This week: The government’s HR boss resigned over a data breach that was way worse than anyone imagined, the FBI and Justice Department griped about encryption before the Senate, and Italian spyware-vendor Hacking Team got doxxed (rather ironically). Ah well. Stay safe, and have a great weekend.

(Feedback on Threat Sheet? Tweet me at @rhhackett.)

TOP INTELLIGENCE

Crypto-pleas. FBI Director James Comey pleaded his case before the Senate Judiciary Committee on Wednesday, warning what would happen if law enforcement is not given special access to encrypted communications. In short, his job—and the jobs of the intelligence community—will become way more difficult.

"I hate that I’m here saying this, but I think the problem is severe enough that I need to," he said. Nevertheless, all the top crypto experts believe that any attempt to create a workaround for encryption would be misguided, foolhardy, and dangerous. (Read their white paper here.)

THREATS

OPM breach way bigger than expected. Agency director Katherine Archuleta stepped down from her post a day after disclosing that 22 million Americans—7% of the country’s population—are affected by the attack. FBI Director James Comey—whose own records were probably compromised—had reportedly earlier suggested in private that the figure could be as high as 18 million.

Hacking Team hacked. Stolen documents from the Italian spyware vendor reveal that the company may have been selling its products and services to countries with abominable human rights track records, such as Ethiopia, Sudan, and Bahrain. American Civil Liberties Union chief tech officer Christopher Soghoian says the shady exploit industry is worth $5 billion globally.

Hacker group Morpho—aka Butterfly—targeting corporations. Your secrets are not safe from this group of sophisticated corporate IP thieves. Symantec believes the team, which is probably English-speaking, hacked big tech companies like Twitter, Facebook, Apple, and Microsoft a couple years ago, and they've been hacking for financial gain ever since.

ACCESS GRANTED

A scoop from Fortune Editor at Large Peter Elkind on last year's dire cyberattack on Sony.

Amid the devastating cyberattack on Sony Pictures Entertainment and the controversy over The Interview late last year (both chronicled in Fortune’s current cover story), a small chapter of this bizarre, true-life story remains untold: the decision by Google and Microsoft to distribute Sony’s movie on their video-on-demand platforms—at a time when no one else would. Here's an inside account of the decision-making process at one company that decided to take the risk. Read more on Fortune.com.

ELEVATED PRIVILEGES

Splunk plunks down $190 million for cybersecurity firm Caspida.

Rapid7 sets its IPO terms at 6.45 million shares at $13-$15 per share.

TrapX Security raises $9 million Series B funding.

U.S. Office of Management and Budget deputy director Beth Corbet takes over the responsibilities of former government HR boss Katherine Archuleta after massive OPM breach. (OPM’s IT department is hiring, by the way)

The Tor Project is looking for a new exec director.

And cyber startup Area 1 Security will compete in Fortune’s Unicorn Idol competition at next week’s Brainstorm Tech conference.

RECON

Meet Moxie Marlinspike, the coder who encrypted your texts. If that is his real name… (Wall Street Journal)

NSA spied on Brazilian leaders. The U.S. seems to have repaired its relationship during the Brazilian president’s recent visit, anyway. (The Intercept)

Clinton lashes out at Chinese and other overseas hackers. The Kremlin shot back that her comments were “absolutely inappropriate and unfounded.” (Fortune) 

How’s the White House doing on cybersecurity? Check this fact sheet. (The White House)

The St. Louis Cardinals fired their scouting director. Law enforcement is still investigating whether the baseball team hacked into a Houston Astros database. (St. Louis Post Dispatch)

Draft law could expand Dutch government’s snooping powers. It explicitly allows for spying at home. (Ars Technica)

What would a cybercrime blackout cost the U.S? Insurance company Lloyd’s estimates $1 trillion. (Fortune)

Former European privacy chief at Microsoft Caspar Bowden passes away. Friends wrote heartfelt eulogies. (Wall Street Journal)

NYSE glitch boosts cyber stocks. Panic is a powerful market mover. (Bloomberg)

“Possibility exists” that Snowden could come home. That’s what former U.S. Attorney General Eric Holder said. (Fortune)

TREATS

Encryption comics. Explain it like I'm 5. (The Christian Science Monitor)

Celebs on Tinder. Consider this "catfish" noodled. (Fortune)

NSA on GitHub. Unlike when China got on GitHub... (GitHub)

Han Solo, solo. Luke, I am your spinoff. (Fortune)

The 1903 gentleman hacker. "Scientific hooliganism!" (New Scientist)

EXFIL

"Cybersecurity is not a sprint. It's a marathon."

Government Accountability Office information security director Gregory Wilshusen made this remark during an OPM data breach hearing on Wednesday. His comment anticipates the end of the White House’s 30-day “cyber sprint,” which expires on Sunday.