The breach includes Social Security numbers and other highly sensitive data, potentially fueling a wave of identity theft, fraud, and other criminal activities. Teresa Murray, consumer watchdog director for the U.S. Public Information Research Group, expressed grave concerns about the implications of this breach.
About four months ago, a notorious hacking group claimed to have stolen an extraordinary amount of sensitive personal information from a major data broker. Recently, a member of this group has reportedly released most of this data for free on an online marketplace known for trading stolen personal data.
Social Security breach: a five-alarm wake-up call for personal data protection
“If this is indeed the entire dossier on all of us, it is certainly more alarming than previous breaches,” Murray stated in an interview. “And if people weren’t already taking precautions, which they should have been, this should serve as a five-alarm wake-up call.”
According to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Fla., the hacking group known as USDoD claimed in April to have stolen personal records of 2.9 billion people from National Public Data. This company provides personal information to employers, private investigators, staffing agencies, and others conducting background checks. The group initially offered to sell this data on a hacker forum for $3.5 million, according to a cybersecurity expert’s post on X.
- The breach involves personal records from the United States, Canada, and the United Kingdom.
- Released data can lead to identity theft, fraud, and other crimes.
- This incident emphasizes the need for stringent personal data protection precautions.
Massive Data Breach Reported by Hacking Forum
Last week, a purported member of USDoD, identified only as Felice, claimed on a hacking forum that they were offering “the full NPD database.” This startling revelation was captured in a screenshot taken by BleepingComputer. According to Felice, the information consists of about 2.7 billion records, each containing sensitive details such as a person’s full name, address, date of birth, Social Security number, and phone number. Felice also mentioned that the data includes alternate names and birth dates.
Alleged Breach of National Public Data
National Public Data has not yet responded to requests for comments, nor has it formally notified individuals about the alleged breach. However, the company has acknowledged the situation to those who reached out via email. They stated, “We are aware of certain third-party claims about consumer data and are investigating these issues.”
Key Details of the Data Breach
- Full Names: Included in the 2.7 billion records
- Addresses: Detailed personal addresses
- Date of Birth: Both actual and alternate birth dates
- Social Security Numbers: Sensitive SSN information
- Phone Numbers: Contact details
For more insights, read our related article: Data of nearly all AT&T customers downloaded in security breach.
In a recent email, the company announced that it has purged its entire database, effectively opting everyone out. This decisive action led to the deletion of any “non-public personal information” that had been stored. However, it also mentioned, “We may be required to retain certain records to comply with legal obligations.”
Potential Risks of the Data Leak
Several cybersecurity news outlets have examined portions of the data offered by Felice and confirmed that it appears to be actual, sensitive information belonging to real people. If the leaked material is indeed legitimate, it poses several serious risks. Here are the potential dangers and steps you can take to protect yourself:
The Threat of ID Theft
The leaked data includes much of the information that banks, insurance companies, and service providers require when creating new accounts or when granting requests to change passwords on existing accounts. This makes the threat of identity theft very real. To safeguard yourself, consider the following measures:
- Regularly monitor your bank and credit card statements for suspicious activity.
- Change your passwords frequently and use complex, unique passwords for each account.
- Enable two-factor authentication wherever possible to add an extra layer of security.
- Place a fraud alert or credit freeze on your credit reports to prevent unauthorized accounts from being opened in your name.
By staying vigilant and taking these precautionary steps, you can better protect yourself against the potential fallout from this data leak.
In the recent data breach, a few critical elements seemed to be absent from the hackers’ loot. Notably missing were email addresses—essential for logging into various services—and driver’s license or passport photos, which many government agencies use to verify identities.