New York
13
clear sky

Social Media

Massive Data Breach: The Theft of Social Security Numbers

Massive Data Breach: Protecting Yourself Amidst the Theft of Social Security Numbers In a staggering data breach, hackers claim to have compromised 2.9 billion personal records from National Public Data, with a significant portion of the data now leaked online. Four months after a notorious hacking group announced their acquisition of an unprecedented amount of …

Massive Data Breach: Protecting Yourself Amidst the Theft of Social Security Numbers

In a staggering data breach, hackers claim to have compromised 2.9 billion personal records from National Public Data, with a significant portion of the data now leaked online.

Four months after a notorious hacking group announced their acquisition of an unprecedented amount of sensitive personal information from a leading data broker, a group member has reportedly released most of this data for free on an online marketplace notorious for selling stolen personal information.

This breach, which includes Social Security numbers and other critical data, poses significant risks for identity theft, fraud, and other crimes, warns Teresa Murray, Consumer Watchdog Director for the U.S. Public Information Research Group. “If this is indeed a comprehensive dossier on all of us, it is far more alarming than previous breaches,” Murray stated. “For those who haven’t taken precautions in the past, this should serve as a five-alarm wake-up call.”

A class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Florida, details the claims by the hacking group USDOD. In April, they allegedly stole the personal records of 2.9 billion individuals from National Public Data. This service provider offers personal information for background checks to employers, private investigators, and staffing agencies. The group attempted to sell the data, which includes records from the United States, Canada, and the United Kingdom, for $3.5 million, as revealed by a cybersecurity expert in a post on X.

Last week, a supposed member of USDoD, identified only as Felice, posted on a hacking forum, offering “the full NPD database.” According to a screenshot captured by BleepingComputer, this data consists of approximately 2.7 billion records, including full names, addresses, dates of birth, Social Security numbers, phone numbers, alternate names, and birth dates.

Security Breach at AT&T: Nearly All Customers’ Data Compromised

National Public Data has yet to respond to requests for comment and formally notify individuals about the alleged breach. However, the company has informed those who emailed that they are “aware of certain third-party claims about consumer data and are investigating these issues.” The company also mentioned that they have “purged the entire database” and deleted any “non-public personal information” about individuals. However, they noted that some records might need to be retained for legal compliance.

Several cybersecurity news outlets have reviewed portions of Felice’s data and confirmed that it appears to contain real personal information. If the leaked material is genuine, here are the potential risks and steps you can take to protect yourself.

The Threat of Identity Theft

The leaked data reportedly includes much of the information that banks, insurance companies, and service providers require when creating accounts or granting requests to change passwords on existing accounts. However, the hackers’ haul seems to lack email addresses, driver’s licenses, or passport photos, which governmental agencies often use for identity verification.

Despite this, Murray from PIRG cautions that bad actors could use the leaked information to take over existing accounts, including those associated with banking, investments, insurance policies, and email. With details such as your name, Social Security number, date of birth, and mailing address, fraudsters could create fake accounts in your name or convince someone to reset the password on one of your existing accounts. “For someone adept at this,” Murray said, “the possibilities are endless.”

Criminals could combine this data with information from previous breaches to add email addresses and cause further harm. “With all that information,” Murray warned, “you can wreak havoc, commit various crimes, and steal significant sums of money.”

CALIFORNIA – Phishing Attack Jeopardizes Personal Information of 200,000 L.A. County Residents

How to Protect Yourself

Data breaches have become so prevalent that some security experts believe your sensitive information is almost certainly available in the internet’s darker corners. VPNRanks, a website that reviews virtual private network services, estimates that 5 million people access the dark web daily via the anonymizing TOR browser, though only a fraction engages in malicious activities.

Suppose you suspect your Social Security number or other critical identifying information has been compromised. In that case, experts advise placing a freeze on your credit files with the three major credit bureaus—Experian, Equifax, and TransUnion. This free service will prevent criminals from taking out loans, signing up for credit cards, or opening financial accounts in your name. However, you’ll need to lift the freeze temporarily if you apply for something that requires a credit check.

You can place a freeze online or by phone by contacting each credit bureau individually. PIRG strongly advises against responding to unsolicited emails or texts claiming to be from one of the credit agencies, as these are likely phishing attempts designed to steal your personal information.

You can look at PIRG’s step-by-step guide to credit freezes for more detailed instructions.

Additionally, consider subscribing to a service that monitors your accounts and the dark web for signs of identity theft, typically for a fee. If your data is exposed to a breach, the company responsible often offers such services free for a year or more.

While these steps are crucial to preventing new accounts from being opened in your name, they will only do a little to protect your existing accounts. Oddly, those accounts are particularly vulnerable if you haven’t signed up for online access—it’s easier for thieves to create a login and password while pretending to be you than to crack your existing credentials.

Trump Campaign Emails Breached in Latest Hacking Scandal

To enhance security, ensure your passwords are strong, unique for each service, and updated periodically. Password manager apps can simplify the process by storing your passwords in the cloud, requiring you to remember only one master password. These apps are free (like Apple’s iCloud Keychain) or for a fee.

Furthermore, experts strongly recommend enabling two-factor authentication, which adds an extra layer of security on top of your password. This second factor is usually something linked to your phone, such as a text message, though a more secure option is to use an authenticator app that keeps you safe even if scammers hijack your phone number.

Yes, scammers can hijack your phone number through SIM swaps and port-out fraud, leading to further identity theft nightmares. To safeguard against this, AT&T offers a passcode option to restrict access to your account. T-Mobile provides optional protection against phone number porting. Verizon automatically blocks SIM swaps by deactivating the new and existing devices until the account holder intervenes with the original device.

Your Worst Enemy May Be You

As much as hacked data, scammers rely on people to disclose sensitive information willingly. One common tactic is posing as your bank, employer, phone company, or another service provider with whom you’ve done business and attempting to trick you with a text or email.

Banks, for example, frequently remind customers that they will not ask for account information over the phone. Nonetheless, scammers have successfully persuaded victims to provide account numbers, logins, and passwords by pretending to be bank security officers trying to prevent an unauthorized transaction or another urgent threat.

You may also receive an official-looking email claiming to be from National Public Data, offering assistance in dealing with the reported breach. However, as Murray warned, “It’s not going to be NPD trying to help. It’s going to be some bad actor overseas” attempting to scam you out of sensitive information.

A good rule of thumb is never to click on a link or call a phone number in an unsolicited text or email. If the message warns about fraud on your account and you don’t want to ignore it, look up the phone number for that company’s fraud department (found on the back of your debit and credit cards) and call for guidance.

“These scammers do this for a living,” Murray said. “They might send tens of thousands of messages and only get one response, but that one could net them $10,000 from an unsuspecting victim. Ten thousand dollars in one day for just one hit is a pretty good return on investment,” she added. “That’s what motivates them.”

The Midtown Times

The Midtown Times

The Midtown Times is committed to delivering accurate, timely, and comprehensive news to our readers. 
What to read next...

We live in a time of uncertainty and change. Profound social disruption, affecting how we work, how we learn or entertain ourselves, pose challenges to our social fabric as well as our physical and emotional well-being.

Investors and journalists compare today’s fashion for investing in cryptocurrencies (such as Bitcoin) to the American gold rush in the mid-19th century. Others compare the mania for digital currency to the Dutch tulip craze in the 18th century.

Three friends are celebrating becoming millionaires following the sale of a social media marketing business they started at university. They have sold Fanbytes, which says it helps brands win the hearts of youngsters.

Leave a Reply

Your email address will not be published. Required fields are marked *