President Trump signed an executive order last week that compels federal agencies to tear down internal barriers to sharing government data, with no new cybersecurity requirements to prevent misuse or breaches.

Why it matters: The order gives DOGE and other agencies sweeping access to sensitive personal data, and experts warn it attempts to sidestep longstanding privacy laws that judges have used to block similar efforts.

The big picture: Critics of the Trump administration fear that DOGE and other offices could weaponize existing government databases to monitor people's finances, addresses and other sensitive personal information.

• The Washington Post reported Saturday that the IRS and Immigration and Customs Enforcement (ICE) are nearing an agreement to share the addresses of individuals suspected of being in the country illegally.
• Meanwhile, targeted attacks against protesters and researchers are on the rise. ICE has detained several protesters and academics tied to pro-Palestinian causes.

Zoom out: Trump signed his new order before yesterday's jaw-dropping revelation that his cabinet members had planned a Yemen bomb strike in a Signal chat to which they'd also accidentally invited a journalist.

• The administration's efforts to loosen information protections may have started out under the banner of breaking down "silos" in the name of efficiency, but after the Signal leak, they're more likely to look like an invitation to further breaches.

In its aggressive push to root out government waste, DOGE has broadened its scope well beyond traditional anti-fraud efforts.

• DOGE-driven cuts at the National Oceanic and Atmospheric Administration, the National Park Service and other federal agencies have gone far beyond what's needed to root out fraud, Sydney Saubestre, a senior policy analyst at New America's Open Technology Institute, told Axios.
• And many of the privacy protections and information-sharing laws that the executive order is trying to override were created to prevent fraud in the first place, said Kristin Woelfel, policy counsel at the Center for Democracy and Technology.

What they're saying: "Rules protecting data are being swept aside in the name of fighting waste, fraud and abuse," Greg Nojeim, senior counsel and director of the security and surveillance project at the Center for Democracy and Technology, told Axios.

• "Less oversight, less restrictions on sharing of data, plus application of questionable technology to analyze that data — it's the perfect storm."

Between the lines: Expanding access to government databases increases the number of users and endpoints that malicious actors can target.

• Poor access controls — including accounts with too many permissions — mean a single compromised login could expose sensitive information across multiple agencies.
• And agencies could start using their expanded access for unrelated purposes, including immigration enforcement, raising new surveillance and civil liberties concerns.

Flashback: During the Biden administration, the federal government spent years transitioning to a "zero trust" cybersecurity framework, which limits which users have access to specific data to contain damage in the event a hacker compromises their account.

The intrigue: Many of the watchdogs and career officials who once provided oversight of interagency data access have either been fired or forced out.

What we're watching: Agencies must submit plans for complying with the order within 30 days, and changes to agency regulations typically need to be published in the Federal Register.

• It's unclear how well the executive order will stand up in court given executive orders can't supersede laws passed by Congress, Woelfel said.

Are you a current or recently laid-off cybersecurity worker in a federal agency? Let's chat on Signal: @SamSabin.01.

Companies eagerly sought out lawyers, red team hackers and sales engineers last year, according to a new report from CyberSN.

Why it matters: Organizations' security needs are changing, and not every cybersecurity skill is in high demand, even amid a workforce shortage.

By the numbers: Job listings for cybersecurity and privacy attorneys jumped 41% between 2023 and 2024, CyberSN found.

• Listings for red teams — internal hacking groups that try to hack into company products — grew nearly 30% in that time.
• Cyber sales engineer listings climbed 26%.
• CyberSN monitored job listings across 30 job boards through December 2024, as well as listings on websites for Fortune 500 companies.

Between the lines: SEC cyber reporting rules and expanded FTC enforcement last year directly influenced companies' hiring decisions, Dom Glavach, chief security and technology officer at CyberSN, said in a statement.

Yes, but: The total number of cyber jobs declined 4% in 2024 to 347,419 postings, according to the report.

• That decline followed a sweeping 22% drop between 2022 and 2023.

What we're watching: As security teams continue to embrace AI, workforce needs will keep changing.

• Expected cyber regulatory changes in the new Trump administration will also influence company hiring needs.

Now's the time to delete your 23andMe genetic data from your account.

Why it matters: 23andMe filed for Chapter 11 bankruptcy over the weekend, and who knows who will buy its vat of 15 million customers' genetic data — or what that buyer will do with this information.

The big picture: There is no precedent for a consumer genetic testing company going bankrupt, but typically all assets are for sale in bankruptcy proceedings.

• "Any buyer of 23andMe will be required to comply with applicable law with respect to the treatment of customer data," the company told customers in an FAQ published after the bankruptcy announcement.

Reality check: Customers have limited recourse to prevent their DNA from being rehomed to the highest bidder, Axios' Avery Lotz writes.

• Customers can delete their data in their account settings or file a formal request under California's privacy law.
• 23andMe data was already vulnerable to outside attacks, with a hacker stealing data from 6.9 million people in a 2023 breach.

The bottom line: Privacy laws have major gaps — including oversight of how consumer genetic data is collected, stored and sold.

Your data is valuable — apps know it, do you? Stay informed on how they use your info. Don't just hit "accept" on every information collection request; be selective and stay in control.

@ D.C.

🇷🇺 Multiple national security agencies have halted their efforts to coordinate missions countering Russian disinformation, cyberattacks and sabotage, according to interviews with 11 current and former officials. (Reuters)

🏛️ Trump signed an executive order directing White House senior advisers to draw up plans that shift more responsibilities for protecting critical infrastructure to the state and local level. (Wall Street Journal)

☁️ The General Services Administration is revamping the way it assesses the security of the cloud services available to government agencies. (Nextgov)

@ Industry

📈 Signal has seen a 36% increase in downloads this year as government workers flock to the encrypted messaging app. (Washington Post)

🤖 Microsoft will start previewing new AI agents in its Security Copilot next month. (Axios)

@ Hackers and hacks

👀 Oracle is denying reports that a threat actor exploited a vulnerability in its cloud systems, affecting more than 140,000 tenants. (Dark Reading)

🚂 A cyberattack disrupted online services for Ukraine's state-owned railway operator, forcing customers to purchase tickets in-person at the station. (The Record)

💰 A look inside the network online scammers rely on to quickly launder victims' money. (New York Times)

It isn't just you: Even realtors are excited about Google's proposed acquisition of Wiz.