Global Risk Intelligence: January 26, 2026 Executive Briefing

PRIVACY RISK

Under Armour's Silent Data Breach - 72M Exposed

Under Armour said on January 22, 2026, that it is investigating claims that a breach in late 2025 exposed about 72 million customer email addresses, according to Have I Been Pwned. Stolen records may also include names, gender, birthdates, and ZIP codes, increasing the risk of phishing and identity profiling. The Baltimore-based retailer said there is no evidence that UA.com payment systems, password stores, or financial data were affected, and HIBP CEO Troy Hunt said current data support that view. Hunt nonetheless flagged the absence of a formal disclosure despite the breach’s scale.

More info

PHYSICAL RISK

Inside a £1M Smash-and-Grab: Surveillance Clues Point to Inside Help

A Nottinghamshire couple said masked intruders forced entry by smashing a patio door at their home off Knowle Lane, Kimberley, in December, stealing valuables estimated at £1m. The group’s questioning - “where’s the watches, where’s the safe, and where’s your son?” - suggests prior surveillance or insider knowledge rather than opportunistic burglary. Police images show items taken, including a Rolex and designer handbags. The attackers left quickly after accessing the safe, implying a time-bound, preplanned operation. Crimestoppers has offered up to £7,500 for information leading to convictions.

More info

REPUTATIONAL RISK

AI-Edited Mugshot - How AI Alterations Undermine Evidence

League City, Texas police said they used Canva to digitally “enhance” a blurry mugshot of Carmen Fernandez, charged with organized retail theft tied to alleged tens of thousands of dollars in stolen Ulta Beauty products across multiple counties. The AI-altered image was distributed via press releases and Facebook, prompting criticism over transparency and evidentiary integrity. Sgt. Jason Gray said the intent was clarity, not altering appearance. Lawyer Vik Vij warned such edits can erode public trust; police said they will review policies and retrain staff.

More info

TECHNOLOGICAL RISK

State Actors Deploy AI in Active Cyber Operations

In a Cloud CISO Perspectives post, Sandra Joyce (Google Threat Intelligence) reports a shift from adversaries using generative AI for “productivity” to deploying AI-enabled capabilities in active operations. Google describes its first observed case of malware querying an LLM during execution: PROMPTSTEAL, linked to Russia’s APT28/FROZENLAKE in June 2025, which queried Hugging Face to generate commands for system discovery and data theft. Google also flags prompt social-engineering to bypass safeguards, a maturing underground market for illicit AI tooling, and state actors (PRC, Iran, North Korea) integrating AI across the attack lifecycle.

More info

HEALTH RISK

The Hidden Cost of Pakistan's Medical Free-for-All

An AFP report highlights Pakistan’s struggle to curb widespread unlicensed medical practice, with the Pakistan Medical Association estimating 600,000+ “fake doctors” nationwide - figures echoed by the Sindh Healthcare Commission (SHCC) using professional council estimates. In Sindh, one practitioner charged 300 rupees (~$1) per visit despite lacking authorization, while experts warned of unsafe dosing, misdiagnosis, and reuse of non-sterilized equipment that can accelerate transmission of hepatitis and HIV/AIDS. Regulators cite weak laws, easy bail, limited enforcement capacity, and security risks to inspectors, while major hospitals report overload due to complications of improper care.

More info

LEGAL & REGULATORY RISK

UK Explores Radical Curbs on Kids' Tech Access

The UK government launched a consultation and “national conversation” on children’s social media use, alongside tougher guidance making schools “phone-free by default” and requiring Ofsted to assess enforcement during inspections. Options under review include raising the digital age of consent, phone curfews, stronger age assurance, limits on “streaks” and “infinite scrolling”, and even a child social media ban, with ministers visiting Australia for lessons. Despite 99.9% of primaries and 90% of secondaries having policies, 58% of secondary pupils report unauthorized phone use. A formal response is due in the summer of 2026.

More info

OPERATIONAL RISK

Double Transformer Fire Forces Tengiz Oilfield Offline

Kazakhstan has formed a special commission to investigate a January 18 incident that forced the temporary shutdown of the Tengiz oilfield, operated by Tengizchevroil (a Chevron-led consortium; Chevron holds a 50% stake). Officials said two transformer fires at the GTES-4 power plant disrupted electricity supply to Tengiz and the nearby Korolev field, halting both production and exports. Tengiz was producing about 360,000 bpd before the outage and is expected to remain offline for at least 7–10 days. The disruption helped lift Brent above $65/bbl, underscoring regional supply sensitivity via the CPC route to Novorossiysk.

More info

STRATEGIC RISK

America’s AI Regulation War Heats Up

An MIT Technology Review analysis argues the U.S. is heading toward a court-driven fight over AI regulation after President Donald Trump signed a December 11, 2025, executive order aimed at limiting state AI laws, including via a DOJ task force and potential cuts to federal broadband funding. States are still advancing: New York’s RAISE Act was signed December 19, and California launched frontier-model safety law SB 53 on January 1, 2026. With Congress stalled, 2026 may feature litigation, heavy super PAC spending, and child-safety and data-center resource bills.

More info

FINANCIAL RISK

Audit Flags MaineCare $28.7M Overpayments

A federal HHS Office of Inspector General audit alleges Maine made nearly $46 million in improper MaineCare payments for community support services for children with autism in 2023, citing documentation and compliance gaps rather than fraud. The audit was triggered partly by spending growth from roughly $52 million (2019) to $80+ million (2023) and recommends that Maine refund $28.7 million to the federal government. DHHS said it is reviewing claims and will recover and repay any identified overpayments. The findings intensified legislative scrutiny, with the Government Oversight Committee moving to review 16 poorly documented state contracts and broader procurement controls.

More info

POLITICAL RISK

Peru's Political Crisis Deepens as Interim President Admits Undisclosed Chinese Contacts

Peru’s interim President José Jerí faced a congressional oversight committee on January 21, 2026, over unregistered meetings with two Chinese business owners, triggering calls for his removal and a criminal probe. Jerí said he met Yang Zhihua at a restaurant and store between late December and early January and framed the contacts as planning for Peruvian-Chinese Friendship Day (February 1). Scrutiny intensified after a December 26 restaurant visit where he reportedly wore a hood. Jerí also acknowledged that Ji Wu Xiaodong had entered the presidential palace three times despite being under house arrest in an illegal logging case. Prosecutors have opened a preliminary inquiry into influence peddling and illegal lobbying as Peru heads toward elections on April 12.

More info