March 4th – This Week’s Top Cybersecurity and Dark Web Stories

Project Compass Delivers First-Year Results

An international law enforcement initiative, Project Compass, has achieved significant operational results in its first year, successfully targeting and disrupting “The Com,” a sophisticated, decentralized extremist network preying on minors and vulnerable individuals both online and off.

Coordinated by Europol’s European Counter Terrorism Centre, the project is a testament to strengthened cross-border cooperation, bringing together law enforcement authorities from 28 countries, including EU Member States, Norway, Switzerland, the United Kingdom, the United States, Canada, Australia, and New Zealand.

“The Com” utilizes a fragmented digital ecosystem spanning social media, messaging apps, online gaming, and music streaming platforms to recruit, radicalize, and exploit young people. Its decentralized nature has made it notoriously difficult to disrupt, emphasizing the need for the sustained, coordinated international effort that Project Compass provides.

Since launching in January 2025, Project Compass has contributed to critical outcomes in safeguarding children and bringing perpetrators to justice:

4 victims have been successfully safeguarded.
30 perpetrators have been arrested.
62 victims have been identified (fully or partially).
179 perpetrators have been identified (fully or partially).
9 joint awareness-raising activities have been executed.

Anna Sjöberg, Head of Europol’s European Counter Terrorism Centre, highlighted the project’s critical intervention capabilities. “These networks deliberately target children in the digital spaces where they feel most at ease. Project Compass allows us to intervene earlier, safeguard victims and disrupt those who exploit vulnerability for extremist purposes,” Sjöberg stated. “No country can address this threat alone – and through this cooperation, we are closing the gaps they try to hide in.”

The initiative enables coordinated investigations, rapid responses to emerging threats, and structured operational information exchange across all participating nations. Project Compass is a direct contribution to the EU Agenda on preventing and countering terrorism and violent extremism, reinforcing resilience against both digital and physical threats and protecting citizens and European values.

Data Hack Exposes Sensitive Information of Over 15 Million People in France

France’s health sector has been rocked by a massive data breach, with the health ministry confirming that administrative details and sensitive medical notes belonging to over 15 million people have been hacked.

The hack, which reportedly took place in late 2025, compromised information from approximately 1,500 medical practices utilizing software provided by the company Cegedim Sante.

The data breach primarily involved basic patient information, including names, phone numbers, and postal addresses. However, for 169,000 patients, the compromised data included doctors’ personal notes, with the ministry acknowledging that some of this material “may be sensitive data.”

Total Compromised Files: 15.8 million administrative files.
Sensitive Information: 165,000 files contained a personal annotation by a doctor relating to sensitive information.
Exposed Details: Some of the information revealed online, according to France 2 television, included details on whether a patient was homosexual or had AIDS.

Crucially, the ministry insisted that no prescriptions or results of biological examinations were involved in the hack.

The hack has been described as potentially the “biggest in France” for the health sector, with a cybersecurity expert warning of “irreparable consequences.” Gerome Billois, an expert at the Wavestone consultancy, stated, “Once health information that says: ‘You have AIDS’ or ‘You have such and such a disease’ is released, you can never go back.” Top politicians are also reported to be among those affected.

The ministry has confirmed the hack was claimed by a group but provided no further details. Cegedim Sante, whose software was used by the affected practices, filed a criminal complaint in October 2025. The company stated it is “supporting its clients and their patients as much as possible” and has pledged to “fully cooperate with the authorities.” The breach affected about 1,500 doctors out of the 3,800 who used the specific software.

US Intelligence Warns of Iranian Cyber Retaliation

A U.S. intelligence assessment reviewed by Reuters indicates that Iran and its proxies could target the United States with attacks following the death of Iranian Supreme Leader Ali Khamenei in a Saturday strike attributed to Israeli and U.S. forces.

The threat assessment, issued on February 28 by the Department of Homeland Security’s (DHS) Office of Intelligence and Analysis, found that while a large-scale physical attack within the U.S. is “unlikely,” Iran and its proxies “probably” pose a persistent threat of “targeted attacks in the Homeland.”

The DHS report highlighted the immediate concern for the short term is low-level cyberattacks. Iran-aligned “hacktivists” are expected to conduct digital operations against U.S. networks, including website defacements and distributed denial-of-service (DDoS) attacks.

The assessment explicitly warned: “Iran and its proxies probably pose a persistent threat of targeted attacks in the Homeland, and will almost certainly escalate retaliatory actions – or calls to action – if reports of the Ayatollah’s death are confirmed.”

In response, Homeland Security Secretary Kristi Noem issued a statement affirming coordination with federal intelligence and law enforcement partners to “closely monitor and thwart any potential threats to the homeland.”