January 30, 2026

📰 The Consumer Cyber Sentinel: Your Digital Defense Report 🛡️

Date: Friday, January 30, 2026 Smart security for your digital life

🚨Top Cybersecurity News (For Everyone)

Nike and Under Armour Investigate Major Data Breaches

Two of the world’s largest athletic brands, Nike and Under Armour, are currently investigating separate security incidents involving internal data. While these investigations are ongoing, early reports suggest that employee records and internal documents were the primary targets. For shoppers, this is a good reminder to ensure your retail accounts use unique passwords, as hackers often use "recycled" passwords from one company to break into your accounts at others. The Register

Android Rolls Out New "Grab-and-Go" Theft Protection

Google has begun releasing a major security update for Android phones (versions 10 and up) designed to fight physical phone theft. The new "Theft Detection Lock" uses sensors and AI to detect if someone jerks the phone out of your hand and starts running; if it senses this motion, it automatically locks the screen instantly. It also includes "Remote Lock," which lets you lock your phone from any web browser using just your phone number if it ever goes missing. Money Control

New Privacy Rights Go Live in Three States

If you live in **Indiana, Kentucky, or Rhode Island**, you officially have more control over your personal data as of this month. New state laws now allow you to ask companies what information they have collected about you and, more importantly, tell them to delete it. Meanwhile, California has launched a new "DROP" platform—a one-stop shop where residents can tell all registered "data brokers" (companies that sell your info to advertisers) to stop tracking them at once. Koley Jessen

Emergency Alert System "CodeRED" Reports Breach

The company behind CodeRED, a system many cities use to send out emergency weather and safety alerts, has notified users of a security incident. The breach involved contact information and, crucially, the **passwords** used to create those alert profiles. If you have an account for local emergency alerts, you should change that password immediately—especially if you use that same password for your email or bank. Columbia Heights MN Government

Customer data exposed after Petco misconfiguration

Petco confirmed a breach that exposed personal information — including Social Security numbers, driver’s license numbers, and financial account details — after a software setting accidentally made sensitive files accessible online. The company says it corrected the issue and notified affected customers. Fox News

🎌 Scams & Threats Now Circulating

Here are current scam types being seen in the wild — watch for these patterns:

The LastPass "Maintenance" Email: Users of the LastPass password manager are receiving urgent emails claiming the system is undergoing "maintenance" and they must back up their vault within 24 hours. **How it works:** These are fake. The link leads to a copycat website designed to steal your master password. LastPass has confirmed they never ask you to "back up" via an email link. IT Pro

Tax Refund SMS Scams: As tax season heats up, scammers are sending texts claiming your "IRS refund is pending" or there is an "issue with your 2025 return." **How it works:** They hope you’ll click the link in a panic. The link takes you to a fake government site that asks for your Social Security number and bank login. IRS

The "Quishing" Parking Ticket: Drivers in several cities are finding realistic-looking "parking tickets" on their windshields with a QR code for "easy payment." **How it works:** When you scan the code (QR-Phishing, or "Quishing"), it takes you to a fake payment portal that steals your credit card information. NBC San Diego

😀 What You Should Do Today

Here are simple steps you can take right now to protect yourself:

Update Your Android Settings: If you have an Android phone, go to your **Settings > Security**, and look for the new **"Theft Protection"** options. Turn on "Theft Detection Lock" to protect your device in public.

Change Your "Emergency" Passwords: If you use an app or website for local city alerts (like CodeRED), update your password today to ensure your account remains secure following the recent breach.

Hover Before You Click: If you get an email from a service like LastPass or Netflix, hover your mouse over the "Click Here" button. If the web address that pops up looks like a string of random numbers or doesn't end in `.com`, it’s a scam.

Ignore Tax Texts: Remember that the IRS will **never** contact you via text message or social media to discuss a refund or a bill. If you're worried about your taxes, log in directly at `IRS.gov`.

⚓Quick Tip

Treat QR codes in public places like strange attachments in an email—don't scan them unless you were specifically expecting to find one.

🧑‍🏫Did You Know

Passkeys are digital credentials that let you sign into apps and websites using your device’s fingerprint, face scan, or screen lock instead of a typed password. They are significantly more secure because they are unique to every site and impossible to guess, which effectively blocks common hacking methods like phishing. Most importantly, since the private part of the "key" never leaves your device, your accounts remain safe even if the company you're logging into suffers a major data breach.