Human In[Security] — Week of Mar 2, 2026

Today’s Menu (30-second skim)

• Conduent breach tally hits ~25M people (state benefits + employment data)
• Wynn Resorts: employee data taken after extortion threat
• ‘1Campaign’ helps malicious Google ads evade detection (phishing + crypto drainer risk)

1) Conduent breach grows, affecting at least 25M people

What happened (plain English): A ransomware-related breach at Conduent (a major contractor that helps run state programs like benefits, unemployment, and other services) is now reported to affect at least ~25 million people. The stolen data can include high-value personal details (including Social Security numbers and health/insurance information, depending on the notice you receive).

Why it matters to you: When breach data includes SSNs, birthdates, and addresses, it’s the kind of “identity kit” criminals can reuse for years — tax fraud, fake unemployment claims, credit fraud, and highly convincing phishing.

How to protect yourself (do this):

1. If you get a letter/email naming Conduent or a state agency: take it seriously and follow the official steps (don’t click random links — type the agency site yourself).
2. Consider a credit freeze with the major bureaus if your SSN may be involved (stronger than a credit monitoring alert).
3. Be extra skeptical of “benefits / unemployment / Medicaid” messages that ask you to verify info or “re-submit” documents.

Published: Feb 24, 2026

Source: TechCrunch

2) Wynn Resorts confirms employee data breach after extortion threat

What happened (plain English): Wynn Resorts says an unauthorized party accessed and took certain employee data. The company says operations weren’t impacted and it’s offering credit monitoring / identity protection to employees.

Why it matters to you: Even if you’re not a Wynn employee, this is a reminder that “employee data” breaches can include SSNs and payroll/HR details — the exact ingredients needed for identity theft and realistic impersonation scams.

How to protect yourself (do this):

1. If your employer offers identity protection after an incident, take it (and save the enrollment instructions in a secure place).
2. Lock down your email account with MFA (authenticator app preferred). Email is the master key for password resets.
3. Watch for new scams that pretend to be “HR,” “benefits,” or “payroll” and ask you to log in via a link — go to the portal directly instead.

Published: Feb 24, 2026 (approx.)

Source: BleepingComputer

3) 1Campaign helps malicious Google ads evade detection

What happened (plain English): Researchers describe a service (called 1Campaign) that helps criminals run malicious Google ads while showing “clean” pages to reviewers and security scanners. Real humans get routed to phishing pages or crypto-drainer scams.

Why it matters to you: A sponsored result can look more legitimate than the real one — and this kind of cloaking makes it harder for automated systems to catch bad ads quickly. The risk: you search “download X” or “login to Y,” click the top result, and hand over your password or wallet access.

How to protect yourself (do this):

1. Avoid clicking sponsored search results for logins/downloads. Scroll to the non-ad results or type the URL you know.
2. Bookmark the real login/download pages you use most (bank, email, password manager, utilities).
3. Before entering credentials, check the domain carefully — attackers rely on tiny lookalike changes.

Published: Feb 24, 2026 (approx.)

Source: BleepingComputer

Grandma’s Firewall

This week’s simple rule: Don’t use Google (or any search ad) as your “login button.” Use bookmarks or type the real site/app.

Two scripts you can steal:

• “I don’t click sponsored results for anything important. I’m going to the site directly.”
• “If it’s real, it’ll still be there when I open the official app.”

Share line: Send this to the person who always clicks the first search result because “it’s at the top, so it must be right.”

— Philip | Human In[Security]