On April 20, 2026, an attacker using the alias "dylanmarly" disclosed a breach of Be Prime , a Monterrey-based cybersecurity services firm whose clients include Iberdrola, ArcelorMittal, Whirlpool, and Alsea (the operator of Starbucks Mexico, Domino's, and Vips). The Register and State of Surveillance reported that the attacker exfiltrated 12.6 GB of data, including plaintext credentials and security audit reports, took control of 1,858 Cisco Meraki devices, and — most viscerally — gained live access to surveillance camera feeds inside client offices. The proximate cause is a familiar one: an admin account without two-factor authentication. Be Prime's response — threatening legal action against the journalists who reported the story — has done more for the headline's longevity than the original disclosure ever could have.…