On October 19th, 2025, an unusual scene unfolded at the Louvre in france, initially appearing as a routine delivery. A furniture hoist was used by four men, two of whom ascended to a first-floor balcony, hinting at a meticulously planned robbery, or even a louvre heist, rather than a simple moving operation. Their high visibility vest suggested a disguise for this audacious act.
They used a furniture lift, angle grinders, and eight minutes. The Louvre lost $102 million in crown jewels — during opening hours, with visitors in the building. A security guard watched and filmed it on his phone.

But here's the part the news didn't tell you: the people who protect the Louvre saw this coming. For a decade. Auditors flagged the exact balcony. The exact method. Six years before it happened. And every year, someone with the budget decided it could wait.

The password to the Louvre's surveillance system was "Louvre."

In this episode, I trace the heist back through a decade of ignored warnings, a workers' strike, and a $92 million security budget that only showed up after the jewels disappeared. This isn't a story about bad security. It's a story about what happens when people with the checkbook decide the risk is acceptable — until it isn't.

🔒 SECURITY UNPACKED — How a Security Mind Sees Everything
New episodes weekly.

📌 SOURCES
Every claim in this episode is sourced from public record — French Senate testimony, government audits, published reporting.

🔗 LINKS
Website: https://securityunpacked.com


#louvreheist #securityunpacked #truecrime

In August 2023, six inmates at a modern facility in New Orleans exploited a vulnerability that shouldn't have existed. They didn't need Hollywood-style tunnels or complex hacks—they simply physically removed a sink-toilet combo unit and walked into a maintenance chase that led straight to the outside world.

In this video, we unpack how a high-tech perimeter collapses when "Value Engineering" takes priority over physical security. We look at:

The "Permeable Membrane": How budget cuts turned a reinforced barrier into a simple frame wall.
The Ultimate Auditors: Why inmates are the most effective security testers, weaponizing boredom to find the flaws guards miss.
The Human Element: How understaffing and complacency turned a potential property damage report into a full-scale manhunt.
The Illusion of Solidity: Why shiny, heavy objects aren't always secure, and the critical lesson this jailbreak holds for your own security protocols.
Security isn't just about what you buy; it's about what you watch. If you're trusting a lock or a firewall just because it looks solid, you might be making the same mistake as the Orleans Justice Center.

Timestamps: 0:00 The humid Sunday night escape
1:40 What is "Value Engineering"?
3:15 The weaponization of boredom
5:10 Tools left behind: Trash to gold
6:00 The moral: Appearance vs. Reality

If you found this breakdown helpful, consider subscribing to Security UnPacked for more deep dives into the world’s most interesting security failures.

🔒 SECURITY UNPACKED — How a Security Mind Sees Everything
New episodes weekly.

📌 SOURCES
Every claim in this episode is sourced from public record.

🔗 LINKS
Website: https://securityunpacked.com
The Security Buzz: https://securityunpacked.com

#SecurityUnPacked #PrisonBreak #PhysicalSecurity #SecurityFailure #VulnerabilityAnalysis #ValueEngineering

On September 10th, 2023, the famed Las Vegas Strip, often called "sin city," faced an unprecedented tech crisis. Slot machines at the Bellagio went dark, and guests at the MGM Grand were locked out, causing widespread disruption in casino operations. This event highlights the vulnerabilities within the modern las vegas casino experience, affecting gambling and daily life in the city.

September 2023. Slot machines at the Bellagio are showing error messages. Room keys don't work. Restaurants go cash-only. Staff are paying out winnings from fanny packs. MGM Resorts — a $34 billion company running 48,000 hotel rooms — is paralyzed.

The attack that caused all of this started with a phone call. One call to the IT help desk. About ten minutes long.

The group behind it? Not a foreign government. Not elite hackers. Teenagers. They found an employee on LinkedIn, called the help desk pretending to be that person, and talked their way into a password reset. Ten minutes later, they had the keys to everything.

Three days earlier, the same group had already hit Caesars using the same trick. Caesars paid $15 million in ransom. MGM refused to pay — and lost $100 million. Same technique, two targets, $115 million in damage. From phone calls and a LinkedIn search.

In this episode, I break down exactly how it happened step by step, why the help desk agent wasn't the problem, and why the system that's supposed to protect your company is actually designed to let attackers in.

🔒 SECURITY UNPACKED — How a Security Mind Sees Everything
New episodes weekly.

📌 SOURCES
Every claim in this episode is sourced from public record — SEC filings, FBI advisories, published reporting. Full source list in the episode script.


🔗 LINKS
Website: https://securityunpacked.com
The Security Buzz: https://securityunpacked.com

#mgmhack #socialengineering #securityunpacked

July 28th, 2025, 6:28 PM. A 27-year-old man double-parks a black BMW on Park Avenue between 51st and 52nd Streets in Manhattan, walks into the public plaza carrying an AR-15, and opens fire at the entrance of 345 Park Avenue—home to the NFL headquarters, Blackstone Group (one of the world's largest investment firms), and Ruben Management.

Four people dead. Including the shooter. All in under 90 seconds.

The building's surveillance system flagged him as a potential threat at 6:27 PM—60 seconds before the first shot. The cameras captured him crossing the plaza with a rifle in broad daylight. Sixty seconds of advance warning.

In this episode, I break down:

The 60-second window between detection and disaster

What "response plans" and "capability plans" actually mean when seconds count

Why you can't protect against everything.

This case will discuss how we think about workplace security, building access, and threat response for years to come.

🔒 SECURITY UNPACKED — How a Security Mind Sees Everything
New episodes weekly analyzing real security incidents to show you what actually works—and what just looks good on a checklist.

👤 ABOUT ME
I'm Nicole McDargh. I've spent 20+ years in corporate security, from Fortune 500 security teams to consulting on high-value facilities. Security Unpacked is where I take you behind the curtain to show you how the world actually works—and how a "Security Mind" sees the things others might miss.

📌 SOURCES
Every claim in this episode is sourced from public record—surveillance footage analysis, NYPD reports, and security system documentation.

🔗 LINKS
Website: https://securityunpacked.com
The Security Buzz: https://thesecuritybuzz.com

#345parkavenue #physicalsecurity #workplacesafety #securityunpacked #corporatesecurity #manhattanshooting #buildingsecurity #threatdetection #securityfailure #parkavenue

We dive into a fascinating true crime story, examining one of the most clever casino inside job operations in recent memory. This high stakes crime involved the theft of valuable high-roller data, showcasing a sophisticated white collar crime. It's a prime example of the smartest heist, highlighting critical vulnerabilities in data security and cyber security protocols.
A fish tank. In a casino lobby. That's how hackers stole the high-roller database.

Not through some sophisticated cyberweapon. Through a thermometer. In the aquarium. The attackers found a flaw in the sensor, worked their way across the network, and pulled 10 gigabytes of VIP data — names, phone numbers, gambling habits, credit lines — out through the fish tank to a server in Finland. Nobody noticed.

These are people who gamble hundreds of thousands of dollars at a time. Now somebody has a shopping list of targets for fraud, scams, and identity theft. And the victims had no idea it happened.

The casino actually tried to protect against this. They put the fish tank on a separate network. It wasn't enough. And here's the part that should really bother you — nobody in IT even approved the fish tank being on the network in the first place.

In this episode, I trace the fish tank hack through the Mirai botnet that took down half the internet, an apartment building in Finland that lost heat for a week, and pacemakers the FDA had to issue warnings about. Then I bring it home: your smart thermostat, your Ring doorbell, your baby monitor — they're all on the same network as the laptop where you do your banking.

🔒 SECURITY UNPACKED — How a Security Mind Sees Everything
New episodes weekly.


📌 SOURCES
Every claim in this episode is sourced from public record.

🔗 LINKS
Website: https://securityunpacked.com
The Security Buzz: https://securityunpacked.com

Your emergency contact list is only as good as the last time you actually tested it. This week, bomb threats hit schools across New Mexico, Texas, and beyond — plus a political party HQ in France — and the real story wasn't the threats themselves, but what organizations discovered mid-event about their own emergency plans.
In this episode of Security Unpacked, Nicole breaks down:
🔔 Emergency notification failures — why outdated contact lists and untested alert systems are a silent risk hiding in plain sight
🏒 The Rhode Island ice rink shooting — and why public-facing events need their own security playbook, not just a stretched version of your daily operations
💻 The Dell zero-day with a physical security twist — how China-linked threat actors targeted building management, access control, and surveillance systems, and why firmware/software ownership is often nobody's job
✈️ The Eurail travel data breach — what it means for travel security and executive protection when itinerary data ends up on the dark web
🔴 Red teaming, explained — why this week's events were essentially involuntary red team exercises, how to run your own, and why the debrief matters more than the test itself
Your one action this week: Pull up your real emergency notification list and verify it. Call the numbers. Send a test message. It takes 20 minutes and could make all the difference.
Security plans get tested on someone else's schedule. Be ready before that happens.

Security Unpacked drops weekly. Subscribe for practical, no-jargon physical insights for security professionals.
Check out www.securityunpacked.com for daily news with practical insights and corporate security deep dives.