A company you've never heard of exposed more than 25 million Americans. Adobe patched a hole hackers had been using for five months. Here's the two-and-a-half-week catch-up.
Real quick before we dive in. We missed last week. Life happens, businesses run, and sometimes the newsletter waits. The good news is the bad guys did not take a week off, so we’ve got two and a half weeks of chaos to cover in one issue. Buckle up.
01 // 25_MILLION_SOCIAL_SECURITY_NUMBERS
A company called Conduent just confirmed that hackers stole data on more than 25 million Americans. Texas alone: 15.4 million people. Oregon: another 10.5 million. The Texas Attorney General is calling it potentially the biggest data breach in U.S. history.
Here’s the kicker. You probably have no idea who Conduent is. But if you’ve ever been on Medicaid, received SNAP benefits, had Blue Cross Blue Shield insurance, worked for a Fortune 100 company that outsources HR, or lived in about 30 states that use them for government payments, your data was flowing through their systems.
What got stolen: Social Security numbers. Dates of birth. Medical information. Health insurance details. Bank account identifiers. The stuff that does not change when you change your password. The hackers, a ransomware crew called SafePay, sat inside their network for three months before anyone noticed. They walked out with 8 terabytes of data.
// HIGH
If you get a letter from Conduent in the mail, it’s not spam. Enroll in the free credit monitoring they’re offering before April 30. After that date, you pay for it yourself.
The lesson here is one we keep hitting on. You can do everything right at your own business and still get burned by a vendor three companies removed from you. When we deploy Guardian for a client, we are not just watching your network. We are watching the vendors, platforms, and integrations you depend on. Because the weakest link is almost never you. It’s a company you’ve never heard of.
02 // YOUR_PDF_READER_WAS_A_WEAPON
If you use Adobe Acrobat or Adobe Reader to open PDFs, and about 95% of the business world does, pay attention.
On April 11, Adobe released an emergency patch for a hole that hackers were actively abusing. The worst part: security researchers proved this was being exploited since late November 2025. That means for about five months, someone could send you a normal-looking PDF, you’d double-click it, and silently, behind the scenes, it would start reading files off your computer and sending them to a server somewhere else in the world.
No popup. No warning. No “this file might be dangerous.” Just open, and get owned.
// CRITICAL
Open Adobe Acrobat or Reader. Click Help → Check for Updates. Do it today. Do it on every computer in your office. The federal government gave its own agencies until April 27 to patch this. That’s how serious it is.
Here’s what makes this one nasty. The attacks researchers caught in the wild were using Russian-language PDFs disguised as emergency response documents. That suggests a nation-state operator, not some kid in a basement. When the sophisticated players are burning through their tools, it means they’ve been sitting on this one for a while and moved on to something better. Which means whatever’s next is already out there.
03 // MICROSOFT_PATCHED_167_HOLES_IN_ONE_DAY
Every second Tuesday of the month, Microsoft releases fixes for security holes found in Windows, Office, and the rest of their stuff. This is called Patch Tuesday and most months it’s routine. Fifty, sixty holes patched, nothing crazy.
April’s Patch Tuesday had 167 holes. The second biggest haul Microsoft has ever shipped in a single release. Two of those holes were already being exploited by the time the patch came out.
One of them is in SharePoint, which a lot of businesses use for internal document sharing and collaboration. The other is in Windows Defender itself. Yeah. The thing that’s supposed to protect your computer had a hole that let attackers take over the whole machine. You cannot make this up.
Why so many patches all at once? Security researchers are using AI to hunt for bugs in software, and they’re finding them way faster than anyone predicted. The bad guys are doing the same thing. The gap between “hole exists” and “hole is being used to rob businesses” keeps shrinking.
// HIGH
Restart your Windows computer tonight. Go to Settings → Windows Update and install everything. Yes, everything. Yes, even the one you keep hitting “remind me tomorrow” on.
For our managed clients, Guardian’s already handling this automatically across every endpoint. But if you’re running your own IT, the days of “I’ll get to it next week” are over. Next week is too late.
04 // ONE_COMPANY_RUNS_80_PERCENT_OF_HOSPITALS
A Dutch software company called ChipSoft makes a platform called HiX. HiX is the system roughly 80% of hospitals in the Netherlands use to store and access patient records. Every prescription, every chart, every lab result. One company. One piece of software. Almost every hospital in the country.
On April 7, ChipSoft got hit with ransomware. Hospitals ripped the software off their networks within hours. Eleven hospitals confirmed major disruptions. Dutch authorities now think patient data from 15 hospitals may have been stolen. A planned rollout at Leiden University Medical Center got paused mid-deployment.
Why does a Dutch hospital story matter to a law firm in Raleigh or a dental office in Benson? Because the same math applies to American businesses. Your dental software is probably made by one of three companies. Your practice management system, same thing. Your email, same thing. Your accounting software, same thing. One breach at the top of that stack and thousands of small businesses go dark at the same time.
If your business goes dark tomorrow because a company you’ve never even heard of got hacked, do you have a plan that isn’t “hope”?
This is the conversation we have with every new client in the first week. What are your critical vendors? What happens if they go down? What’s your plan B? Most people have never thought about it. The ones who have are the ones still operating when their competitors are on the news.
05 // LAPD_LOST_7.7_TERABYTES
The Los Angeles Police Department just had 337,000 files and 7.7 terabytes of internal records published online. Officer personnel files. Internal Affairs investigations. Unredacted criminal complaints. Witness names. Medical records. Stuff that, by California law, is supposed to be confidential.
Here’s the twist: the LAPD itself was not hacked. The City Attorney’s office uses a third-party tool to send files to opposing lawyers during court cases. That tool got breached. All those confidential police files were sitting in it.
Let me say that again for the law firms reading this. Not the LAPD network. The file-sharing tool their attorneys used. Every single document that got exfiltrated was one that someone uploaded to “just send it real quick.” Court cases are now in jeopardy. Witnesses are in danger. And the entity holding the bag is the LAPD, not the vendor.
// ELEVATED
Make a list of every file-sharing, e-signature, document portal, and client communication tool your business uses. When’s the last time you asked any of them “how are you protecting my clients’ data?” If the answer is “never,” that’s your homework this week.
06 // ROCKSTAR_ADOBE_BOOKING_BASIC_FIT
The last two weeks read like a “Who’s Who” of household brands with their pants down.
Rockstar Games (Grand Theft Auto, Red Dead Redemption) got hit with ransomware by a crew called ShinyHunters. The extortion note: pay or we leak your next game’s source code.
Adobe, separately from the PDF fiasco above, had 13 million customer support tickets and internal bug bounty data stolen by a hacker calling himself “Mr. Racoon.” Their own security platform just got owned.
Booking.com quietly confirmed on April 12 that customer reservation data is compromised. If you booked a hotel or flight through them in the past year, expect scam calls pretending to be your hotel asking you to “reconfirm your card.” Don’t. Always call the hotel directly.
Basic-Fit, Europe’s largest gym chain, had 1 million members have their names, addresses, phone numbers, and bank details stolen.
The European Commission, which is basically the government of the European Union, got hacked through the same kind of supply-chain attack we covered in Issue #002. A security tool they used got compromised, and hackers walked out with 350 gigabytes of government data, including emails and contracts. An actual government. Beat by a tool.
// THE_COMMON_THREAD
Every one of these breaches used stolen or compromised credentials as the way in. Not movie-style zero-day hacking. Just usernames and passwords the attackers already had, either from previous breaches or from employees who got tricked into handing them over.
07 // COUNTY_GOVERNMENTS_UNDER_FIRE
Middlesex County, New Jersey got hit with a cyberattack on April 1. Town services and public safety systems both affected. That’s not just inconvenient. That’s dispatch, that’s 911 operations, that’s the systems that hold your police and fire departments together.
Winona County, Minnesota had its main network taken offline. Second cyberattack in three months. The Minnesota National Guard had to send in IT experts to help recover. The Minnesota. National. Guard. For a county network.
If you’re a small business owner reading this in a small town, this should wake you up. Local governments are getting hit because they run on a shoestring IT budget with the same tools and defenses as a 15-person business. Attackers know that. The same attacks that take down a county can take down a dental practice, a law firm, or a manufacturer.
This is exactly why we built Guardian the way we did. Big-business-level defense at small-business prices. You should not have to choose between making payroll and not getting wiped out by a 19-year-old in another country.
08 // UPDATE_YOUR_STUFF_RIGHT_NOW
If you don’t read anything else in this issue, read this and then do it.
Adobe Acrobat and Reader
Help → Check for Updates. Every computer. Today.
Microsoft Windows (any version)
Settings → Windows Update → Check for updates. Install all of them. Restart.
Microsoft 365 / SharePoint admins
Apply the April 2026 SharePoint patches. Actively exploited.
iPhone / iPad
Settings → General → Software Update. If there’s one, install it.
Google Chrome / Microsoft Edge
Close the browser completely and reopen it. It will auto-update.
Our Guardian and NyxGuard clients: already done. That’s the whole point of what you pay us for.
09 // THE_NUMBERS_FROM_THIS_FORTNIGHT
These are not scare numbers. These are what happened in seventeen days. The pattern is clear. Attackers are moving faster, chaining together exploits faster, and going after the tools and vendors that sit between you and the outside world.
The old playbook of “get a firewall, install antivirus, call it a day” is finished. Not outdated. Finished.
// IMMEDIATE_ACTION
Open a Notes app or a piece of paper. Write down every company whose software or services touch your business. Email provider. Accounting. Practice management. Scheduling. File sharing. Payment processor. Anything that has your clients’ names, numbers, or money flowing through it.
Now ask yourself, for each one: if they got hit tonight, what would my Tuesday look like?
If the answer for any one of them is “I have no idea” or “we’d be completely dead in the water,” that’s your weak link. Fix that one first. That’s the exercise every single one of the companies in this issue failed. You don’t have to.
Austin Eatman
Co-Founder // CyberFortify Solutions
FORTIFIED_WEEKLY
This briefing was Issue #003.
Get the next one delivered before it goes public.
← BACK TO ALL BRIEFINGS