Four months after a famous hacking organization claimed to have gained massive amounts of sensitive personal data from a major data broker, a member of that group allegedly made much of it available for free on an infamous online marketplace for stolen data.
Social Security numbers and other sensitive data were compromised, raising worries about identity theft, fraud, and other crimes. Consumer watchdog Teresa Murray, director of the U.S. Public Information Research Group (PIRG), emphasized the breach.
Murray said, “If this is pretty much the whole dossier on all of us, it certainly is much more concerning [than prior breaches]. This should be a five-alarm wake-up call for folks who didn’t take safeguards before.
USDOD, a hacker gang, claimed in April to have stolen 2.9 billion personal records from National Public Data, prompting a class-action lawsuit in Fort Lauderdale, Florida. Background check companies like NPD provide personal information to employers, private investigators, and hiring agencies.
A cybersecurity expert revealed on X that the group sold the data on a hacker forum for $3.5 million. The records purportedly included US, Canadian, and UK data.
Felice, a putative USDOD member, announced on a hacker forum that they were offering “the full NPD database.” Bleeping Computer screenshots show 2.7 billion records. Felice said that each record includes a person’s entire name, address, date of birth, Social Security number, phone number, and alternative names and birth dates.
NPD has not commented or notified affected parties of the incident. However, in email responses, the business recognized third-party customer data concerns and said they were investigating. NPD also stated in the email that they had “purged the entire database, as a whole, of any and all entries, essentially opting everyone out.
The corporation claims to have erased all “non-public personal information,” although legal requirements may require them to keep some data. Felice’s data looks to contain genuine people’s data, according to several cybersecurity news outlets. Authentic data offers serious threats, thus people must safeguard themselves.
Identity theft is a major risk from this compromise. The hacked data includes much of the information banks, insurance firms, and other service providers need to open up accounts or reset passwords. Cybercriminals value the data disclosed, even though email addresses and driver’s license or passport images are lacking.
Murray said criminal actors might use this data to try to take over bank, investing, insurance, and email accounts. Murray warned that criminals could use this breach’s data and earlier breaches to develop more detailed victim profiles and perpetrate more crimes.
Protect your Social Security data from a hack
After a breach like this, experts say that you should freeze your credit files with the three main credit bureaus: Experian, Equifax, and TransUnion. This is easy to do and doesn’t cost anything. It will stop thieves from starting new bank accounts in your name.
You’ll need to remember to briefly lift the freeze, though, if you want to get credit or use a service that checks your credit. It’s important to go through this process directly with each credit bureau and not reply to emails or texts you didn’t ask for that say they are from these agencies. These messages are probably scams meant to steal your personal information.
You might want to sign up for a service that checks your accounts and the dark web for signs of identity theft in addition to freezing your credit. After a data hack, companies often give these services to customers for free for a year or more.
But if you haven’t already, even the best tracking services won’t be able to protect your accounts. Strangely, accounts that haven’t been set up to be accessed online can be the most at risk. This is because it’s easier for a hacker to make a new login and password and pretend to be you than to hack into a current account.
It is important to use strong, unique passwords for each service and to change them often. This process can be made easier by password organizer apps that store and organize your passwords safely in the cloud, so you only need to remember one master password.
One more important security step is two-factor authentication, which protects your accounts even more. Usually, this means getting a code via text message or using an authenticator app that is connected to your phone. This makes it much harder for someone to get into your accounts, even if they know your login information.
Scammers are also going after people more and more through SIM swapping and port-out fraud, in which they take your phone number and use it to take over your accounts. As an extra safety measure, cell phone companies like AT&T, T-Mobile, and Verizon offer passcodes and stops on illegal device changes.