Unauthorized Access: A Deep Dive into the Treasury Department Breach. Microsoft's VPN Shutdown
Business of Tech: Daily 10-Minute IT Services Insights
Audio is streamed directly from the publisher (pdcn.co) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
significant security breach has been identified within the U.S. Treasury Department, where unauthorized individuals gained administrator-level access to critical financial systems, including the Payment Automation Manager (PAM) and the Secure Payment System (SPS). This breach raises serious concerns about the integrity of the U.S. financial system, as it allows for unauthorized modifications to federal payment workflows and security configurations. The threat actors, linked to a private sector entity, have reportedly acquired elevated privileges without the necessary government vetting or legal authorization, potentially compromising sensitive financial operations and personal data of millions of Americans.
The implications of this breach extend beyond the Treasury, as individuals associated with the threat actors have also gained unauthorized access to the National Oceanic and Atmospheric Administration (NOAA). This unauthorized entry raises alarms about the potential compromise of classified environmental data and the integrity of agency operations. Lawmakers are expressing significant concern over the breach, particularly regarding its impact on federal funding mechanisms and the privacy of citizens. Affected customers have filed a lawsuit against the Treasury Department, alleging failures in enforcing access controls that could jeopardize personal and financial information.
The discussion highlights the importance of cybersecurity governance, compliance, and access control, emphasizing that security is not solely about defending against external threats. The podcast stresses that insider threats and unauthorized privileged access are equally critical issues that businesses must address. It calls for a shift in how organizations perceive security, advocating for a zero-trust approach and robust identity and access management practices. The need for continuous monitoring and strict auditing of privileged accounts is underscored, as unauthorized access can occur regardless of the actors' intent.
In addition to the main story, the episode covers several other cybersecurity-related topics, including the exposure of over one million chat records by DeepSeek, which has raised concerns about data security among AI providers. Microsoft announced the discontinuation of its Defender VPN service due to low usage, while Let's Encrypt plans to end its expiration notification email service. Cloudflare has introduced a feature to enhance online image authenticity, and the Trump administration has eliminated a key framework for AI integration into federal cloud services. These developments reflect broader trends in cybersecurity, privacy, and the evolving landscape of technology governance.
Four things to know today
00:00 Cybersecurity 101: If Even the Government Can’t Control Access, What About Your Business?
06:39 DeepSeek Leaks a Million Chat Records—And the Pentagon Wants Nothing to Do with It
08:58 Microsoft Pulls the Plug on Defender VPN—Was Anyone Using It?
10:57 FedRAMP Shake-Up: No Special Treatment for AI as Trump Administration Ends Key Framework
Supported by: https://www.huntress.com/mspradio/
Event: https://nerdiocon.com/
💼 All Our Sponsors
Support the vendors who support the show:
👉 https://businessof.tech/sponsors/
🚀 Join Business of Tech Plus
Get exclusive access to investigative reports, vendor analysis, leadership briefings, and more.
👉 https://businessof.tech/plus
🎧 Subscribe to the Business of Tech
Want the show on your favorite podcast app or prefer the written versions of each story?
📲 https://www.businessof.tech/subscribe
📰 Story Links & Sources
Looking for the links from today’s stories?
Every episode script — with full source links — is posted at:
🎙 Want to Be a Guest?
Pitch your story or appear on Business of Tech: Daily 10-Minute IT Services Insights:
💬 https://www.podmatch.com/hostdetailpreview/businessoftech
🔗 Follow Business of Tech
LinkedIn: https://www.linkedin.com/company/28908079
YouTube: https://youtube.com/mspradio
Bluesky: https://bsky.app/profile/businessof.tech
Instagram: https://www.instagram.com/mspradio
TikTok: https://www.tiktok.com/@businessoftech
Facebook: https://www.facebook.com/mspradionews
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.