In this episode, we examine the major data breach at Century Support Services—also operating under the name Next Level Finance Partners—that exposed the personal information of over 160,000 individuals. While the company discovered indicators of a cyberattack as early as November 2023, it wasn’t until May 2024 that investigators confirmed sensitive data had likely been accessed or exfiltrated. The exposed data is deeply sensitive: names, Social Security numbers, dates of birth, driver’s license and passport details, health and financial information, and even digital signatures.

This breach is notable not just for its scale, but for its opacity—no ransomware group has claimed responsibility, and the breach remained largely under the radar compared to other high-profile cyber incidents. Yet the implications are just as serious.

We dig into what this breach reveals about the current state of cybersecurity and breach response across industries. From the rise of data leakage as a legally defined event to the complexities of breach detection timelines, this incident reflects many of the systemic issues plaguing organizations today.

Topics explored include:

• The anatomy of the Century Support breach: timeline, scope, and the delayed confirmation of data compromise.
• Legal definitions and disclosure obligations surrounding personal data exposure.
• The evolution of data breaches since the early 2000s—and why most are still detected by third parties, not the breached company.
• Common vulnerabilities that enable such breaches: lack of encryption, social engineering, and third-party risk.
• The dark web economy: how exposed data circulates and why victims face elevated identity theft risk for years.
• The role of breach response playbooks, including incident containment, legal reporting, and the offer of identity theft protection (and why consumer uptake remains low).
• Why attackers might remain silent—exploring motivations and the growing role of stealth attacks not associated with ransomware branding.

As attacks become more intricate and visibility more difficult, the Century Support Services case underscores a larger truth: data breaches are no longer exceptional events—they are persistent, costly, and often avoidable failures of digital trust.

In this episode, we explore the mounting scrutiny TikTok faces over its handling of European user data, with the EU’s Data Protection Commission (DPC) launching a fresh investigation into alleged transfers of data to China. TikTok, owned by Beijing-based ByteDance, is once again in the crosshairs for possible violations of the General Data Protection Regulation (GDPR) — this time following revelations that contradicted previous assurances given during a years-long inquiry.

At the heart of the episode lies the broader question: Who controls data in a globalized, politically fractured internet?

We delve into the intricate politics of data localization, examining how governments are increasingly treating data flows as matters of sovereignty and national security. With the EU enforcing a rights-based data protection regime and China emphasizing state-centric control through its Personal Information Protection Law (PIPL), companies like TikTok are navigating a legal minefield where compliance in one jurisdiction could mean noncompliance in another.

Topics discussed include:

• TikTok’s €530 million GDPR fine and the new inquiry sparked by undisclosed data transfers to Chinese servers.
• The role of Project Clover, TikTok’s €12 billion initiative to localize EU user data and build trust through European-based infrastructure and security auditing.
• How GDPR’s Article 46 requires equivalency in legal safeguards for any cross-border data transfers, and why Chinese laws such as the National Intelligence Law fail that test.
• The strategic enforcement power of the Irish DPC and how remote access, not just physical storage, is now classified as a “data transfer” under GDPR.
• The stark contrast between GDPR and China’s PIPL: one centers on individual rights and transparency, while the other prioritizes state surveillance and geopolitical control.
• The collateral damage to global cloud computing, API efficiency, and data redundancy when localization laws fragment digital ecosystems.
• Europe’s evolving stance toward Chinese tech firms—once seen through a commercial lens, now increasingly treated as security and sovereignty issues.

Through the lens of the TikTok case, this episode unpacks the new realities of digital governance, where data is power, and control over that data is rapidly becoming a tool of foreign policy. For enterprises and policymakers alike, the challenge is not just about compliance, but navigating a digital world divided by legal borders and political agendas.

As the cybersecurity landscape shifts toward hyperautomation and AI-driven autonomy, a new frontier has emerged: the identity and access security of machines. In this episode, we explore Booz Allen Ventures’ strategic investment in Corsha, a company at the forefront of Machine Identity Provider (mIDP) technology. Their collaboration marks a pivotal moment in redefining how we secure machine-to-machine (M2M) communication, especially in operational environments and critical infrastructure.

Corsha’s platform addresses a seismic transformation: machines now outnumber humans in digital ecosystems by a ratio of 50:1—or even 80:1 in some accounts. With the rise of Agentic AI, autonomous software agents are making decisions, executing tasks, and accessing networks without human oversight. This paradigm shift makes human-centric identity models obsolete and demands dynamic, cryptographic, and automated lifecycle management for non-human identities (NHIs).

This episode covers:

• Why identity is the new perimeter—and why it starts with machines.
• The vulnerabilities in today's identity and access management (IAM) frameworks, particularly in API-heavy, cloud-native environments where machines drive over 90% of all traffic.
• How Corsha’s mIDP delivers MFA for machines, manages millions of machine credentials, and secures connections across legacy industrial systems and modern cloud deployments.
• The significance of Corsha’s integration with traditional IdPs like EntraID and AWS IAM, bringing adaptive identity management to autonomous, interconnected ecosystems.
• The growing strategic alignment between national security imperatives and machine identity solutions. With Zero Trust becoming a mandate across U.S. federal agencies, Corsha’s capabilities directly support mission-critical autonomy, AI governance, and cyber-physical resilience.
• The role of Booz Allen Ventures in not just funding Corsha but helping scale its solutions for government and industrial sectors. The firm sees Corsha as “foundational infrastructure for next-generation mission systems.”
• How this investment follows Corsha’s Series A and A-1 rounds, and enables the expansion of Corsha Labs, advancing agentless behavioral identity and AI-enhanced IAM for autonomous systems.

We conclude with a forward-looking view: as critical infrastructure, defense systems, and industrial operations become more automated, machine identity will become as central as human authentication is today. With Agentic AI accelerating the pace of change, Corsha—and investments like Booz Allen’s—are laying the groundwork for a secure, autonomous future.