Bitcoin Depot Reports $3.6M Stolen in Cyberattack

Cryptocurrency ATM giant Bitcoin Depot reports $3.6 million stolen in cyberattack

More than $3.6 million was stolen from cryptocurrency ATM company Bitcoin Depot in a cyberattack on March 23.

Bitcoin Depot filed a notice with the Securities Exchange Commission (SEC) explaining that a threat actor “gained access to certain systems and obtained control of credentials associated with the company’s digital asset settlement accounts.”

“As a result, the unauthorized actor transferred approximately 50.903 Bitcoin from company-controlled wallets, valued at approximately $3.665 million as of the date of this report, without authorization,” the company said.

“[Bitcoin Depot] further believes that the incident was contained to the company’s corporate environment and did not affect the Company’s customer platforms, divisions, systems, data or environments.”

Outside cybersecurity experts have been brought in to help with the investigation and law enforcement was notified of the incursion.

Bitcoin Depot said there is no evidence that customer information was accessed or exfiltrated during the incident. The company does not believe the attack will have an impact on operations but decided to notify the SEC “in light of potential consequences of the incident, including reputation harm, legal, regulatory and response costs.”

Hacker group threatens to release Grand Theft Auto VI data in Rockstar Games attack

Rockstar Games, the studio behind Grand Theft Auto, has been the target of a cyberattack for the second time in three years. A hacker group called ShinyHunters said it would release data stolen from the company if ransom demands were not met.

ShinyHunters initially gave Rockstar a 14 April deadline to enter negotiations, having gained access to company servers operated by a third party.

“Rockstar Games. Your … data was compromised … Pay or leak,” read a post from the group.

“This is a final warning to reach out by 14 Apr 2026 before we leak along with several annoying (digital) problems that’ll come your way. Make the right decision, don’t be the next headline.”

The group has previously claimed to have targeted Microsoft, Cisco and Ticketmaster, among others.

PwC: Cybersecurity Risk Outpaces Corporate Ability to Manage

Cybersecurity now ranks among the most significant business risks shaping corporate strategy, even as many companies acknowledge they lack the capability to respond effectively - particularly amid a turbulent policy environment, executives told PwC.

Companies largely respond to risks and disruption from a defensive posture, despite the majority of survey respondents telling the consultancy they feel ahead of their competitors in areas including operational efficiency and supply-chain resilience. PwC surveyed more than 600 American executives in March to look for C-suite trends.

Companies have adapted to a faster and more unpredictable operating environment following the first 15 months of President Donald Trump’s second term, executives told researchers (see: Trump Rewrites Cybersecurity Policy in Executive Order ).

"60% of companies look at cybersecurity as one of their top three risks, but only 6% of those companies actually are able to say that they feel capable to be able to address those risks," said Morgan Adamski, a former executive director at U.S. Cyber Command who now serves as a principal at PwC.

California's cybersecurity audit rule and its impact for class litigation

Last year, the California Privacy Protection Agency adopted a major new rule requiring certain businesses to conduct an annual cybersecurity audit. The rule went into effect 1 Jan. 2026. This pioneering requirement, the first of its kind among state data privacy laws of general applicability, may entail substantial compliance efforts for affected companies to identify and correct cybersecurity shortcomings. While compliance concerns may generate new anxiety, the audit requirement's impact on data breach litigation could have equally significant long-term implications for businesses operating in California.

The compliance requirements are considerable and complex, covering eighteen different technical and organizational components of an entity's cybersecurity practice. Under the rule, covered entities are required to submit to the agency, each calendar year, a written certification that the business has completed a cybersecurity audit report that meets the rule’s standards.

Cyber Risk Ratings Fade Out; Actionable Intelligence Takes The Spotlight

In musical notation, “al niente” means fading until sound is barely perceptible, usually to end a significant piece of music such as the ending of Tchaikovsky’s reflective and somber sixth symphony. And that is how the cybersecurity risk ratings market is likely to proceed over the coming months.

Ratings will not fade away to nothing overnight, but their influence will diminish as the intelligence that drives risk reduction becomes the primary source of value for vendors and users alike.

In 2021, when I last authored a Forrester Wave™ covering cyber risk ratings, I said that this market wasn’t ready for enterprise prime time. While these platforms provided plenty of data and some insight, they lacked the ability to translate those signals into action.

With the publication of The Forrester Wave™: Cybersecurity Risk Ratings Platforms, Q2 2026 this week, that limitation became indisputably clear. Reference customers I spoke to, along with vendors themselves, are now looking beyond ratings as an outcome. Instead, they are focused on how the data they’ve been using can drive actual risk reduction.

Why DHS no longer has a compliance mindset for cybersecurity

During his two years as the chief information security officer for the Department of Homeland Security, Hemant Baidwan said he has a lot to be proud of.

He led the development of a DHS cybersecurity strategy. He helped move the agency further along in its zero trust journey.

But Baidwan, who left his role in March to join the private sector, said that his most significant accomplishment as the DHS CISO was all about changing the agency’s cyber mindset.

Hemant Baidwan is the former chief information security officer at the Department of Homeland Security and now executive CISO at Knox Systems.

“The biggest one that I’m really proud is helping shift our focus from purely compliance-driven approaches from a cybersecurity standpoint toward really operational risk management,” Baidwan said during an “exit” interview on Ask the CIO.