PRIVACY RISK
Medicaid Processor's India Data Breach Concerns
Gainwell Technologies, serving 70 million Medicaid enrollees across 32 states, faces allegations that offshore workers in India are accessing protected health information in violation of contractual prohibitions. Fifteen current and former employees reported that unredacted patient data, including Social Security numbers and medical records, was displayed during troubleshooting sessions and training meetings with India-based staff. The Irving, Texas-based company, carrying $5.7 billion in debt, has doubled its India workforce to 2,600 employees since 2023. Former engineers claim they were pressured into granting offshore access and were later laid off after refusing. Gainwell denies all allegations, asserting its security systems to prevent unauthorized foreign access.
More info
PHYSICAL RISK
States Fortify Lawmaker Protection After Assassinations
States across the U.S. are reinforcing security and privacy protections for lawmakers after a series of 2025 attacks, including the June 14 killing of Minnesota House Democratic Leader Melissa Hortman and her husband. Minnesota has logged 58 credible threats this year - more than double 2024 - and now funds home security systems for all legislators, adds a threat investigator role, and allows campaign funds to cover security. Other states, including California, Ohio, and Arizona, have adopted similar rules and are removing lawmakers’ home addresses from public sites as political violence and swatting incidents rise.
More info
REPUTATIONAL RISK
US Chipmakers Sued Over Russian Missiles
Microchip makers Intel, AMD, Texas Instruments, and Berkshire-owned Mouser Electronics face five lawsuits in Texas alleging “willful ignorance” as their semiconductors were diverted via third parties and shell companies to Russia and Iran, ending up in KH-101 and Iskander missiles and drones that killed Ukrainian civilians in five attacks between 2023 and 2025. Plaintiffs claim defective export‑control and diversion‑prevention systems rendered the firms negligent “merchants of death”, while the companies maintain they ceased doing business with Russia, comply with sanctions, and oppose any military use of their chips.
More info
TECHNOLOGICAL RISK
2025 Holiday Fraud Threats Escalate Significantly
For the period of October through December 2025, RH-ISAC forecasts an unprecedented threat to fraud across retail, hospitality, and travel organizations. This includes major increases in account takeovers, gift card theft, bot traffic, and refund fraud. Key risk periods are from November 17 to 29, with a peak throughout December. Pre-Thanksgiving malicious bot traffic is expected to increase by 520%, as genAI automation blurs the lines between legitimate and fraudulent activity. Critical threats include The Com affiliate extortion, credential harvesting, third-party data theft, and impersonation domains targeting payment data.
More info
HEALTH RISK
Second US Measles Surge Accelerates in South Carolina
The United States is facing its second major measles surge of 2025, with 1,900 total cases reported this year - a record since elimination. A rapidly growing outbreak in South Carolina has infected 111 people since October, forcing over 250 into quarantine and 16 into isolation. State officials cite holiday gatherings, travel, and low vaccination rates as key drivers, with 105 of the South Carolina cases occurring in unvaccinated individuals. Outbreaks persist in Utah (115 cases) and Arizona (176 cases). With 47 outbreaks nationwide this year, public health experts warn the U.S. risks losing its measles elimination status if transmission continues into January 2026.
More info
LEGAL & REGULATORY RISK
Google Braces for EU Antitrust Fine in 2026
Google faces an expected EU antitrust fine in 2026 for non-compliance with Digital Markets Act rules against self-preferencing in search results, Reuters reports, citing sources. Charged in March 2025 for favoring Google Shopping, Hotels, and Flights over competitors, the company's October remedial proposals remain insufficient under DMA standards. Violations carry penalties up to 10% of global annual turnover. Google maintains its search tweaks to protect European businesses seeking direct customer access, while the Commission continues negotiations allowing potential compliance without fines. The case reflects broader EU enforcement pressure on U.S. tech firms, with separate Google Play investigations underway.
More info
OPERATIONAL RISK
Starbucks Strike Enters Fifth Week Without Resolution
Starbucks Workers United's "Red Cup Rebellion" strike has expanded into its fifth week with 3,800 baristas across 180 stores in 130 U.S. cities now participating, marking the company's longest strike in history. Since November 13, 36 new stores in 34 cities have joined the action over allegations of unfair labor practices. International solidarity demonstrations occurred in 17 cities across 14 countries on December 11. Contract negotiations stalled in November despite tentative agreements on 30 articles; the union demands 65% immediate pay increases, improved staffing, and ULP resolution, while Starbucks claims minimal operational impact with 99% store service continuity. The company's $35.5 million NYC Fair Workweek settlement failed to restart negotiations.
More info
STRATEGIC RISK
Alternative Social Media Apps Surge as Australia Teen Ban Starts
Australia has implemented a world-first social media ban for users under 16, requiring platforms including TikTok, Facebook, Instagram, X, YouTube, Snapchat, Reddit, Kick, Twitch, and Threads to remove accounts by December 11, 2025. Non-compliance risks fines up to $49.5 million AUD. Age verification failures have emerged, with some minors bypassing facial recognition tests. Two-thirds of Australian voters support the policy. International attention is high, with Malaysia, Denmark, Norway, and the EU signaling adoption. eSafety Commissioner Julie Inman Grant will conduct independent evaluations assessing mental health, academic, and unintended consequences, including migration to "darker" platforms.
More info
FINANCIAL RISK
China's Vanke Loses State Support, Faces Restructuring
China Vanke, considered the property sector's last "too-big-to-fail" survivor, has lost critical state support as its $50 billion debt crisis deepens. In November, shareholder Shenzhen Metro capped financing and demanded collateral, signaling official patience exhausted. The company is insolvent per China International Capital Corp.'s assessment, with dollar bonds trading at 20 cents on the dollar. Vanke's chairman and former CEO were reportedly taken into custody by authorities; regulators declined to intervene in late November. The property giant now faces inevitable market-driven restructuring, affecting over $7 billion in overseas debt. Experts warn that Vanke's collapse will damage homebuyer confidence, strain banks, and complicate China's broader property market recovery, despite lower real estate's dependence on GDP.
More info
POLITICAL RISK
Bulgarian Government Resigns Amid Mass Corruption Protests
Bulgarian Prime Minister Rosen Zhelyazkov's center-right government resigned following mass anti-corruption protests, just 20 days before the country's scheduled eurozone accession on January 1, 2026. Tens of thousands filled Sofia's center demanding the ouster of Zhelyazkov, former PM Boyko Borissov, and sanctioned oligarch Delyan Peevski. The minority government, in power since January 2025, had survived five previous no-confidence votes. Zhelyazkov scrapped a controversial 2026 budget plan in response to demonstrators but ultimately stepped down ahead of a parliamentary vote. Despite political instability - marking the eighth potential election cycle since 2020 - analysts believe Bulgaria's euro adoption remains on track.