Constella Intelligence

Main Menu

Andres Andreu Named a Finalist for the 2026 SC Awards Resilient CISO Award

Christine Castro on March 2, 2026

Constella is pleased to announce that Andres Andreu, CEO has been named a finalist for the Resilient CISO Award as part of the 2026 SC Awards, presented by SC Media Awards and CyberRisk Alliance, and sponsored by Absolute Security. Now in its 29th year, the SC Awards recognize solutions, organizations, and leaders advancing the security of information systems. The Resilient CISO Award finalist class includes 23 security leaders, selected for their leadership and measurable contributions to organizational resilience.

Find the full list of 2026 Resilient CISO finalists on SC Media’s website: https://www.scworld.com/sc-awards-finalists

The Resilient CISO Award recognizes security leaders whose vision, adaptability, and steady leadership enable organizations to withstand disruption and keep the business moving. Finalists demonstrate a business-aligned approach to risk and resilience—uniting people, process, and technology to minimize harm and support operational continuity and recovery.

Finalists for the 2026 SC Awards were evaluated by an independent panel of judges comprised of cybersecurity practitioners and industry leaders, including members of the CyberRisk Collaborative (CRC) community, representing sectors such as healthcare, financial services, education, technology, and the public sector.

This year, finalists are invited to the SC Awards Reception, where the 2026 winners will be announced on Tuesday, March 24, 2026, during RSAC in San Francisco.

“The SC Awards celebrate excellence and innovation in cybersecurity, recognizing the people and technologies driving real progress,” said Kelley Damore, Chief Content Officer, CyberRisk Alliance. “Being named a finalist is a mark of credibility and trust — a powerful validation from peers and experts who understand what it takes to deliver real-world security impact.”

“The SC Awards have long recognized standout leadership that demonstrates vision, and drives industry advancement while protecting against the risk of costly downtime challenges,” said Christy Wyatt, President & CEO, Absolute Security. “As losses from security and technical disruptions grow, CISOs are stepping up as revenue protection advocates by driving operational resilience. This category recognizes these visionary executives leading the charge for world class cyber resilience within their organizations.”

“Being named a finalist for the SC Awards Resilient CISO Award is a testament to the entire Constella team’s commitment to redefining how organizations approach risk. In today’s landscape, resilience isn’t just about defensive barriers; it’s about ‘decision discipline’—the ability to turn fragmented identity signals into actionable intelligence that protects both the enterprise and the individual. I am honored to be recognized alongside such a distinguished group of leaders who are dedicated to keeping global businesses moving safely in an era of constant disruption.”, states Andreu.

Throughout the month, SC Media’s editorial team will feature in-depth coverage of each finalist on SC Media’s website at www.scworld.com/sc-awards, along with promoting finalists across SC Media’s social media channels on LinkedIn and Twitter.

About CyberRisk Alliance (CRA)
CyberRisk Alliance provides business intelligence that helps the cybersecurity ecosystem connect, share knowledge, accelerate careers, and make smarter and faster decisions. Through its trusted information brands, network of experts, and more than 250 annual events, CRA delivers actionable insights and serves as a powerful extension of cybersecurity marketing teams. Its brands include SC World, the Official Cybersecurity Summits, Identiverse, InfoSec World, CyberRisk Collaborative, Security Weekly, ChannelPro, ChannelE2E, MSSP Alert, ExecWeb, LaunchTech Communications, and CyberRisk TV.

Learn more at www.cyberriskalliance.com.

About Absolute Security

Absolute Security is partnered with more than 28 of the world’s leading endpoint device manufacturers, embedded in the firmware of 600 million devices, trusted by thousands of global enterprise customers, and licensed across 16 million PC users. With the Absolute Security Cyber Resilience Platform integrated into their digital enterprise, customers ensure their mobile and hybrid workforces connect securely and seamlessly from anywhere in the world and that business operations recover quickly following cyber disruptions and attacks. To learn more, visit www.absolute.com and follow us on LinkedIn, X, Facebook, and YouTube.

ABSOLUTE SECURITY, ABSOLUTE, the ABSOLUTE LOGO, AND NETMOTION are registered trademarks of Absolute Software Corporation ©2025, or its subsidiaries. All Rights Reserved. Other names or logos mentioned herein may be the trademarks of Absolute or their respective owners. The absence of the symbols ™ and ® in proximity to each trademark, or at all, herein is not a disclaimer of ownership of the related trademark.

About Constella

Constella is a global leader in Identity Risk Intelligence. Powered by the world’s largest breach and infostealer data lake, spanning over one trillion attributes across 125+ countries and 50+ languages, Constella empowers organizations to detect, investigate, and respond to threats linked to exposed personal data. Enterprises, managed service providers, and law enforcement agencies worldwide rely on Constella to strengthen identity posture, fuel threat intelligence, and defeat digital risk. Learn more at Constella.ai.

The Conduent Ripple Effect: Why a 25-Million-Identity Breach is the Ultimate Supply Chain Wake-Up Call

Christine Castro on February 24, 2026

In the world of cybersecurity, there are “loud” companies, the ones whose logos you see on every corner, and then there are the “backbone” companies. These are the giants that hum quietly in the background, processing healthcare claims, managing highway tolls, and cutting child support checks. Conduent is a titan of the latter category.

But as the dust settles in early 2026, Conduent is no longer quiet. It is currently at the center of what is being called the largest healthcare and government data breach in U.S. history. For those of us at Constella, this isn’t just another headline; it’s a masterclass in why identity risk is the new perimeter.

The Anatomy of an 8.5-Terabyte Heist

The details that have surfaced over the last year are staggering. What began as a “limited incident” detected on January 13, 2025, has ballooned into a national crisis. We now know that the SafePay ransomware group didn’t just knock on the door; they lived in the house for nearly three months, from October 21, 2024, until discovery.

During that period, they didn’t just encrypt files; they vacuumed up over 8.5 terabytes of sensitive data. We’re talking about the “Holy Grail” of Personally Identifiable Information (PII):

  • Full Names and Physical Addresses
  • Social Security Numbers (SSNs)
  • Detailed Medical Histories and Diagnosis Codes
  • Health Insurance Claim Amounts

The scale? Over 25 million individuals across nearly every state. In Texas alone, Attorney General Ken Paxton’s February 2026 investigation revealed that 15.4 million residents, roughly half the state’s population, were caught in the dragnet.

Why the “Supply Chain” Label Doesn’t Do It Justice

When we talk about supply chain attacks, we often think of software. But the Conduent breach highlights a different, more personal vulnerability: the Business Associate risk. Conduent acts as a third-party processor for Fortune 100 companies and state governments. This means millions of victims had never even heard of Conduent until they received a breach notification. They were impacted because their insurance provider (like Blue Cross Blue Shield) or their state’s Medicaid office relied on Conduent’s back-office infrastructure.

The Constella Insight: In the modern digital ecosystem, you are only as secure as the quietest vendor in your stack. When 25 million identities are stolen from a single source, the downstream risk of account takeover (ATO) and targeted spear-phishing becomes an exponential problem that lasts for years.

The “Identity Density Gap”: 2026’s Greatest Threat

At Constella, our 2026 Identity Breach Report  highlights a terrifying trend we call the Identity Density Gap. While the number of unique people on the planet is finite, the amount of data associated with each person is exploding.

The Conduent breach didn’t just leak “new” people; it added high-fidelity layers (medical records, SSNs, claim dates) to existing profiles already circulating on the dark web. Attackers are now using Agentic AI to correlate these attributes at machine speed.

When a hacker combines a leaked password from 2022 with a medical diagnosis from the 2025 Conduent breach, they aren’t just a “hacker” anymore, they are an impersonator with a script so convincing it can bypass even the most skeptical employee. This “industrialization of identity” is why traditional defenses are failing.

Why “Free Credit Monitoring” is a Relic of the Past

Conduent has already spent roughly $25 million on breach response, much of it going toward notification letters and credit monitoring services. While this is a standard legal requirement, let’s be candid: credit monitoring is like giving someone a smoke detector after their house has already burned down.

When medical records are combined with SSNs, threat actors aren’t just looking to open a new credit card. They are targeting:

  1. Precision Phishing: Using known medical provider names and claim amounts to craft “urgent” emails that are virtually indistinguishable from legitimate insurance correspondence.
  2. Medical Fraud: Filing false claims that can permanently corrupt a victim’s actual medical history, potentially leading to life-threatening errors in future treatment.
  3. Credential Stuffing: Since 68% of breached credentials now arrive in plaintext (due to the “Infostealer Pandemic”), the risk of immediate, automated Account Takeover (ATO) has never been higher.

Shifting to an Identity Risk Posture (IRP)

The Conduent incident is a systemic warning. To survive in 2026, organizations must move away from event-based monitoring and toward a proactive Identity Risk Posture (IRP). This means:

  • Continuous Exposure Monitoring: Don’t wait for a vendor to send a notification a year later. You need real-time visibility into the Deep and Dark Web to see when your employees’ or customers’ credentials appear in a leak.
  • Operationalizing Identity Resolution: Use intelligence to map the relationships between your employees and the third-party ecosystem. If a vendor is breached, you should know exactly which of your users are most at risk within hours, not months.
  • Hardening the Human Perimeter: With 8.5TB of PII in the wild, social engineering is now automated. Defensive strategies must include monitoring the digital footprints of high-value targets (executives and admins) who are the primary targets of these synthesized profiles.

The Bottom Line

The Texas AG’s probe, launched in February 2026, is a reminder that the regulatory fallout is only beginning. For Conduent, the $25 million in costs is just the tip of the iceberg when you factor in the dozens of class-action lawsuits currently moving through federal courts.

Data is a liability, and identity is the target. The only way to stay safe is to see what the attackers see, before they use it against you.

Top 5 Learnings from the 2026 Identity Breach Report

Christine Castro on February 17, 2026

The 2026 Identity Breach Report marks a definitive shift in the cyber threat landscape, transitioning from simple data collection to what can only be described as the Industrialization of Identity. As adversaries adopt machine-scale automation, they are no longer just “leaking” data—they are running high-velocity pipelines designed to weaponize human identities at an unprecedented scale.

This report, based on the analysis of over 1 trillion identity attributes and billions of records, serves as a wake-up call for security leaders. Below is a summary of the most critical findings and the strategic shifts necessary to defend against this new era of industrialized attacks.

1. The Identity Density Gap: Weaponizing Enrichment

The most telling discovery of 2025 is the widening “Identity Density Gap”. While unique identifiers in our data lake grew by only 11%, the total volume of records surged by 135%.

What this means: Attackers are not simply finding new victims; they are building richer, more “attackable” profiles of existing ones. Every new breach is synthesized to add layers of density—correlating an average of 429 billion attributeslike home addresses, phone numbers, and professional hierarchies. This high-fidelity identity resolution allows for surgically precise, autonomous impersonation across multiple channels, including WhatsApp, LinkedIn, and corporate email.

2. The Plaintext Crisis: A Shift in Adversarial Tradecraft

Perhaps the most alarming statistic is the 261% year-over-year increase in plaintext credentials. Today, 68.89% of all breached passwords arrive in clear-text.

It is a common misconception that this represents a regression in organizational hygiene. Instead, it reflects an industrialization of the adversarial pipeline:

  • Infostealer Exfiltration: Modern malware “scrapes” passwords directly from browser memory before they are hashed, rendering server-side security moot.
  • High-Velocity Cracking Farms: Massive GPU-optimized clusters are now being used to “strip” legacy hashes from historical datasets at scale, converting billions of encrypted records into actionable plaintext weapon libraries.

With only 5.26% of credentials remaining properly hashed, the risk of immediate, automated Account Takeover (ATO) has reached its highest point in a decade.

3. Strategic Consolidation: The Rise of Delta Compilations

A curious trend emerged in the 2025 data: the number of “Combo Breaches” (massive, mixed-source leaks) actually decreased by 66%. However, this is not a sign of slowing activity.

Adversaries are moving away from fragmented, low-quality datasets in favor of Delta Compilations. These are high-density, synthesized libraries that focus specifically on newly exposed attributes, allowing attackers to operationalize “fresh” data at machine speed without the noise of deduplicated records.

4. The Top 10 High-Velocity Exposure Events

The report identifies the 10 largest global identity exposure events of 2025, which together fuel the automated credential-stuffing engines of 2026.

  • songguo7.com (Transportation): 87.7M Records
  • AT&T (Telecommunications): 86M Records
  • xuexi.cn (Education): 85.2M Records
  • UnitedHealth (Healthcare): 72M Records
  • PowerSchool (Education/Tech): 62M Records

Notably, the Public and Education sectors saw a 569% increase in breach volume. These platforms are “identity goldmines” because they often link personal information—such as home addresses and phone numbers—directly to high-value corporate and government email addresses.

5. The “Infostealer Pandemic” and MFA Bypass

Infostealers have become the primary engine of modern identity theft. In 2025, Constella processed 51.7 million packages (+72% YoY), identifying 24.8 million unique infected devices.

The real danger lies in session cookies. Infostealer logs often include active cookies that allow adversaries to perform session hijacking. By cloning a user’s active login state, an attacker can bypass Multi-Factor Authentication (MFA) entirely and inherit “trusted device” status, making detection nearly impossible for legacy security tools.

The CISO Roadmap: Transitioning to Identity Risk Posture (IRP)

Traditional, perimeter-based security is no longer sufficient when an adversary knows your leadership team better than your own HR systems do. Organizations must shift from event-based monitoring to a proactive Identity Risk Posture (IRP).

Key Recommendations for 2026:

  1. Continuous Surface Monitoring: Move from periodic audits to real-time surveillance of the surface, deep, and dark web to detect exposure as it happens.
  2. Executive Digital Footprint Protection: High-value targets are often attacked via personal channels. Secure the “whole identity,” not just the corporate login.
  3. Session-Level Vigilance: Implement controls that monitor behavior inside an active session to detect hijacked cookies and anomalous activity.
  4. Operationalize Identity Resolution: Use your own intelligence to map relationships between employee identities and potential exposure points across the third-party ecosystem.

The 2026 Identity Breach Report proves that when threats move at machine speed, our defenses must be equally industrialized. The question is no longer if an identity is compromised, but how quickly you can neutralize the exposure.

Download the Full Report | Register for the Webinar

Constella Intelligence Unveils 2026 Identity Breach Report: The Industrialization of Identity

Christine Castro on February 12, 2026

New research reveals a 1-trillion-attribute threat landscape driven by machine speed and scale, and high-density credential consolidation.

LOS ALTOS, CA — February 12, 2026 — Constella, the leader in Identity Risk Intelligence, today announced the release of its flagship 2026 Identity Breach Report. The report details a fundamental shift in the cyber threat landscape, moving from the mass collection of data to the industrialized weaponization of identity at machine speed and scale, with sophisticated attribute correlation.

The Era of the “Attackable” Identity

The 2026 report highlights a critical divergence in data trends: while unique identifiers grew by only 11% in 2025, the total volume of records surged by 135%. This “Identity Density Gap” signifies that adversaries are no longer just looking for new victims; they are building richer, high-fidelity profiles of existing ones.

By correlating an average of 429 billion attributes, including phone numbers, corporate hierarchies, and personal interests, threat actors can now execute autonomous, multi-channel impersonation attacks that bypass traditional MFA and legacy defenses.

“The ‘plaintext problem’ has evolved,” says Alberto Casares, CTO at Constella. “It is no longer a primary metric of insecure enterprise storage. Instead, it reflects an industrialized pipeline where infostealers exfiltrate credentials directly from browsers, bypassing hashing entirely, while GPU-optimized cracking farms convert historical hash sets into actionable, clear-text weapon libraries at a global scale.”

Key Findings from the 2026 Report:

  • Surge in Breaches Containing PII: A 661% increase in breaches containing PII indicates that 95% of ingested records are now ready for immediate, automated exploitation.
  • The Plaintext Crisis: 68.89% of all breached credentials were found to be stored in plaintext, a staggering 261% increase year-over-year.
  • Agentic AI & Industrialized Detection: Constella utilized Agentic AI automation to expand detection by 159%, hunting over 567,000 breaches in 2025.
  • The Identity Density Gap: While unique identifiers grew by only 11%, the total volume of records surged by 135%.

Featured Webinar:
The Industrialization of Identity: Defending Against Threats at Machine Speed and Scale

To coincide with the report launch, Constella will host an executive panel on February 26th to discuss the operationalization of this data and the move toward an Identity Risk Posture.

Panelists include:

  • Andres Andreu, CEO, Constella: A veteran security leader, Andres provides the strategic vision for meeting machine-scale threats with machine-scale intelligence.
  • Alberto Casares, CTO, Constella: Alberto oversees the analysis of industrialized cybercrime pipelines and the exfiltration tactics of modern infostealers.
  • Hector Monsegur, Cybersecurity Researcher & Chief Research Officer, SafeHill: Known formerly as “Sabu” and the mastermind behind LulzSec, Hector now uses his raw insider perspective to help organizations neutralize high-profile threats and manage threat exposure.
  • Eamonn Maguire, Director of Engineering for AI & ML, Proton: Eamonn holds a DPhil from Oxford and a postdoc from CERN; he has spent the last five years at Proton combating abuse and account takeover while leading the development of public-facing AI features like Proton Scribe and Lumo.

“Traditional defenses are no longer sufficient because the threat is increasingly driven by legitimate accounts being compromised and used for impersonation from real inboxes,” notes the report. “Organizations must shift from event-based security to a model of continuous identity vigilance”.

Register for the webinar, or download the report.

Constella Intelligence Named Best in Class in Javelin Strategy & Research’s 2025 Dark Web Threat Intelligence Vendor Scorecard

Christine Castro on November 25, 2025

The firm achieved “Category Leader” status in all five evaluated categories, recognized for its innovative approach to mapping threat actor infrastructure.

Fremont, CA – November 25, 2025 – Constella Intelligence, a leader in digital risk protection and identity threat intelligence, today announced it has been named Best in Class in Javelin Strategy & Research’s 2025 Dark Web Threat Intelligence Vendor Scorecard. In addition to the top recognition, Constella was recognized as a Category Leader in all five strategic areas evaluated in the report.

The 2025 Dark Web Threat Intelligence Vendor Scorecard benchmarks leading vendors serving U.S. entities, though Constella does boast customers spanning the globe,  evaluating their ability to identify and connect digital and physical risks. Javelin’s research highlights that as cyber risks become more interconnected, vendors playing a critical role in turning raw data into actionable insights are essential for predicting and preventing serious disruptions.

Constella Intelligence received the Best in Class designation for its unique methodology. According to Javelin Strategy & Research, Constella was recognized for its “innovative ‘reverse-engineering’ approach to mapping threat actor infrastructure. Rather than tracking malware samples, Constella analyzes identity-related artifacts left by malicious actors to uncover the infrastructure behind their operations.”

“We are honored to be recognized as Best in Class by Javelin Strategy & Research,” said Andres Andreu, CEO at Constella Intelligence. “Achieving Leader status in every evaluated category validates our identity-centric approach to dark web intelligence. As the threat landscape evolves to bridge the cyber and physical worlds, our focus remains on empowering organizations to anticipate attacks by understanding the specific actors and infrastructures behind them.”

Investors in Constella Intelligence see this recognition as a major validation of the company’s strategic direction and market impact.

“Constella’s recognition as Best in Class confirms that their identity-centric approach is reshaping how the industry handles threat intelligence,” said Alberto Yepez, Managing Director at Forgepoint Capital. “In an environment where cyber threats increasingly spill into the physical realm, Constella’s unique ability to merge vast historical datasets with fresh intelligence enables the discovery of hidden connections at scale, replicating the investigative processes used by Law Enforcement and delivering the level of attribution organizations need to stay ahead of emerging threats.”

“Achieving Category Leader status across every single evaluated area is a rare and impressive feat,” said Anik Bose, General Partner at BGV. “This sweep of the Javelin Scorecard demonstrates that Constella isn’t just competing; they are setting the standard for comprehensive dark web monitoring and actionable intelligence.”

In the 2025 Scorecard, Constella Intelligence was named a Category Leader in the following areas:

  • Threat Actor and TTP (Tactics, Techniques, and Procedures)
  • Data Processing and Enrichment
  • Contextual and Strategic Analysis
  • Source Collection
  • Indicators of Compromise (IoCs)

“Dark web threat intelligence vendors play critical roles in turning raw data like IP addresses and file hashes into meaningful, actionable insights,” said Tracy (Kitten) Goldberg, Director of Cybersecurity at Javelin Strategy & Research. “This intelligence is essential for attributing attacks to specific threat actors and predicting future attacks.”

For more information about Constella Intelligence and its dark web monitoring capabilities, please visit Constella.ai/request-a-demo/.

About Constella Intelligence
Constella Intelligence is a global leader in identity risk intelligence, helping organizations detect, investigate, and respond to threats linked to exposed personal data. Powered by the world’s largest breach and infostealer data lake, spanning over one trillion attributes across 125+ countries and 50+ languages, Constella delivers unmatched visibility into identity threats across the surface, deep, and dark web. Enterprises and technology partners worldwide rely on Constella to strengthen identity posture, fuel threat intelligence, and reduce digital risk. Learn more at Constella.ai.

Media Contact:
Christine Castro
christine.castro@constellaintelligence.com