When Freesia Gaul discovered MIT Open Learning’s OpenCourseWare at just 14 years old, it opened up a world of learning far beyond what her classrooms could offer. Her parents had started a skiing company, and the seasonal work meant that Gaul had to change schools every six months. Growing up in small towns in Australia and Canada, she relied on the internet to fuel her curiosity.

“I went to 13 different schools, which was hard because you're in a different educational system every single time,” says Gaul. “That’s one of the reasons I gravitated toward online learning and teaching myself. Knowledge is something that exists beyond a curriculum.”

The small towns she lived in often didn’t have a lot of resources, she says, so a computer served as a main tool for learning. She enjoyed engaging with Wikipedia, ultimately researching topics and writing and editing content for pages. In 2018, she discovered MIT OpenCourseWare, part of MIT Open Learning, and took her first course. OpenCouseWare offers free, online, open educational resources from more than 2,500 MIT undergraduate and graduate courses. 

“I really got started with the OpenCourseWare introductory electrical engineering classes, because I couldn’t find anything else quite like it online,” says Gaul, who was initially drawn to courses on circuits and electronics, such as 6.002 (Circuits and Electronics) and 6.01SC (Introduction to Electrical Engineering and Computer Science). “It really helped me in terms of understanding how electrical engineering worked in a practical sense, and I just started modding things.”

In true MIT “mens et manus” (“mind and hand”) fashion, Gaul spent much of her childhood building and inventing, especially when she was able to access a 3D printer. She says that a highlight was when she built a life-sized, working version of a Mario Kart, constructed out of materials she had printed.

Gaul calls herself a “serial learner,” and has taken many OpenCourseWare courses. In addition to classes on circuits and electronics, she also took courses in linear algebra, calculus, and quantum physics — in which she took a particular interest. 

When she was 15, she participated in Qubit by Qubit. Hosted by The Coding School, in collaboration with universities (including MIT) and tech companies, this two-semester course introduces high schoolers to quantum computing and quantum physics. 

During that time she started a blog called On Zero, representing the “zero state” of a qubit. “The ‘zero state’ in a quantum computer is the representation of creativity from nothing, infinite possibilities,” says Gaul. For the blog, she found different topics and researched them in depth. She would think of a topic or question, such as “What is color?” and then explore it in great detail. What she learned eventually led her to start asking questions such as “What is a hamiltonian?” and teaching quantum physics alongside PhDs.

Building on these interests, Gaul chose to study quantum engineering at the University of New South Wales. She notes that on her first day of university, she participated in iQuHack, the MIT Quantum Hackathon. Her team worked to find a new way to approximate the value of a hyperbolic function using quantum logic, and received an honorable mention for “exceptional creativity.”

Gaul’s passion for making things continued during her college days, especially in terms of innovating to solve a problem. When she found herself on a train, wanting to code a personal website on a computer with a dying battery, she wondered if there might be a way to make a glove that can act as a type of Bluetooth keyboard — essentially creating a way to type in the air. In her spare time, she started working on such a device, ultimately finding a less expensive way to build a lightweight, haptic, gesture-tracking glove with applications for virtual reality (VR) and robotics.

Gaul says she has always had an interest in VR, using it to create her own worlds, reconstruct an old childhood house, and play Dungeons and Dragons with friends. She discovered a way to put into a glove some small linear resonant actuators, which can be found in a smartphone or gaming controller, and map to any object in VR so that the user can feel it.

An early prototype that Gaul put together in her dorm room received a lot of attention on YouTube. She went on to win the People’s Choice award for it at the SxSW Sydney 2025 Tech and Innovation Festival. This design also sparked her co-founding of the tech startup On Zero, named after her childhood blog dedicated to the love of creation from nothing.

Gaul sees the device, in general, as a way of “paying it forward,” making improved human-computer interaction available to many — from young students to professional technologists. She hopes to enable creative freedom in as many as she can. “The mind is just such a fun thing. I want to empower others to have the freedom to follow their curiosity, even if it's pointless on paper.

“I’ve benefited from people going far beyond what they needed to do to help me,” says Gaul. “I see OpenCourseWare as a part of that. The free courses gave me a solid foundation of knowledge and problem-solving abilities. Without these, it wouldn’t be possible to do what I’m doing now.”

Another year has come and gone, and with it, thousands of data breaches that affect millions of people. The question these days is less, Is my information in a data breach this year? and more How many data breaches had my information in them this year? 

Some data breaches are more noteworthy than others. Where one might affect a small number of people and include little useful information, like a name or email address, others might include data ranging from a potential medical diagnosis to specific location information. To catalog and talk about these breaches we created the Breachies, a series of tongue-in-cheek awards, to highlight the most egregious data breaches. 

In most cases, if these companies practiced a privacy first approach and focused on data minimization, only collecting and storing what they absolutely need to provide the services they promise, many data breaches would be far less harmful to the victims. But instead, companies gobble up as much as they can, store it for as long as possible, and inevitably at some point someone decides to poke in and steal that data. Once all that personal data is stolen, it can be used against the breach victims for identity theft, ransomware attacks, and to send unwanted spam. It has become such a common occurrence that it’s easy to lose track of which breaches affect you, and just assume your information is out there somewhere. Still, a few steps can help protect your information.

With that, let’s get to the awards.

The Winners

• The Say Something Without Saying Anything Award: Mixpanel
• The We Still Told You So Award: Discord
• The Tea for Two Award: Tea Dating Advice and TeaOnHer
• The Just Stop Using Tracking Tech Award: Blue Shield of California
• The Hacker's Hall Pass Award: PowerSchool
• The Worst. Customer. Service. Ever. Award: TransUnion
• The Annual Microsoft Screwed Up Again Award: Microsoft
• The I Didn’t Even Know You Had My Information Award: Gravy Analytics
• The Keeping Up With My Cybertruck Award: Teslamate
• The Disorder in the Courts Award: PACER
• The Only Stalkers Allowed Award: Catwatchful
• The Why We’re Still Stuck on Unique Passwords Award: Plex
• The Uh, Yes, Actually, I Have Been Pwned Award: Troy Hunt’s Mailing List
• (Dis)honorable Mentions

The Say Something Without Saying Anything Award: Mixpanel

We’ve long warned that apps delivering your personal information to third-parties, even if they aren’t the ad networks directly driving surveillance capitalism, presents risks and a salient target for hackers. The more widespread your data, the more places attackers can go to find it. Mixpanel, a data analytics company which collects information on users of any app which incorporates its SDK, suffered a major breach in November this year. The service has been used by a wide array of companies, including the Ring Doorbell App, which we reported on back in 2020 delivering a trove of information to Mixpanel, and PornHub, which despite not having worked with the company since 2021, had its historical record of paying subscribers breached.    

There’s a lot we still don’t know about this data breach, in large part because the announcement about it is so opaque, leaving reporters with unanswered questions about how many were affected, if the hackers demanded a ransom, and if Mixpanel employee accounts utilized standard security best practices. One thing is clear, though: the breach was enough for OpenAI to drop them as a provider, disclosing critical details on the breach in a blog post that Mixpanel’s own announcement conveniently failed to mention.

The worst part is that, as a data analytics company providing libraries which are included in a broad range of apps, we can surmise that the vast majority of people affected by this breach have no direct relationship with Mixpanel, and likely didn’t even know that their devices were delivering data to the company. These people deserve better than vague statements by companies which profit off of (and apparently insufficiently secure) their data.

The We Still Told You So Award: Discord

Last year, AU10TIX won our first The We Told You So Award because as we predicted in 2023, age verification mandates would inevitably lead to more data breaches, potentially exposing government IDs as well as information about the sites that a user visits. Like clockwork, they did. It was our first We Told You So Breachies award, but we knew it wouldn’t be the last. 

Unfortunately, there is growing political interest in mandating identity or age verification before allowing people to access social media or adult material. EFF and others oppose these plans because they threaten both speech and privacy. 

Nonetheless, this year’s winner of The We Still Told You So Breachies Award is the messaging app, Discord — once known mainly for gaming communities, it now hosts more than 200 million monthly active users and is widely used to host fandom and community channels. 

In September of this year, much of Discord’s age verification data was breached — including users’ real names, selfies, ID documents, email and physical addresses, phone numbers, IP addresses, and other contact details or messages provided to customer support. In some cases, “limited billing information” was also accessed—including payment type, the last four digits of credit card numbers, and purchase histories. 

Technically though, it wasn’t Discord itself that was hacked but their third-party customer support provider — a company called Zendesk—that was compromised, allowing attackers to access Discord’s user data. Either way, it’s Discord users who felt the impact. 

The Tea for Two Award: Tea Dating Advice and TeaOnHer

Speaking of age verification, Tea, the dating safety app for women, had a pretty horrible year for data breaches. The app allows users to anonymously share reviews and safety information about their dates with men—helping keep others safe by noting red flags they saw during their date.

Since Tea is aimed at women’s safety and dating advice, the app asks new users to upload a selfie or photo ID to verify their identity and gender to create an account. That’s some pretty sensitive information that the app is asking you to trust it with! Back in July, it was reported that 72,000 images had been leaked from the app, including 13,000 images of photo IDs and 59,000 selfies. These photos were found via an exposed database hosted on Google’s mobile app development platform, Firebase. And if that isn’t bad enough, just a week later a second breach exposed private messages between users, including messages with phone numbers, abortion planning, and discussions about cheating partners. This breach included more than 1.1 million messages from early 2023 all the way to mid-2025, just before the breach was reported. Tea released a statement shortly after, temporarily disabling the chat feature.

But wait, there’s more. A completely different app based on the same idea, but for men, also suffered a data breach. TeaOnHer failed to protect similar sensitive data. In August, TechCrunch discovered that user information — including emails, usernames, and yes, those photo IDs and selfies — was accessible through a publicly available web address. Even worse? TechCrunch also found the email address and password the app’s creator uses to access the admin page.

Breaches like this are one of the reasons that EFF shouts from the rooftops against laws that mandate user verification with an ID or selfie. Every company that collects this information becomes a target for data breaches — and if a breach happens, you can’t just change your face. 

The Just Stop Using Tracking Tech Award: Blue Shield of California

Another year, another data breach caused by online tracking tools. 

In April, Blue Shield of California revealed that it had shared 4.7 million people’s health data with Google by misconfiguring Google Analytics on its website. The data, which may have been used for targeted advertising, included: people’s names, insurance plan details, medical service providers, and patient financial responsibility. The health insurance company shared this information with Google for nearly three years before realizing its mistake.

If this data breach sounds familiar, it’s because it is: last year’s Just Stop Using Tracking Tech award also went to a healthcare company that leaked patient data through tracking code on its website. Tracking tools remain alarmingly common on healthcare websites, even after years of incidents like this one. These tools are marketed as harmless analytics or marketing solutions, but can expose people’s sensitive data to advertisers and data brokers. 

EFF’s free Privacy Badger extension can block online trackers, but you shouldn’t need an extension to stop companies from harvesting and monetizing your medical data. We need a strong, federal privacy law and ban on online behavioral advertising to eliminate the incentives driving companies to keep surveilling us online. 

The Hacker's Hall Pass Award: PowerSchool

 In December 2024, PowerSchool, the largest provider of student information systems in the U.S., gave hackers access to sensitive student data. The breach compromised personal information of over 60 million students and teachers, including Social Security numbers, medical records, grades, and special education data. Hackers exploited PowerSchool’s weak security—namely, stolen credentials to their internal customer support portal—and gained unfettered access to sensitive data stored by school districts across the country.

PowerSchool failed to implement basic security measures like multi-factor authentication, and the breach affected districts nationwide. In Texas alone, over 880,000 individuals’ data was exposed, prompting the state's attorney general to file a lawsuit, accusing PowerSchool of misleading its customers about security practices. Memphis-Shelby County Schools also filed suit, seeking damages for the breach and the cost of recovery.

While PowerSchool paid hackers an undisclosed sum to prevent data from being published, the company’s failure to protect its users’ data raises serious concerns about the security of K-12 educational systems. Adding to the saga, a Massachusetts student, Matthew Lane, pleaded guilty in October to hacking and extorting PowerSchool for $2.85 million in Bitcoin. Lane faces up to 17 years in prison for cyber extortion and aggravated identity theft, a reminder that not all hackers are faceless shadowy figures — sometimes they’re just a college kid.

The Worst. Customer. Service. Ever. Award: TransUnion

Credit reporting giant TransUnion had to notify its customers this year that a hack nabbed the personal information of 4.4 million people. How'd the attackers get in? According to a letter filed with the Maine Attorney General's office obtained by TechCrunch, the problem was a “third-party application serving our U.S. consumer support operations.” That's probably not the kind of support they were looking for. 

TransUnion said in a Texas filing that attackers swept up “customers’ names, dates of birth, and Social Security numbers” in the breach, though it was quick to point out in public statements that the hackers did not access credit reports or “core credit data.” While it certainly could have been worse, this breach highlights the many ways that hackers can get their hands on information. Coming in through third-parties, companies that provide software or other services to businesses, is like using an unguarded side door, rather than checking in at the front desk. Companies, particularly those who keep sensitive personal information, should be sure to lock down customer information at all the entry points. After all, their decisions about who they do business with ultimately carry consequences for all of their customers — who have no say in the matter.

The Annual Microsoft Screwed Up Again Award: Microsoft

Microsoft is a company nobody feels neutral about. Especially in the infosec world. The myriad software vulnerabilities in Windows, Office, and other Microsoft products over the decades has been a source of frustration and also great financial rewards for both attackers and defenders. Yet still, as the saying goes: “nobody ever got fired for buying from Microsoft.” But perhaps, the times, they are a-changing. 

In July 2025, it was revealed that a zero-day security vulnerability in Microsoft’s flagship file sharing and collaboration software, SharePoint, had led to the compromise of over 400 organizations, including major corporations and sensitive government agencies such as the National Nuclear Security Administration (NNSA), the federal agency responsible for maintaining and developing the U.S. stockpile of nuclear weapons. The attack was attributed to three different Chinese government linked hacking groups. Amazingly, days after the vulnerability was first reported, there were still thousands of vulnerable self-hosted Sharepoint servers online. 

Zero-days happen to tech companies, large and small. It’s nearly impossible to write even moderately complex software that is bug and exploit free, and Microsoft can’t exactly be blamed for having a zero-day in their code. But when one company is the source of so many zero-days consistently for so many years, one must start wondering whether they should put all their eggs (or data) into a basket that company made. Perhaps if Microsoft’s monopolistic practices had been reined in back in the 1990s we wouldn’t be in a position today where Sharepoint is the defacto file sharing software for so many major organizations. And maybe, just maybe, this is further evidence that tech monopolies and centralization of data aren’t just bad for consumer rights, civil liberties, and the economy—but also for cybersecurity. 

The Silver Globe Award: Flat Earth Sun, Moon & Zodiac

Look, we’ll keep this one short: in October of last year, researchers found security issues in the flat earther app, Flat Earth, Sun, Moon, & Clock. In March of 2025, that breach was confirmed. What’s most notable about this, aside from including a surprising amount of information about gender, name, email addresses and date of birth, is that it also included users’ location info, including latitude and longitude. Huh, interesting.

The I Didn’t Even Know You Had My Information Award: Gravy Analytics

In January, hackers claimed they stole millions of people’s location history from a company that never should’ve had it in the first place: location data broker Gravy Analytics. The data included timestamped location coordinates tied to advertising IDs, which can reveal exceptionally sensitive information. In fact, researchers who reviewed the leaked data found it could be used to identify military personnel and gay people in countries where homosexuality is illegal. 

The breach of this sensitive data is bad, but Gravy Analytics’s business model of regularly harvesting and selling it is even worse. Despite the fact that most people have never heard of them, Gravy Analytics has managed to collect location information from a billion phones a day. The company has sold this data to other data brokers, makers of police surveillance tools, and the U.S. government. 

How did Gravy Analytics get this location information from people’s phones? The data broker industry is notoriously opaque, but this breach may have revealed some of Gravy Analytics’ sources. The leaked data referenced thousands of apps, including Microsoft apps, Candy Crush, Tinder, Grindr, MyFitnessPal, pregnancy trackers and religious-focused apps. Many of these app developers said they had no relationship with Gravy Analytics. Instead, expert analysis of the data suggests it was harvested through the advertising ecosystem already connected to most apps. This breach provides further evidence that online behavioral advertising fuels the surveillance industry. 

Whether or not they get hacked, location data brokers like Gravy Analytics threaten our privacy and security. Follow EFF’s guide to protecting your location data and help us fight for legislation to dismantle the data broker industry. 

The Keeping Up With My Cybertruck Award: Teslamate

TeslaMate, a tool meant to track Tesla vehicle data (but which is not owned or operated by Tesla itself), has become a cautionary tale about data security. In August, a security researcher found more than 1,300 self-hosted TeslaMate dashboards were exposed online, leaking sensitive information such as vehicle location, speed, charging habits, and even trip details. In essence, your Cybertruck became the star of its own Keeping Up With My Cybertruck reality show, except the audience wasn’t made up of fans interested in your lifestyle, just random people with access to the internet.

TeslaMate describes itself as “that loyal friend who never forgets anything!” — but its lack of proper security measures makes you wish it would. This breach highlights how easily location data can become a tool for harassment or worse, and the growing need for legislation that specifically protects consumer location data. Without stronger regulations around data privacy, sensitive location details like where you live, work, and travel can easily be accessed by malicious actors, leaving consumers with no recourse.

The Disorder in the Courts Award: PACER

Confidentiality is a core principle in the practice of law. But this year a breach of confidentiality came from an unexpected source: a breach of the federal court filing system. In August, Politico reported that hackers infiltrated the Case Management/Electronic Case Files (CM/ECF) system, which uses the same database as PACER, a searchable public database for court records. Of particular concern? The possibility that the attack exposed the names of confidential informants involved in federal cases from multiple court districts. Courts across the country acted quickly to set up new processes to avoid the possibility of further compromises.

The leak followed a similar incident in 2021 and came on the heels of a warning to Congress that the file system is more than a little creaky. In fact, an IT official from the federal court system told the House Judiciary Committee that both systems are “unsustainable due to cyber risks, and require replacement.”

The Only Stalkers Allowed Award: Catwatchful

Just like last year, a stalkerware company was subject to a data breach that really should prove once and for all that these companies must be stopped. In this case, Catwatchful is an Android spyware company that sells itself as a “child monitoring app.” Like other products in this category, it’s designed to operate covertly while uploading the contents of a victim’s phone, including photos, messages, and location information.

This data breach was particularly harmful, as it included not just the email addresses and passwords on the customers who purchased the app to install on a victim’s phone, but also the data from the phones of 26,000 victims’ devices, which could include the victims’ photos, messages, and real-time location data.

This was a tough award to decide on because Catwatchful wasn’t the only stalkerware company that was hit this year. Similar breaches to SpyX, Cocospy, and Spyic were all strong contenders. EFF has worked tirelessly to raise the alarm on this sort of software, and this year worked with AV Comparatives to test the stalkerware detection rate on Android of various major antivirus apps.

The Why We’re Still Stuck on Unique Passwords Award: Plex

Every year, we all get a reminder about why using unique passwords for all our accounts is crucial for protecting our online identities. This time around, the award goes to Plex, who experienced a data breach that included customer emails, usernames, and hashed passwords (which is a fancy way of saying passwords are scrambled through an algorithm, but it is possible they could still be deciphered).

If this all sounds vaguely familiar to you for some reason, that’s because a similar issue also happened to Plex in 2022, affecting 15 million users. Whoops.

This is why it is important to use unique passwords everywhere. A password manager, including one that might be free on your phone or browser, makes this much easier to do. Likewise, credential stuffing illustrates why it’s important to use two-factor authentication. Here’s how to turn that on for your Plex account.

The Uh, Yes, Actually, I Have Been Pwned Award: Troy Hunt’s Mailing List

Troy Hunt, the person behind Have I Been Pwned? and who has more experience with data breaches than just about anyone, also proved that anyone can be pwned. In a blog post, he details what happened to his mailing list:

You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the mailing list for this blog.

And he continues later:

I'm enormously frustrated with myself for having fallen for this, and I apologise to anyone on that list. Obviously, watch out for spam or further phishes and check back here or via the social channels in the nav bar above for more.

The whole blog is worth a read as a reminder that phishing can get anyone, and we thank Troy Hunt for his feedback on this and other breaches to include this year.

Tips to Protect Yourself

Data breaches are such a common occurrence that it’s easy to feel like there’s nothing you can do, nor any point in trying. But privacy isn’t dead. While some information about you is almost certainly out there, that’s no reason for despair. In fact, it’s a good reason to take action.

There are steps you can take right now with all your online accounts to best protect yourself from the the next data breach (and the next, and the next):

• Use unique passwords on all your online accounts. This is made much easier by using a password manager, which can generate and store those passwords for you. When you have a unique password for every website, a data breach of one site won’t cascade to others.
• Use two-factor authentication when a service offers it. Two-factor authentication makes your online accounts more secure by requiring additional proof (“factors”) alongside your password when you log in. While two-factor authentication adds another step to the login process, it’s a great way to help keep out anyone not authorized, even if your password is breached.
• Delete old accounts: Sometimes, you’ll get a data breach notification for an account you haven’t used in years. This can be a nice reminder to delete that account, but it’s better to do so before a data breach happens, when possible. Try to make it a habit to go through and delete old accounts once a year or so. 
• Freeze your credit. Many experts recommend freezing your credit with the major credit bureaus as a way to protect against the sort of identity theft that’s made possible by some data breaches. Freezing your credit prevents someone from opening up a new line of credit in your name without additional information, like a PIN or password, to “unfreeze” the account. This might sound absurd considering they can’t even open bank accounts, but if you have kids, you can freeze their credit too.
• Keep a close eye out for strange medical bills. With the number of health companies breached this year, it’s also a good idea to watch for healthcare fraud. The Federal Trade Commission recommends watching for strange bills, letters from your health insurance company for services you didn’t receive, and letters from debt collectors claiming you owe money. 

(Dis)Honorable Mentions

According to one report, 2025 had already seen 2,563 data breaches by October, which puts the year on track to be one of the worst by the sheer number of breaches.

We did not investigate every one of these 2,500-plus data breaches, but we looked at a lot of them, including the news coverage and the data breach notification letters that many state Attorney General offices host on their websites. We can’t award the coveted Breachies Award to every company that was breached this year. Still, here are some (dis)honorable mentions we wanted to highlight:

Salesforce, F5, Oracle, WorkComposer, Raw, Stiizy, Ohio Medical Alliance LLC, Hello Cake, Lovense, Kettering Health, LexisNexis, WhatsApp, Nexar, McDonalds, Congressional Budget Office, Doordash, Louis Vuitton, Adidas, Columbia University, Hertz, HCRG Care Group, Lexipol, Color Dating, Workday, Aflac, and Coinbase. And a special nod to last minute entrants Home Depot, 700Credit, and Petco.

What now? Companies need to do a better job of only collecting the information they need to operate, and properly securing what they store. Also, the U.S. needs to pass comprehensive privacy protections. At the very least, we need to be able to sue companies when these sorts of breaches happen (and while we’re at it, it’d be nice if we got more than $5.21 checks in the mail). EFF has long advocated for a strong federal privacy law that includes a private right of action.

Facing hospital closures, underfunded pediatric trials, and a persistent reliance on adult-oriented tools for children, the Hood Pediatric Innovation Hub welcomed nearly 200 leaders at Boston’s Museum of Science for MIT-Hood Pediatric Innovation 2025, an event focused on transforming the future of pediatric care through engineering and collaboration.

Hosted by the Hood Pediatric Innovation Hub — established at MIT through a gift by the Hood Foundation — the event brought together attendees from academia, health care, and industry to rethink how medical and technological breakthroughs can reach children faster. The gathering marked a new phase in the hub’s mission to connect scientific discovery with real-world impact.

“We have extraordinary science emerging every day, but the translation gap is widening,” said Joseph Frassica, professor of the practice in MIT’s Institute for Medical Engineering and Science and executive director of the Hood Pediatric Innovation Hub. “We can’t rely on the old model of innovation — we need new connective tissue between ideas, institutions, and implementation.”

Building collaboration across sectors

Speakers emphasized that pediatric medicine has long faced structural disadvantages compared with other fields — from smaller patient populations to limited commercial incentives. Yet they also described a powerful opportunity: to make pediatric innovation a proving ground for smarter, more human-centered health systems.

“The Hood Foundation has always believed that if you can improve care for children, you improve care for everyone,” said Neil Smiley, president of the Charles H. Hood Foundation. “Pediatrics pushes medicine to be smarter, more precise, and more humane — and that’s why this collaboration with MIT feels so right.”

Participants discussed how aligning efforts across universities, hospitals, and industry partners could help overcome the fragmentation that slows innovation, and ultimately translation. Speakers at the event highlighted case studies where cross-sector collaboration is already yielding results — from novel medical devices to data-driven clinical insights.

Connecting discovery to delivery

In his remarks, Elazer R. Edelman, the Edward J. Poitras Professor in Medical Engineering and Science at MIT and faculty lead for the Hood Pediatric Innovation Hub, reflected on how MIT’s engineering and medical communities can help close the loop between research and clinical application.

“This isn’t about creating something new for the sake of it — it’s about finally connecting the extraordinary expertise that already exists, from the lab to the clinic to the child’s bedside,” Edelman said. “That’s what MIT does best — we connect the dots.”

Throughout the day, attendees shared experiences from both the engineering and clinical viewpoints — acknowledging the complexities of regulation, funding, and adoption, while highlighting the shared responsibility to move faster on behalf of children.

A moment of convergence

The conversation also turned to the economics of innovation and the broader societal benefits of investing in pediatric health.

“The economic and social stakes couldn’t be higher,” said Jonathan Gruber, Ford Professor of Economics at MIT. “When we invest in children’s health, we invest in longer lives, stronger communities, and greater prosperity. The energy in this room shows what’s possible when we stop working in silos.”

By the end of the event, discussions had shifted from identifying barriers to designing solutions. Participants explored ideas ranging from translational fellowships and shared data platforms to new models for academic–industry partnership — each aimed at accelerating impact where it is needed most.

Looking ahead

“There’s a feeling that this is the moment,” Frassica said. “We have the tools, the data, and the will to transform how we care for children. The key now is keeping that spirit of collaboration alive — because when we do, we move the whole field forward.”

Building on the momentum from MIT-Hood Pediatric Innovation 2025, the Hood Pediatric Innovation Hub will continue to serve as a connector across disciplines and institutions, advancing projects that translate cutting-edge research into improved outcomes for children everywhere. In January, a new cohort of MIT Catalyst Fellows — early-career researchers embedded with frontline clinicians to identify unmet needs — will begin exploring solutions to challenges in pediatric and neonatal health care in partnership with the hub. 

This work is also part of a wider Institute effort. The Hood Pediatric Innovation Hub contributes to the broader mission of the MIT Health and Life Sciences Collaborative (HEALS), which brings together faculty, clinicians, and industry partners to accelerate breakthroughs across all areas of human health. As the hub deepens its own collaborations, its connection to HEALS helps ensure that advances in pediatric medicine are integrated into MIT’s larger push to improve health outcomes at scale.

The hub will also release a request for proposals in the coming months for the development of its first mentored projects — designed to bring together teams from engineering, medicine, and industry to accelerate progress in children’s health. Updates and details will be available at hoodhub.mit.edu.

As Smiley noted, progress in pediatric health often drives progress across all of medicine — and this gathering underscored that shared belief: when we work together for children, we build a healthier future for everyone.

As people age, their immune system function declines. T cell populations become smaller and can’t react to pathogens as quickly, making people more susceptible to a variety of infections.

To try to overcome that decline, researchers at MIT and the Broad Institute have found a way to temporarily program cells in the liver to improve T-cell function. This reprogramming can compensate for the age-related decline of the thymus, where T cell maturation normally occurs.

Using mRNA to deliver three key factors that usually promote T-cell survival, the researchers were able to rejuvenate the immune systems of mice. Aged mice that received the treatment showed much larger and more diverse T cell populations in response to vaccination, and they also responded better to cancer immunotherapy treatments.

If developed for use in patients, this type of treatment could help people lead healthier lives as they age, the researchers say.

“If we can restore something essential like the immune system, hopefully we can help people stay free of disease for a longer span of their life,” says Feng Zhang, the James and Patricia Poitras Professor of Neuroscience at MIT, who has joint appointments in the departments of Brain and Cognitive Sciences and Biological Engineering.

Zhang, who is also an investigator at the McGovern Institute for Brain Research at MIT, a core institute member at the Broad Institute of MIT and Harvard, an investigator in the Howard Hughes Medical Institute, and co-director of the K. Lisa Yang and Hock E. Tan Center for Molecular Therapeutics at MIT, is the senior author of the new study. Former MIT postdoc Mirco Friedrich is the lead author of the paper, which appears today in Nature.

A temporary factory

The thymus, a small organ located in front of the heart, plays a critical role in T-cell development. Within the thymus, immature T cells go through a checkpoint process that ensures a diverse repertoire of T cells. The thymus also secretes cytokines and growth factors that help T cells to survive.

However, starting in early adulthood, the thymus begins to shrink. This process, known as thymic involution, leads to a decline in the production of new T cells. By the age of approximately 75, the thymus is greatly reduced.

“As we get older, the immune system begins to decline. We wanted to think about how can we maintain this kind of immune protection for a longer period of time, and that's what led us to think about what we can do to boost immunity,” Friedrich says.

Previous work on rejuvenating the immune system has focused on delivering T cell growth factors into the bloodstream, but that can have harmful side effects. Researchers are also exploring the possibility of using transplanted stem cells to help regrow functional tissue in the thymus.

The MIT team took a different approach: They wanted to see if they could create a temporary “factory” in the body that would generate the T-cell-stimulating signals that are normally produced by the thymus.

“Our approach is more of a synthetic approach,” Zhang says. “We're engineering the body to mimic thymic factor secretion.”

For their factory location, they settled on the liver, for several reasons. First, the liver has a high capacity for producing proteins, even in old age. Also, it’s easier to deliver mRNA to the liver than to most other organs of the body. The liver was also an appealing target because all of the body’s circulating blood has to flow through it, including T cells.

To create their factory, the researchers identified three immune cues that are important for T-cell maturation. They encoded these three factors into mRNA sequences that could be delivered by lipid nanoparticles. When injected into the bloodstream, these particles accumulate in the liver and the mRNA is taken up by hepatocytes, which begin to manufacture the proteins encoded by the mRNA.

The factors that the researchers delivered are DLL1, FLT-3, and IL-7, which help immature progenitor T cells mature into fully differentiated T cells.

Immune rejuvenation

Tests in mice revealed a variety of beneficial effects. First, the researchers injected the mRNA particles into 18-month-old mice, equivalent to humans in their 50s. Because mRNA is short-lived, the researchers gave the mice multiple injections over four weeks to maintain a steady production by the liver.

After this treatment, T cell populations showed significant increases in size and function.

The researchers then tested whether the treatment could enhance the animals’ response to vaccination. They vaccinated the mice with ovalbumin, a protein found in egg whites that is commonly used to study how the immune system responds to a specific antigen. In 18-month-old mice that received the mRNA treatment before vaccination, the researchers found that the population of cytotoxic T-cells specific to ovalbumin doubled, compared to mice of the same age that did not receive the mRNA treatment.

The mRNA treatment can also boost the immune system’s response to cancer immunotherapy, the researchers found. They delivered the mRNA treatment to 18-month-old mice, who were then implanted with tumors and treated with a checkpoint inhibitor drug. This drug, which targets the protein PD-L1, is designed to help take the brakes off the immune system and stimulate T cells to attack tumor cells.

Mice that received the treatment showed much higher survival rates and longer lifespan that those that received the checkpoint inhibitor drug but not the mRNA treatment.

The researchers found that all three factors were necessary to induce this immune enhancement; none could achieve all aspects of it on their own. They now plan to study the treatment in other animal models and to identify additional signaling factors that may further enhance immune system function. They also hope to study how the treatment affects other immune cells, including B cells.

Other authors of the paper include Julie Pham, Jiakun Tian, Hongyu Chen, Jiahao Huang, Niklas Kehl, Sophia Liu, Blake Lash, Fei Chen, Xiao Wang, and Rhiannon Macrae.

The research was funded, in part, by the Howard Hughes Medical Institute, the K. Lisa Yang Brain-Body Center, part of the Yang Tan Collective at MIT, Broad Institute Programmable Therapeutics Gift Donors, the Pershing Square Foundation, J. and P. Poitras, and an EMBO Postdoctoral Fellowship.

For two days in September, Afghanistan had no internet. No satellite failed; no cable was cut. This was a deliberate outage, mandated by the Taliban government. It followed a more localized shutdown two weeks prior, reportedly instituted “to prevent immoral activities.” No additional explanation was given. The timing couldn’t have been worse: communities still reeling from a major earthquake lost emergency communications, flights were grounded, and banking was interrupted. Afghanistan’s blackout is part of a wider pattern. Just since the end of September, there were also major nationwide internet shutdowns in ...

The president’s swift destruction of regulations in his first year could help him make lasting changes, with the Supreme Court’s help.

The department used its emergency powers to delay the plant's retirement, which is a staple of the state's climate plans.

Property insurance price hikes and claims denials emerge as a political issue. "Being overcharged and cheated ... is a nonpartisan sentiment," Republican Gentner Drummond said.

The results suggest that public perceptions of the data center boom are still politically malleable.

A final energy plan approved by policymakers won’t meet the state's landmark 2019 climate law goals.

Under the latest deal, automakers could sell plug-in hybrids and range extenders after 2035.

Stricter climate policies would save hundreds of glaciers in Europe’s Alps and tens of thousands worldwide, study finds.

Assisted fertilization is gaining momentum in the Caribbean to counter the drastic loss of corals due to climate change.

A study used by the Network for Greening the Financial System that projected severe economic fallout from climate change was retracted.

This article may be updated.

Nuno Loureiro, a professor of nuclear science and engineering and of physics at MIT, has died. He was 47.

A lauded theoretical physicist and fusion scientist, and director of the MIT Plasma Science and Fusion Center, Loureiro joined MIT’s faculty in 2016. His research addressed complex problems lurking at the center of fusion vacuum chambers and at the edges of the universe.

Loureiro’s research at MIT advanced scientists’ understanding of plasma behavior, including turbulence, and uncovered the physics behind astronomical phenomena like solar flares. He was the Herman Feshbach (1942) Professor of Physics at MIT and was named director of the Plasma Science and Fusion Center in 2024, though his contributions to fusion science and engineering began far before that.

His research on magnetized plasma dynamics, magnetic field amplification, and confinement and transport in fusion plasmas helped inform the design of fusion devices that could harness the energy of fusing plasmas, bringing the dream of clean, near-limitless fusion power closer to reality.

“Nuno was not only a brilliant scientist, he was a brilliant person,” says Dennis Whyte, the Hitachi America Professor of Engineering, who previously served as the head of the Department of Nuclear Science and Engineering and director of the Plasma Science and Fusion Center. “He shone a bright light as a mentor, friend, teacher, colleague and leader, and was universally admired for his articulate, compassionate manner. His loss is immeasurable to our community at the PSFC, NSE and MIT, and around the entire fusion and plasma research world.”

“Nuno was a champion for plasma physics within the Physics Department, a wonderful and engaging colleague, and an inspiring and caring mentor for graduate students working in plasma science.  His recent work on quantum computing algorithms for plasma physics simulations was a particularly exciting new scientific direction,” says Deepto Chakrabarty, the William A. M. Burden Professor in Astrophysics and head of the Department of Physics.

Whether working on fusion or astrophysics research, Loureiro merged fundamental physics with technology and engineering, to maximize impact.

“There are people who are driven by technology and engineering, and others who are driven by fundamental mathematics and physics. We need both,” Loureiro said in 2019. “When we stimulate theoretically inclined minds by framing plasma physics and fusion challenges as beautiful theoretical physics problems, we bring into the game incredibly brilliant students — people who we want to attract to fusion development.”

Loureiro majored in physics at Instituto Superior Tecnico (IST) in Portugal and obtained a PhD in physics at Imperial College London in 2005. He conducted postdoctoral work at the Princeton Plasma Physics Laboratory for the next two years before moving to the UKAEA Culham Center for Fusion Energy in 2007. Loureiro returned to IST in 2009, where he was a researcher at the Institute for Plasmas and Nuclear Fusion until coming to MIT in 2016.

He wasted no time contributing to the intellectual environment at MIT, spending part of his first two years at the Institute working on the vexing problem of plasma turbulence. Plasma is the super-hot state of matter that serves as the fuel for fusion reactors. Loureiro’s lab at PSFC illuminated how plasma behaves inside fusion reactors, which could help prevent material failures and better contain the plasma to harvest electricity.

“Nuno was not only an extraordinary scientist and educator, but also a tremendous colleague, mentor, and friend who cared deeply about his students and his community. His absence will be felt profoundly across NSE and far beyond,” Benoit Forget, the KEPCO Professor and head of the Department of Nuclear Science and Engineering, wrote in an email to the department today.

On other fronts, Loureiro’s work in astrophysics helped reveal fundamental mechanisms of the universe. He put forward the first theory of turbulence in pair plasmas, which differ from regular plasmas and may be abundant in space. The work was driven, in part, by unprecedented observations of a binary neutron star merger in 2018.

As an assistant professor and then a full professor at MIT, Loureiro taught course 22.612 (Intro to Plasma Physics) and course 22.615 (MHD Theory of Fusion Systems), for which he was twice recognized with the Department of Nuclear Science and Engineering’s PAI Outstanding Professor Award.

Loureiro’s research earned him many prominent awards throughout his prolific career, including the National Science Foundation Career Award and the American Physical Society Thomas H. Stix Award for Outstanding Early Career Contributions to Plasma Physics Research. He was also an APS fellow. Earlier this year, he earned the Presidential Early Career Award for Scientists and Engineers.

The world’s most common construction material has a secret. Cement, the “glue” that holds concrete together, gradually “breathes in” and stores millions of tons of carbon dioxide (CO2) from the air over the lifetimes of buildings and infrastructure.  

A new study from the MIT Concrete Sustainability Hub quantifies this process, carbon uptake, at a national scale for the first time. Using a novel approach, the research team found that the cement in U.S. buildings and infrastructure sequesters over 6.5 million metric tons of CO2 annually. This corresponds to roughly 13 percent of the process emissions — the CO2 released by the underlying chemical reaction — in U.S. cement manufacturing. In Mexico, the same building stock sequesters about 5 million tons a year.   

But how did the team come up with those numbers? 

Scientists have known how carbon uptake works for decades. CO2 enters concrete or mortar — the mixture that glues together blocks, brick, and stones — through tiny pores, reacts with the calcium-rich products in cement, and becomes locked into a stable mineral called calcium carbonate, or limestone. 

The chemistry is well-known, but calculating the magnitude of this at scale is not. A concrete highway in Dallas sequesters CO2 differently than Mexico City apartments made from concrete masonry units (CMUs), also called concrete blocks or, colloquially, cinder blocks. And a foundation slab buried under the snow in Fairbanks, Alaska, “breathes in” CO2 at a different pace entirely. 

As Hessam AzariJafari, lead author and research scientist in the MIT Department of Civil and Environmental Engineering, explains, “Carbon uptake is very sensitive to context. Four major factors drive it: the type of cement used, the product we make with it — concrete, CMUs, or mortar — the geometry of the structure, and the climate and conditions it’s exposed to. Even within the same structure, uptake can vary five-fold between different elements.” 

As no two structures sequester CO2 in the same way, estimating uptake nationwide would normally require simulating an array of cement-based elements: slabs, walls, beams, columns, pavements, and more. On top of that, each of those has its own age, geometry, mixture, and exposure condition to account for.  

Seeing that this approach would be like trying to count every grain of sand on a beach, the team took a different route. They developed hundreds of archetypes, typical designs that could stand in for different buildings and pieces of infrastructure. It’s a bit like measuring the beach instead by mapping out its shape, depth, and shoreline to estimate how much sand usually sits in a given spot.  

With these archetypes in hand, the team modeled how each one sequesters CO2 in different environments and how common each is across every state in the United States and Mexico. In this way, they could estimate not just how much CO2 structures sequester, but why those numbers differ.  

Two factors stood out. The first was the “construction trend,” or how the amount of new construction had changed over the previous five years. Because it reflects how quickly cement products are being added to the building stock, it shapes how much cement each state consumes and, therefore, how much of that cement is actively carbonating. The second was the ratio of mortar to concrete, since porous mortars sequester CO2 an order of magnitude faster than denser concrete. 

In states where mortar use was higher, the fraction of CO2 uptake relative to process emissions was noticeably greater. “We observed something unique about Mexico: Despite using half the cement that the U.S. does, the country has three-quarters of the uptake,” notes AzariJafari. “This is because Mexico makes more use of mortars and lower-strength concrete, and bagged cement mixed on-site. These practices are why their uptake sequesters about a quarter of their cement manufacturing emissions.” 

While care must be taken for structural elements that use steel reinforcement, as uptake can accelerate corrosion, it’s possible to enhance the uptake of many elements without negative impacts. 

Randolph Kirchain, director of the MIT Concrete Sustainability Hub, principal research scientist in the MIT Materials Research Laboratory, and the senior author of this study, explains: “For instance, increasing the amount of surface area exposed to air accelerates uptake and can be achieved by foregoing painting or tiling, or choosing designs like waffle slabs with a higher surface area-to-volume ratio. Additionally, avoiding unnecessarily stronger, less-porous concrete mixtures than required would speed up uptake while using less cement.” 

“There is a real opportunity to refine how carbon uptake from cement is represented in national inventories,” AzariJafari comments. “The buildings around us and the concrete beneath our feet are constantly ‘breathing in’ millions of tons of CO2. Nevertheless, some of the simplified values in widely used reporting frameworks can lead to higher estimates than what we observe empirically. Integrating updated science into international inventories and guidelines such as the Intergovernmental Panel on Climate Change (IPCC) would help ensure that reported numbers reflect the material and temporal realities of the sector.” 

By offering the first rigorous, bottom-up estimation of carbon uptake at a national scale, the team’s work provides a more representative picture of cement’s environmental impact. As we work to decarbonize the built environment, understanding what our structures are already doing in the background may be just as important as the innovations we pursue moving forward. The approach developed by MIT researchers could be extended to other countries by combining global building-stock databases with national cement-production statistics. It could also inform the design of structures that safely maximize uptake. 

The findings were published Dec. 15 in the  Proceedings of the National Academy of Sciences. Joining AzariJafari and Kirchain on the paper are MIT researchers Elizabeth Moore of the Department of Materials Science and Engineering and the MIT Climate Project and former postdocs Ipek Bensu Manav SM ’21, PhD ’24 and Motahareh Rahimi, along with Bruno Huet and Christophe Levy from the Holcim Innovation Center in France.

The final EFFector of 2025 is here! Just in time to keep you up-to-date on the latests happenings in the fight for privacy and free speech online.

In this latest issue, we're sharing how to spot sneaky ALPR cameras at the U.S. border, covering a host of new resources on age verification laws, and explaining why AI companies need to protect chatbot logs from bulk surveillance.

Prefer to listen in? Check out our audio companion, where EFF Activist Molly Buckley explains our new resource explaining age verification laws and how you can fight back. Catch the conversation on YouTube or the Internet Archive.

LISTEN TO EFFECTOR

EFFECTOR 37.18 - 🪪 AGE VERIFICATION IS COMING FOR THE INTERNET

Since 1990 EFF has published EFFector to help keep readers on the bleeding edge of their digital rights. We know that the intersection of technology, civil liberties, human rights, and the law can be complicated, so EFFector is a great way to stay on top of things. The newsletter is chock full of links to updates, announcements, blog posts, and other stories to help keep readers—and listeners—up to date on the movement to protect online privacy and free expression. 

Thank you to the supporters around the world who make our work possible! If you're not a member yet, join EFF today to help us fight for a brighter digital future.

New report: “The Party’s AI: How China’s New AI Systems are Reshaping Human Rights.” From a summary article:

China is already the world’s largest exporter of AI powered surveillance technology; new surveillance technologies and platforms developed in China are also not likely to simply stay there. By exposing the full scope of China’s AI driven control apparatus, this report presents clear, evidence based insights for policymakers, civil society, the media and technology companies seeking to counter the rise of AI enabled repression and human rights violations, and China’s growing efforts to project that repression beyond its borders...

The House-passed National Defense Authorization Act would spur an investigation of whether the U.S. military bio-engineered Lyme disease.

Withdrawals are increasing as the government hikes its premiums to in part compensate for damage associated with climate change.