Send a text

Headlines about PayPal data exposure, a sprawling third‑party breach at Conduent, and a new phishing kit called Starkiller can feel like distant noise—until your details show up in a letter you did not expect. We pull the curtain back on how back‑office processors, data brokers, and AI‑powered tools create real‑world risk, then map out the habits that keep your identity and money one step ahead of the mess.

We start with the PayPal working capital loan app bug that exposed sensitive data, including Social Security numbers, and the Conduent breach affecting at least 25 million people tied to payroll and benefits systems. From there, we zoom out to the broker ecosystem: why lawmakers are connecting billions in identity theft losses to broker breaches and how opt‑outs are often buried by design. You’ll hear a practical checklist for shrinking your data surface—state privacy portals, quarterly broker sweeps, real‑time bank alerts, and SIM PINs that blunt port‑out attacks.

Phishing has also leveled up. Starkiller can mirror real login flows and siphon session tokens, making “spot the typo” advice obsolete. We walk through a three‑step workflow that works even when the page looks perfect: start at the app yourself, require passkeys or an authenticator, and verify alerts by switching channels. We also unpack the risk of ambitious AI agents and connectors like the widely discussed “OpenClaw” idea—why least‑privilege access, dummy data, and clear data boundaries matter before you hand over your inbox, calendar, and cards.

The throughline is simple: trust but verify. Bugs happen, vendors get breached, and scammers adapt. Your routine decides the outcome. Freeze your credit if you have not already, turn on MFA for email and banking, and add instant alerts for money movement. Then tell a friend. If this conversation helped, follow the show, leave a quick rating, and share your one action for the week so others can copy it.

Support the show