Conduent's massive data breach exposed millions of Americans' personal information. Free federal tools and paid identity protection services can help limit the damage.

A whistleblower complaint alleges John Solly claimed to have stored highly sensitive Social Security data on a thumb drive. Solly and Leidos, his current employer, strongly deny the allegations. John Solly, a software engineer and former member of the so-called Department of Government Efficiency (DOGE), is the DOGE operative reportedly accused in a whistleblower complaint of telling colleagues that he stored sensitive Social Security Administration (SSA) data on a thumb drive and wanted to share the information with his new employer, multiple sources tell WIRED. Since October, according to a copy of his résumé, Solly has worked as the chief technology officer for the health IT division of a government contractor called Leidos, which has already received millions in SSA contracts and could receive up to $1.5 billion in contracts with SSA based on a five-year deal it signed in 2023. Solly's personal website and LinkedIn have been taken offline as of this week.

This material may not be published, broadcast, rewritten, or redistributed. Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset . Powered and implemented by FactSet Digital Solutions . Mutual Fund and ETF data provided by LSEG .

Data breach at Illinois DHS allegedly compromised names, addresses, case numbers and medical assistance information for nearly 700,000 state residents.

U.S.-based fintech company 700Credit confirms 2025 cybersecurity incident affecting 5.8 million consumers after hackers accessed data through third-party vendor compromise that went undetected.

For months, the Social Security Administration was quietly sharing sensitive data about immigrants with DHS. Last week, the Social Security Administration (SSA) quietly updated a public notice to reveal that the agency would be sharing "citizenship and immigration information" with the Department of Homeland Security (DHS). This data sharing was already happening: WIRED reported in April that the Trump administration had already started pooling sensitive data from across the government for the purpose of immigration enforcement. This public notice issued by SSA makes that official, months after the fact. The notice is known as a system of record notice (SORN), a document that outlines how an agency will share the data it has, with whom, and for what purpose. This notice is required under the Privacy Act of 1974.

Things to Do in L.A. A shadowy L.A. crime ring is hijacking the IDs of foreign scholars, fraud expert says This is read by an automated voice. Please report any issues or inconsistencies here . An identity theft ring believed to be based in the Burbank area is stealing Social Security Numbers of former foreign scholars. Private fraud investigators suspect the operation is connected to Armenian organized crime groups known for sophisticated financial crimes. Using apartments in the San Fernando Valley and Glendale area, a shadowy group of identity thieves has been quietly exploiting a new kind of victim -- foreign scholars who left the U.S. years ago but whose Social Security numbers still linger in American databases, according to a cybercrime expert.

As students returned to school this week, WIRED spoke to a self-proclaimed leader of a violent online group known as "Purgatory" about a rash of swattings at universities across the US in recent days. The group claims to have ties to the loose cybercriminal network known as The Com, and the alleged Purgatory leader claimed responsibility for calling in hoax active-shooter alerts. Researchers from multiple organizations warned this week that cybercriminals are increasingly using generative AI tools to fuel ransomware attacks, including real situations where cybercriminals without technical expertise are using AI to develop the malware. And a popular, yet enigmatic, shortwave Russian radio station known as UVB-76 seems to have turned into a tool for Kremlin propaganda after decades of mystery and intrigue. Each week, we round up the security and privacy news we didn't cover in depth ourselves.

--It is difficult for individuals and organizations to protect personal information without a fundamental understanding of relative privacy risks. By analyzing over 5,000 empirical identity theft and fraud cases, this research identifies which types of personal data are exposed, how frequently exposures occur, and what the consequences of those exposures are. We construct an Identity Ecosystem graph--a foundational, graph-based model in which nodes represent personally identifiable information (PII) attributes and edges represent empirical disclosure relationships between them (e.g., the probability that one PII attribute is exposed due to the exposure of another). Leveraging this graph structure, we develop a privacy risk prediction framework that uses graph theory and graph neural networks to estimate the likelihood of further disclosures when certain PII attributes are compromised. The results show that our approach effectively answers the core question: Can the disclosure of a given identity attribute possibly lead to the disclosure of another attribute? Different individuals and organizations have different sets of personally identifiable information (PII), and therefore have different perspectives on which PII attributes are more vulnerable, more valuable, and in greater need of protection. An individual's PII includes personal data in four different categories--What you Know (e.g., name, address, phone number, mother's maiden name), What you Have (e.g., driver's license, Social Security Card, employee ID, passport), What you Are (e.g., fingerprint, voice, facial image), and What you Do (e.g., patterns of life such as websites visited, GPS locations visited, phone logs) [1]. Protecting PII data can be costly and time-consuming. Research has uncovered various strategies to reduce risks of unintended data disclosure [2], including statistical disclosure limitation (SDL) techniques commonly used by national statistical agencies before releasing public-use data sets.

A terrifying new scam is sweeping across the US, catching people off guard with fake threats of arrest and demands for payment. The FBI issued a warning about criminals impersonating federal officials in phone calls targeting potential victims. In some cases, callers falsely claim a victim's Social Security number is frozen or that a loved one must pay for GPS monitoring to be released from jail, creating a false sense of urgency. The scam relies on phone number spoofing technology, which falsifies caller ID to make it appear as though the call is coming from trusted government agencies. Federal agents say scammers are demanding thousands of dollars in payment via prepaid gift cards, wire transfers, or cryptocurrency ATMs.