Hackers Steal 272 Million U.S. Social Security Numbers, 161 Million U.S. Phone Numbers and More Highly Sensitive Historic Data from National Public Data.
- Aug 25, 2024
- 4 min read
What happened? And how to tell if your were breeched and what to do about it.
(Usual disclaimer: I'm just an investor expressing my personal opinion and am not an attorney, accountant nor your financial advisor. Consult your own financial professionals before making any financial decisions. Code of Ethics: To remove conflicts of interest that are rife on other sites, I/we do not accept ANY money from outside sponsors or platforms for ANYTHING. This includes but is not limited to: no money for postings, nor reviews, nor advertising, nor affiliate leads etc. Nor do I/we negotiate special terms for ourselves in the club above what we negotiate for the benefit of members. Info may contains errors so use at your own risk. See Code of Ethics for more info.)
National Public Data is a company which sells personal information to private investigators, consumer public record sites, human resources and staffing agencies.
According to a recently proposed class-action lawsuit, a cybercriminal group by the name of USDoD posted a database entitled “National Public Data” on a dark web forum and which claimed to be selling the personal data of 2.9 billion people for $3.5 million. And National Public Data recently confirmed a "data security incident" on it's website:
"There appears to have been a data security incident that may have involved some of your personal information. The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024. We conducted an investigation and subsequent information has come to light. What Information Was Involved? The information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es).
What Exactly Was Stolen?
Spy Cloud, security firm, said they have analyzed the stolen data and claims it's made of up of:
2.7 billion total records
Sensitive personally identifiable information (PII) on individuals including:
Full names, dates of birth
420 million distinct addresses
272 million distinct US Social Security Numbers (SSNs)
Over 161 million distinct phone numbers
Historical data like old addresses and phone #s. Per spy cloud: "This introduces risks because it is not uncommon for credit checks and other identity verification systems to verify places where you have previously lived in order to grant you access to certain resources, so this breach will likely make certain types of verification systems more trivial to bypass."
How to Fail as Publicly and Badly as Possible
And according to security researcher Brian Krebs (of Krebs on Security) the bungling didn't stop there.
Krebs says that a National Public Data data broker continued to share the passwords to its back-end database (and which shares access to the same records) in a file that was freely available on it's homepage until recently:
New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.
Adding Insult to Injury?
And as if that wasn't bad enough...if the proposed class action lawsuit is to believed, then allegedly the data was scraped from the web by National Public Data without consumer consent.
Was my info breeched?
According to CNET, you can check to see if your social security number or phone number was breeched using one of the sites on their article.
What do do about it?
The nonprofit National Cybersecurity Alliance, recommends freezing your credit, saying:
The lawsuit says that hackers stole the personal information of 3 billion people, including every existing Social Security numbers, from background check company National Public Data (NPD). If true, this would mean every American is at risk of having their identity stolen. While the exact details of the breach are not confirmed, don’t wait. Freeze your credit now and keep it frozen by default. Freezing your credit: 1) Is free. 2) Doesn’t impact your credit score. 3) Is easy and fast to un-freeze if you need to apply for credit.
CNET also recommend other steps such as:
Contact the Internal Revenue Service "if your Social Security number has been stolen to prevent the thief from using your number to file a tax return and receive your tax refund or to prevent them from using your number for a job (and put their taxes on your account)."
The IRS says they have a PIN program to mitigate the risk of stolen tax refunds:
Check your credit report regularly.
Sign up for a credit monitoring service.
Go to Federal Trade Commission's IdentityTheft.gov.
File an online complaint with the Internet Crime Complaint Center.
Contact the Social Security Administration
Click here for more details from CNET.
August 28, 2024 Update: It turns out that the above steps are Not EVEN NEARLY ENOUGH!
The conventional advice of merely freezing and monitoring credit reports doesn't stop a thief from sticking you with bogus utility bills, fraudulent pay-day loans, fake bank and brokerage accounts, stealing your tax refunds, and more. Here's a brand new article with real life examples from people who learned the hard way... and here's what to do to avoid being victimized.
I started using my NetSpend card, and I couldn't be happier with the experience! The convenience of loading funds and managing my money on the go is fantastic. The mobile app is user-friendly and makes tracking my spending a breeze. I love the instant notifications for every transaction, which keeps me informed and secure, find more reviews on NetSpend reviews. Plus, the ability to set up direct deposits has made my life so much easier. Overall, my NetSpend card has truly simplified my financial management, and I highly recommend it to anyone looking for a reliable and efficient prepaid card!
Every female is classy, irresistible, and adept in the art of winning desire. So, be it a romantic evening or a wild adventure, the experience you get is surely to be exciting. Don’t wait long to book a time to spend a luxury experience with professional Escorts in Greater Kailash who turn every moment into an unforgettable one.
geometry dash simple one-touch control system belies a brutally difficult, yet incredibly addictive, experience where every jump and movement is synchronized to an energetic, pulsating soundtrack.
On ne réalise pas toujours à quel point un bouchon dans une canalisation peut paralyser une maison jusqu’à y être confronté. C’est ce qui m’est arrivé après un week-end pluvieux, avec une remontée d’eau sale dans la buanderie. J’ai cherché une société sérieuse et disponible dans la région de Farciennes, et c’est ainsi que j’ai fait appel à Maes Debouchage. L’intervention a été rapide, sans mauvaise surprise sur le prix, et le matériel utilisé était clairement professionnel. Depuis leur passage, tout fonctionne parfaitement. Un service que je n’hésiterai pas à recommander autour de moi.
This is a really serious crime that must be punished by law. In January this year, my mother was also exposed to the social engineering attack. And where did they get her phone number? Sometimes I think that the era of traditional telephony is dying. In our business, we use www.myvelox.com and VoIP telephony. Because we don't want to pay extra and want to be safe when making calls.