the CER Directive. The bodies welcomed the reduction in administrative duplication while calling for robust data protection safeguards within the notification gateway itself. For multiregulated organisations , financial institutions, digital infrastructure providers, cloud operators, this would significantly streamline first-response obligations. The proposal remains subject to ongoing trilogue negotiations under the Digital Omnibus package.
One Phished Contractor, 8 Million Support Records
A phishing attack against a Telus International support agent -a third-party contractor with Okta SSO access to Crunchyroll’s internal systems - gave attackers access to Zendesk, Slack, Google Workspace, and Jira. In under 24 hours, 8 million support ticket records were downloaded and approximately 100 GB of data exfiltrated, including 6.8 million unique email addresses, IP addresses, and partial payment card data. The attacker demanded $5 million. Crunchyroll confirmed the breach originated entirely outside its direct infrastructure: the entry point was a contractor’s device thousands of miles from any Crunchyroll-controlled system. This is a textbook supply chain identity failure, one contractor account, four interconnected platforms, eight million records.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
