1. The Government Made You Give Conduent Your Data. Conduent Gave It to Hackers.

If you've ever received Medicaid benefits, child support payments, or unemployment insurance, there's a decent chance a company you've never heard of has your Social Security number, your medical records, and your home address. That company is Conduent, a New Jersey-based government technology contractor that handles benefits processing for nearly half the Fortune 100 and more than 600 government agencies.

Hackers had access to Conduent's network from October 21, 2024 to January 13, 2025. Nearly three months of open access to files containing names, addresses, Social Security numbers, dates of birth, medical information, and health insurance records. The stolen data covers an estimated 25 million people and counting. An additional 181,000 victims were added to the tally just this week.

Texas Attorney General Ken Paxton called it "likely the largest breach in U.S. history" and launched an investigation into Conduent and its client Blue Cross Blue Shield of Texas. Oregon's Department of Justice reports 10.5 million affected residents in that state alone. Texas claims 4 million. New Hampshire keeps revising its numbers upward, from 11,000 to over 181,000 in six disclosure letters to the state AG.

A class action lawsuit in New Jersey federal court alleges Conduent failed to implement basic security measures. The company maintains it "acted promptly" and followed incident response protocols. Translate that from corporate: they discovered the breach in January 2025, and people are finding out more than a year later.

Here's the part that should make your blood boil: you didn't choose Conduent. You didn't sign up for their service or agree to their terms. Your state government hired them to process your benefits, handed over your most sensitive personal information, and Conduent left the door open for three months. This is the forced dependency that makes government data collection so dangerous. When a private company you chose has a breach, you can stop using them. When a government contractor has a breach, you were never given a choice in the first place.

Sources: NJ.com, NDTV Profit, Rolling Out, WMUR, Texas AG

2. SCOTUS Strikes Down the Tariffs. The President Shrugs.

The Supreme Court told Donald Trump on Friday that he cannot impose tariffs under the International Emergency Economic Powers Act. In a 6-3 decision, Chief Justice Roberts wrote that IEEPA, a 1970s-era statute designed for freezing foreign bank accounts and blocking transactions, never once uses the word "tariff." Using it to levy import taxes on nearly every country on Earth was, in the Court's view, an authority the law simply doesn't grant.

Roberts was joined by Gorsuch, Barrett, Sotomayor, Kagan, and Jackson. Kavanaugh, Thomas, and Alito dissented. Kavanaugh's dissent included a pointed observation that would have made a fine newsletter headline: "The Court says nothing today about whether, and if so how, the Government should go about returning the billions of dollars that it has collected from importers."

He's talking about roughly $175 billion. Total tariff revenue has been running about $30 billion per month, with IEEPA tariffs accounting for approximately half. That's roughly what the federal government collected under IEEPA alone since the tariffs took effect. Whether importers get any of it back is now a separate legal question with no clear answer. Polymarket bettors currently give a court-ordered refund a 40% probability.

https://polymarket.com/event/will-the-court-force-trump-to-refund-tariffs

Markets initially jumped on the ruling. Then the president stepped to a microphone and announced he was immediately imposing a 10% global tariff under Section 122 of the Trade Act of 1974. This is a provision designed to address trade deficits. No president has ever invoked it. It caps tariff rates at 15% and expires after 150 days. Trump also promised to pursue tariffs under Section 232 (national security) and Section 301 (unfair trade practices), both of which require actual investigations before implementation.

Treasury Secretary Bessent told reporters that the combination of Section 122, 232, and 301 tariffs would result in "virtually unchanged tariff revenue in 2026." Translation: we lost the legal authority but we'll collect the same amount of money from you, just through different doors.

The Cato Institute published what might be the most useful analysis of the day: "The Supreme Court Got It Right on IEEPA, But Don't Pop the Champagne Yet." Their point: Section 122 gives the president real tariff authority with real limitations. The 150-day clock starts ticking immediately. After that, Congress would have to act. And if the last year taught us anything about Congress and tariffs, it's that Congress would rather complain about tariffs than vote on them.

Here's the kicker nobody in Washington wants to talk about: the tariffs didn't work. Census Bureau data released this week showed the US merchandise trade deficit hit a record $1.24 trillion in 2025, the highest ever recorded, despite the most aggressive tariff regime in nearly a century. Imports of goods and services rose 4.7% to $4.3 trillion. Manufacturing shed 108,000 jobs. The tariffs were supposed to bring factories home. Instead, companies played musical chairs with supply chains, shuffling production from China (imports dropped from 12% to 8% of total) to Vietnam, Mexico, and India. The deficit barely budged.

A Harvard-IMF working paper confirmed what anyone shopping for groceries already knew: nearly all the cost of the tariffs was paid by US importers, not foreign suppliers. Some absorbed the hit. Most passed it along to you.

The most honest assessment came from Fran Dunaway, president of apparel company TomboyX, who told Marketplace that at one point she was paying 187% tariffs: "We paid more in tariffs than our operating loss, which means that tariffs were the difference between being profitable and not."

So the scorecard: the tariffs were illegal, they didn't shrink the trade deficit, they killed manufacturing jobs, American businesses and consumers paid the bill, and the president replaced them with new tariffs before anyone finished reading the ruling. The constitutional system worked exactly as designed and changed almost nothing.

Sources: NPR, CNBC, CNBC (refunds), Politico, Cato, Washington Post, Marketplace, NBC, NYT (trade deficit)

3. PayPal Exposed Your Social Security Number for Six Months. They Just Got Around to Telling You.

PayPal disclosed this week that a software error in its Working Capital loan application exposed customers' Social Security numbers, names, email addresses, phone numbers, business addresses, and dates of birth from July 1, 2025 to December 13, 2025. That's nearly six months of sensitive personal data sitting in the open before anyone noticed.

The company discovered the breach on December 12, 2025, reversed the code change the next day, and started notifying affected users in February 2026. PayPal says the number of affected customers is roughly 100. They've reset passwords on impacted accounts, issued refunds for unauthorized transactions detected as a result of the exposure, and are offering two years of credit monitoring through Equifax.

One hundred people is a small number. The principle is not.

PayPal is a financial platform that processes $1.5 trillion in annual payment volume. It handles more money than most countries' central banks. A software error exposed Social Security numbers for half a year, and users had no idea until PayPal decided to tell them. The only reason we know about it at all is because state breach notification laws forced the disclosure.

This is PayPal's second major data incident in three years. In January 2023, a credential stuffing attack compromised 35,000 accounts. New York State fined them $2 million in January 2025 for failing to comply with cybersecurity regulations around that breach. The pattern: breach, delay, disclose, fine, repeat.

The broader lesson, especially paired with the Conduent breach above: every time you hand your data to a company (or your government hands it for you), you're betting that their security is better than the worst hacker trying to get in. That bet keeps losing.

Sources: BleepingComputer, PayPal breach notice, BleepingComputer (2023 breach), BleepingComputer (NY settlement)

4. A Republican and a Democrat Walk Into a War Powers Vote

Thomas Massie and Ro Khanna don't agree on much. Massie is the Kentucky Republican who votes "no" on things so reliably that his colleagues once tried to strip him of committee assignments. Khanna is a Silicon Valley progressive who represents a district where the median home costs more than some countries' GDP. But they both read the Constitution, and they both noticed the part where Congress, not the president, decides whether the country goes to war.

The two are forcing a House floor vote on a resolution that would prohibit "unauthorized hostilities" against Iran without congressional approval. The vote is expected next week.

The timing is not academic. Two carrier strike groups are positioned within striking distance of Iran. Israeli hospitals have shifted to emergency mode, banning medical staff from traveling abroad and discharging patients to free beds for mass casualties. ZeroHedge reported (then partially walked back) that the US was evacuating troops from exposed bases in Qatar and Bahrain. Iran's rial has lost roughly half its value in six months, according to Iran International. Trump's "Board of Peace" delivered a 10-to-15-day ultimatum to Tehran last Thursday, which, if you're counting, means the window closes sometime between this weekend and early March.

Polymarket bettors with $313 million on the table give US strikes on Iran a 27% probability by February 28, rising to 50% by March 15 and 61% by March 31. This is the platform's top trending market.

https://polymarket.com/event/us-strikes-iran-by

The Khanna-Massie push faces headwinds. Axios reported that key swing-district Democrats from New Jersey and New York, including Josh Gottheimer and Mike Lawler, plan to vote against the resolution, making passage harder. The administration has not briefed Congress on any military strategy. "There haven't been any briefings about a military strategy," Khanna told the New York Times. Massie put it more bluntly on X: "I will vote to put America first which means voting against more war in the Middle East."

Meanwhile, Iran appears to be preparing a counterproposal on its nuclear program, though Reuters reports the details remain vague. Whether the diplomacy track matters depends on whether the military track waits for it.

Whatever your politics, this much should be obvious: if two carrier strike groups, a presidential ultimatum, hospital evacuations, and $313 million in prediction market volume don't trigger the constitutional requirement for Congress to weigh in on war, nothing will.

Sources: Yahoo News, Daily Signal, Axios, Common Dreams, NYT, Benzinga, CBS (NORAD)

5. Wikipedia Nukes 695,000 Links After Archive Site Goes Rogue

Wikipedia just blacklisted Archive.today, one of the internet's most widely used web archiving services, after discovering that the site's operator weaponized it for a personal grudge.

The chain of events: Archive.today was caught directing a distributed denial of service (DDoS) attack against a blogger. During the investigation, Wikipedia editors discovered something arguably worse: Archive.today had been altering the content of archived web pages, inserting the name of the targeted blogger into snapshots of unrelated pages. The grudge apparently stemmed from a blog post that exposed how the Archive.today operator hides behind multiple aliases.

The Wikipedia community's verdict was swift and decisive. An official consensus statement declared: "There is a strong consensus that Wikipedia should not direct its readers towards a website that hijacks users' computers to run a DDoS attack. Additionally, evidence has been presented that archive.today's operators have altered the content of archived pages, rendering it unreliable."

695,000 links to Archive.today, spread across roughly 400,000 Wikipedia pages, are now being removed or replaced. Editors are redirecting citations to the Internet Archive's Wayback Machine, Ghostarchive, and other services.

The implications go well beyond Wikipedia's housekeeping. Archive.today was the go-to tool for preserving web pages behind paywalls, capturing articles before they were edited or deleted, and providing permanent references for journalists and researchers. It was quietly essential internet infrastructure. Millions of people relied on it without knowing who ran it, and that anonymity was part of its appeal.

Now it turns out the anonymous operator was running DDoS attacks through users' browsers and doctoring the archives. The FBI had already subpoenaed domain registrar Tucows in November 2025 seeking the operator's identity.

The blacklisted domains: archive.today, archive.is, archive.ph, archive.fo, archive.li, archive.md, and archive.vn. If you've bookmarked anything on those domains, it may still load, but Wikipedia will no longer link to it, and the trust model is broken.

The lesson is one the digital world keeps having to relearn: infrastructure you don't control is infrastructure that can be used against you. The same principle applies to your Ring doorbell, your VPN, your social media accounts, and the archive service you assumed was neutral. Decentralization isn't just a buzzword. It's the difference between owning your tools and discovering your tools own you.

Sources: Ars Technica, Wikipedia RFC, PCMag, Ars Technica (FBI subpoena)