Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow | WIREDSkip to main contentMenuSECURITYPOLITICSTHE BIG STORYBUSINESSSCIENCECULTUREREVIEWSMenuAccountAccountNewslettersSecurityPoliticsThe Big StoryBusinessScienceCultureReviewsChevronMoreExpandThe Big InterviewMagazineEventsWIRED InsiderWIRED ConsultingNewslettersPodcastsVideoLivestreamsMerchSearchSearchLily Hay NewmanDell CameronMatt BurgessSecurityMay 30, 2026 6:30 AMSecurity News This Week: Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillowPlus: A ransomware group is now stealing data in person, BusPatrol wants to hand its license-plate surveillance data to the cops, and more.MyPillow founder and CEO Mike LindellPhotograph: Anthony Souffle/The Minnesota Star Tribune/Getting ImagesCommentLoaderSave StorySave this storyCommentLoaderSave StorySave this storyThe United States military has known for years that enemies could use location data to track troops’ phones—and it’s also long been aware of easy fixes for the problem. The Pentagon adopted almost none of these protections, though, in spite of admitting in a letter exposed this week that US adversaries are actually using the data to target soldiers in war. Meanwhile, US law enforcement warned this week about “anti-tech extremism” as AI backlash grows around the country.After a nearly 90-day internet shutdown, connectivity started to trickle back into Iran this week amid internal political power struggles and ongoing negotiations with the US to end its war with Tehran. Researchers cautioned that it is unclear how extensive the restoration will be and whether connectivity will only return temporarily.As cybercriminals and offensive hackers ramp up their use of AI to exploit vulnerabilities and develop hacking tools, the technology is also radically changing the dynamics of how security researchers hunt for vulnerabilities. And scammers are using real hotel reservation data and other travel details to conduct effective spear-phishing campaigns, potentially accessing customer data from 350 hotels and vacation rentals around the world.And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillowPlay, a Russian-language ransomware operation that has affected more than 900 organizations since 2022, posted to its dark-web leak site on Monday claiming it had pulled “private and personal confidential data, clients' documents, budget, payroll, IDs, taxes,” and other financial records from MyPillow. The Minnesota-based home goods company is run by Mike Lindell, who is among at least 10 Republicans seeking the party’s nomination for governor of Minnesota in August’s primary. Lindell is also one of the most prolific backers of Donald Trump’s false claims of victory in the 2020 election.Play reportedly set a Friday deadline for MyPillow to make contact before publishing the data online. Lindell told Straight Arrow News, which broke the story of the ransomware claims on Tuesday, that his company was not hacked and that allegations that it was are a political hit job.“This is another hit job by outside sources because I’m running for governor,” Lindell said. “I guarantee it. We do not have any breaches in our data at all.”Lindell has been on the losing end of two recent defamation rulings over his 2020 election claims: A federal jury in Colorado last year found that he had defamed Eric Coomer, a former Dominion Voting Systems director, and ordered Lindell and his media platform, FrankSpeech, to pay $2.3 million in damages; a federal judge in Minnesota separately ruled in September that Lindell had defamed Smartmatic through 51 false statements about its voting machines, with damages still to be set at trial.A Ransomware Group Is Stealing Data in PersonIn recent years, ransomware groups have become more aggressive and ruthless in their efforts to obtain money from victims. Most of these criminal hackers now focus on stealing data and extorting companies rather than using malware to lock computer systems. But in rare occasions, ransomware groups have been seen directly threatening executives, or contacting people named in stolen data, to try to obtain payment. The FBI said this week that one ransomware group is going even further: sending people to steal data directly from companies IRL.Among more traditional social engineering techniques, the FBI says the Silent Ransom Group (SRG), which is targeting law firms, has sent people to company offices to directly get access to computers. “By sending someone in person to the victim’s location to facilitate the intrusion, SRG actors exfiltrate data to an external hard drive or USB drive inserted by the threat actor into the victim’s computer,” the FBI said in an alert. Security researchers say the tactic has not been seen before. The FBI did not provide any information about who the Russian-speaking ransomware group was sending to conduct its attacks, but researchers believe they could be paying freelancers who do not necessarily know who they are working for.BusPatrol School Bus Cameras Aim to Feed Surveillance Data to CopsThe AI surveillance company BusPatrol, which has installed its cameras in tens of thousands of US school buses, says that it will now turn those cameras into automatic license plate readers that will record the location of every vehicle a BusPatrol school bus passes and make the data available to law enforcement without a warrant. The initiative would turn the familiar yellow buses into what 404 Media aptly described as “roaming surveillance vehicles.” BusPatrol technology, and school bus surveillance tech more broadly, was originally intended to be used for ticketing vehicles that illegally pass stopped buses—a critical safety issue for children.Dropping ShotSpotter Improved Chicago Police Response Times for 911 CallsUniversity of Chicago sociology professor Rob Vargas found this month that the Chicago Police Department was four minutes faster in responding to the most urgent non-gunshot 911 calls in the six-month period after Mayor Brandon Johnson shut down ShotSpotter gunshot detection tech in 12 neighborhoods in September 2024. Analyzing Chicago city data as well as data obtained through public records requests, Vargas compared the time period with the preceding six months during which ShotSpotter was still active. The data couldn’t be used to assess response times for calls specifically related to gunshots, but it indicated that ShotSpotter alerts may have been occupying officers with false positives and delaying them in responding to other types of critical 911 calls. “It is clear that ShotSpotter wasted officers’ time by sending them on wild-goose chases,” Vargas told WTTW News.CommentsBack to topTriangleYou Might Also LikeHow to find us: Add WIRED.com to your preferred sources in GoogleHow the Canvas hack threatened thousands of schoolsBig Story: I've covered robots for years—this one is eerily lifelikeOrbs, saucers, and flashes on the moon—here’s what’s in the UFO filesTake our survey: What does “home” mean to you?Written by WIRED StaffTopicssecurity rounduphackingsecuritycybersecurityransomwareprivacypoliticsRead MoreCybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams RecordingPlus: Instructure’s Canvas ransomware debacle comes to a close, an alleged dark net market kingpin gets arrested, OpenAI workers fall victim to a supply chain attack, and more.Andrew CoutsHackable Robot Lawn Mower Unlocks a New NightmarePlus: Meta officially kills encrypted Instagram DMs, the Trump administration targets “violent left wing extremists,” leaked documents reveal Russia's school for elite hackers, and more.Matt BurgessDisneyland Now Uses Face Recognition on VisitorsPlus: The NSA tests Anthropic’s Mythos Preview to find vulnerabilities, a Finnish teen is charged over the Scattered Spider hacking spree, and more.Andrew CoutsFoxconn Ransomware Attack Shows Nothing Is Safe ForeverFamous for helping build Apple’s iPhones, Foxconn just suffered another cyberattack, highlighting the perils of warehousing some of the world’s most valuable data.Lily Hay NewmanA Bipartisan Amendment Would End Police License Plate Tracking NationwideOne line tucked into a federal highway bill would strip funds from cities and states unless they kill their automated plate tracking programs—effectively banning the tech for all but toll collection.Dell CameronDangerous New Linux Exploit Gives Attackers Root Access to Countless ComputersThe exploit, dubbed CopyFail and tracked as CVE-2026-31431, allows hackers to take over PCs and data center servers. The Linux vulnerabilities have been patched—but many machines remain at risk.Dan Goodin, Ars TechnicaA Hacker Group Is Poisoning Open Source Code at an Unprecedented ScaleGitHub is just the latest victim of TeamPCP, a gang that has carried out a spree of software supply chain attacks that has impacted hundreds of organizations.Andy GreenbergThe Canvas Hack Is a New Kind of Ransomware DebacleThousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its Canvas platform following a breach by hackers going by the name ShinyHunters.Andy GreenbergYour iPhone Gets Stolen. Then the Hacking BeginsA bustling underground ecosystem is providing criminals with the tools to unlock iPhones—and wage phishing attacks against their contacts to access bank accounts and more.Matt BurgessPalantir Held Another ‘Hack Week.’ This Time, the Focus Was ICEThe hackathon, held to build user-auditing tools for Palantir customers, comes as the company struggles to address employee concerns over its relationship with ICE.Makena KellyHackers Hate AI Slop Even More Than You DoIt's not just you. Scammers, hackers, and other cybercriminals are complaining about “AI shit” flooding platforms where they discuss cyberattacks and other illegal activity.Matt BurgessAn Engineer’s Post Protesting Laptop Surveillance Is Going Viral Inside MetaMeta employees in the US and UK are organizing against corporate software that tracks workers’ keystrokes and mouse activity.Paresh DaveWIRED is obsessed with what comes next. Through rigorous investigations and game-changing reporting, we tell stories that don’t just reflect the moment—they help create it. When you look back in 10, 20, even 50 years, WIRED will be the publication that led the story of the present, mapped the people, products, and ideas defining it, and explained how those forces forged the future. WIRED: For Future Reference.More From WIREDSubscribeNewslettersLivestreamsTravelFAQWIRED StaffWIRED EducationEditorial StandardsArchiveRSSSite MapAccessibility HelpReviews and GuidesReviewsBuying GuidesStreaming GuidesWearablesCouponsGift GuidesAdvertiseContact UsManage AccountJobsPress CenterCondé Nast StoreUser AgreementPrivacy PolicyYour California Privacy Rights© 2026 Condé Nast. All rights reserved. WIRED may earn a portion of sales from products that are purchased through our site as part of our Affiliate Partnerships with retailers. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast. Ad ChoicesSelect international siteUnited StatesLargeChevronItaliaJapónCzech Republic & SlovakiaFacebookXPinterestYouTubeInstagramTiktok

A Russian-language ransomware operation claiming responsibility for a data breach on the dark web asserted that it had exfiltrated private and personal confidential data, including clients' documents, budgets, payroll, identification, and tax records from the Minnesota-based home goods company MyPillow. The founder and CEO, Mike Lindell, responded by denying any breach, alleging that the claims were a political hit job related to his pursuit of the governorship of Minnesota. This situation is framed within broader context concerning the evolving threat landscape, where cybercriminals are increasingly utilizing artificial intelligence to exploit system vulnerabilities and develop sophisticated hacking tools.

The methods employed by criminal entities are also evolving beyond traditional malware deployment. Ransomware groups are increasingly shifting focus from encrypting systems to direct extortion, sometimes involving the physical presence of actors. The Federal Bureau of Investigation indicated that the Silent Ransom Group (SRG), which targets law firms, has been observed sending individuals to company offices to facilitate intrusions, allowing actors to exfiltrate data onto external drives. Security researchers view this tactic as a novel approach, as it deviates from previously observed methods.

In the realm of government and surveillance technology, several areas present complex policy and operational challenges. While the United States military has long recognized the risk of location data being used to track troops, the Pentagon has largely failed to implement adequate protections, despite acknowledging that adversaries utilize such data for targeting soldiers in wartime. Concurrently, law enforcement has warned about "anti-tech extremism" as concerns regarding artificial intelligence grow across the country.

The application of artificial intelligence is influencing both security research and public safety initiatives. Scammers are leveraging real travel details, such as hotel reservations, to execute effective spear-phishing campaigns, potentially accessing customer data across numerous hotels and vacation rentals globally. Furthermore, the AI-driven surveillance company BusPatrol plans to transform school bus cameras into automatic license plate readers designed to record vehicle locations and provide this data to law enforcement without a warrant, effectively creating "roaming surveillance vehicles."

The impact of surveillance technology on law enforcement response also presents nuanced findings. Research by Rob Vargas indicated that suspending the ShotSpotter gunshot detection technology in certain Chicago neighborhoods led to a four-minute improvement in response times for non-gunshot 911 calls over a six-month period. This suggested that the deployment of ShotSpotter alerts may have caused officers to engage in "wild-goose chases" due to false positives, thereby delaying responses to other critical incidents.

The broader digital environment is also subject to disruption, as internal political power struggles and negotiations with the US regarding its conflict with Iran led to connectivity restrictions, which caused a trickle of internet access back into Iran. Researchers expressed caution regarding the full extent and duration of this restoration. Furthermore, the repercussions of software supply chain attacks, exemplified by groups like TeamPCP, which have poisoned open source code, continue to highlight vulnerabilities across numerous organizations. Finally, ongoing discussions involve debates over corporate oversight of employee monitoring, as evidenced by internal organizing among Meta employees in the US and UK protesting corporate software that tracks keystrokes and mouse activity.