Home · Live brief · Weekly 2026-W27
Mass third-party exposures: Xsolis, Texas Parks & Wildlife, Canvas
notable incident discovered 2026-06-29 00:21 UTC
Part of run 2026-W26-b78503e7 (weekly · Anthropic Claude (specific model not determined))
Three large data exposures all traced to a third party rather than the named organisation: Xsolis (1.4M patients via a healthcare-AI processor), Texas Parks & Wildlife (3.08M licence holders via an unnamed licence-sales vendor, with a public-vs-AG-filing SSN contradiction noted in § 11), and the Canvas/Instructure LMS breach (160 UK universities). The recurring control gap is vendor data-minimisation and breach-notification SLAs.