MyPillow Hit by Ransomware Claims as Cybercrime Threats Escalate Across Industries
A notorious ransomware group claims to have breached Mike Lindell's MyPillow, while cybercriminals grow bolder with in-person data theft and AI-powered attacks.
Ransomware Group Claims Breach of Mike Lindell's MyPillow
A well-known cybercriminal operation called Play — a Russian-language ransomware group responsible for attacks on more than 900 organizations since 2022 — has publicly claimed it successfully infiltrated MyPillow, the Minnesota-based home goods company founded by Mike Lindell.
The group posted its claims on a dark web leak site, alleging it had obtained a wide range of sensitive materials including confidential client documents, payroll records, budget data, tax filings, and personal identification information. Play reportedly issued a Friday deadline, warning that failure to respond would result in the stolen data being published publicly.
Lindell, who is currently among at least 10 Republican candidates seeking the party's gubernatorial nomination in Minnesota's August primary, flatly denied the claims. He also dismissed the allegations as politically motivated.
"This is another hit job by outside sources because I'm running for governor," Lindell told Straight Arrow News, which first reported the story. "I guarantee it. We do not have any breaches in our data at all."
Lindell has recently faced significant legal setbacks related to his promotion of debunked claims about the 2020 presidential election. A federal jury in Colorado ordered him to pay $2.3 million in damages after finding he had defamed Eric Coomer, a former executive at Dominion Voting Systems. In a separate case, a federal judge in Minnesota ruled that Lindell had made 51 false statements defaming voting technology firm Smartmatic, with damage amounts yet to be determined at trial.
Ransomware Gang Takes Cybercrime Offline — Literally
FBI Warns of In-Person Data Theft Tactics
Ransomware groups have long been evolving their methods, shifting away from locking down computer systems toward stealing sensitive data and leveraging it for extortion. But one group is taking that approach to an entirely new level — dispatching individuals physically into corporate offices to steal data on-site.
The FBI issued a formal alert this week warning that the Silent Ransom Group (SRG), a Russian-speaking operation currently targeting law firms, has been sending operatives directly to victim locations. Once inside, these individuals insert external hard drives or USB devices into company computers to manually extract confidential data.
"By sending someone in person to the victim's location to facilitate the intrusion, SRG actors exfiltrate data to an external hard drive or USB drive inserted by the threat actor into the victim's computer," the FBI stated in its advisory.
Cybersecurity researchers describe the tactic as unprecedented. While the FBI has not disclosed details about who is being recruited to carry out these physical intrusions, analysts believe the group may be hiring freelance operatives who are unaware of who they are ultimately working for.
School Buses Repurposed as Rolling Surveillance Machines
AI surveillance firm BusPatrol, which has already fitted tens of thousands of American school buses with camera systems, has announced a significant expansion of its technology. The company plans to convert its existing camera infrastructure into automatic license plate readers capable of logging the location of every vehicle that a BusPatrol-equipped school bus passes.
Critically, this data would be made available to law enforcement agencies without requiring a warrant. The move has raised serious privacy concerns, effectively transforming the familiar yellow school bus into what one publication described as a "roaming surveillance vehicle."
The original purpose of BusPatrol's technology was straightforward — to identify and ticket drivers who illegally pass stopped school buses, a genuine public safety concern for children. Critics argue the new application represents a dramatic and troubling overreach of that original mandate.
Ditching ShotSpotter Made Chicago Police Faster, Study Finds
New research from the University of Chicago suggests that eliminating gunshot detection technology from 12 Chicago neighborhoods actually improved police response times to emergency calls.
Sociology professor Rob Vargas analyzed city data alongside records obtained through public information requests, comparing the six months before and after Mayor Brandon Johnson discontinued the use of ShotSpotter technology in September 2024. His findings revealed that Chicago Police Department officers responded to the most urgent non-gunshot 911 calls approximately four minutes faster after the system was deactivated.
While the data did not allow for a direct comparison of gunshot-related call response times, the results strongly suggest that ShotSpotter alerts were generating a high volume of false positives, diverting officer attention and delaying responses to other critical emergencies.
"It is clear that ShotSpotter wasted officers' time by sending them on wild-goose chases," Vargas told WTTW News.
The findings add fresh momentum to ongoing national debates about the actual effectiveness and hidden costs of AI-driven surveillance tools deployed in public safety settings.
