After a massive corporate breach resulted in the theft of billions in Social Security numbers, Americans are now at risk.
According to a Los Angeles Times report this week, a hacker organization stole the personal data of nearly three billion people from National Public Data, a Florida-based corporation. The information is currently available for purchase on the dark web.
Information such as full names, addresses, dates of birth, phone numbers, and possibly social security numbers are now likely to be sold.
The hacker collective, known as the USDoD, claimed to have obtained details of 2.9 billion people from National Public Data, a source of personal data for businesses and private investigators conducting background checks.
According to reports, the data breach occurred in April, and the USDoD allegedly sold the stolen data for $3.5 million.
National Public Data Breach
First, the details. The company that conducts the background checks, National Public Data (NPD), is the subject of the complaint filed. According to its website, “[NPD] collects data from public records databases, court records, state and federal databases, and additional repositories across the country.”
According to the complaint, NPD suffered a data breach sometime in April 2024. In addition, the US District Court proceeding asserts the following:
• Sensitive information, including addresses from the past three decades and beyond, Social Security numbers, details about parents, siblings, and other family members—some of whom have been deceased for nearly 20 years—as well as other There was also personal information. Compromise by corporation.
• Businesses “scrape” this data from private sources. The individual who filed the lawsuit and the billions of others who may be eligible to join the class action complaint did not consent to the collection of this information.
• The business promised those it would “assume legal and equitable duties to protect and safeguard this information from unauthorized access and interference.”
How did this breach come to light?
Because of laws and regulations that require them to report breaches immediately, organizations typically self-report data breaches. In this way, users are notified of violations as soon as possible through emails, news articles, and occasionally notifications to some state attorneys general.
It appears that no warnings were provided to potential victims in this instance. Additionally, no filings with state attorneys general can be found by us.
The lead plaintiff learned of the breach through a notification from its identity theft protection service provider, which informed it that the “nationalpublicdata.com” breach had directly resulted in its [personal information]. Compromised.” (And of course, you can also add internet protection software as ways to know about a data breach before the company contacts you.)
Additionally, The Register revealed in June that a hacking group known as the USDoD claimed to have stolen the personal details of nearly 3 billion people and sold them on the dark web. The cost was $3.5 million USD. The group also said the records include citizens of the United States, Canada and the United Kingdom.
From an Internet security perspective, the alleged hack could contain highly sensitive information, which, if confirmed, could expose up to three billion people to identity theft. It’s only worth acting because there’s a possibility that Social Security numbers have been compromised.
How to protect yourself from a data breach?
This hack shows the dangers and problems that follow such attacks for us as customers. Often, months pass before we receive any kind of notification. Naturally, hackers have plenty of time to wreak havoc during this period. They may sell the stolen information to others who will use it for similar purposes, or they may use it to commit identity theft. In either case, unless we experience identity theft ourselves, we are often in the dark.
It is true that news of an attack targeting you may not reach you immediately. For this reason, the best defense against data breaches is a combination of procedures.
To ensure complete coverage, we recommend the following:
A security freeze, credit check, and ID theft protection should be considered:
You should think seriously about precautions because your personal information may be on the dark web. After a breach, you can stay safe by purchasing identity theft protection and checking your credit. A security freeze can also help prevent identity theft if you notice any strange activity. With our McAfee+ Advanced or Ultimate plans, all three can be configured. Features include:
• Credit Monitoring provides timely notifications and information to help combat identity theft by tracking changes to your credit score, report and accounts.
• A security freeze protects you by preventing unwanted access to existing credit card, bank, and utility accounts, as well as opening new accounts in your name. And your credit score won’t be affected.
• If it is determined that you are a victim of identity theft, ID Theft and Restoration coverage provides you with $2 million in identity theft coverage and identity restoration assistance. With the help of a certified recovery specialist, you can replace lost income and repair your identity and credit.
Keep track of your transactions and identity
Exposure can result in breaches and leaks, particularly in dark web markets where personal information is exchanged for cash. If this happens, proper identity monitoring can help alert you immediately. It monitors phone numbers, IDs, email addresses and other information for signs of security breaches. If detected, it provides guidance on how to protect your accounts from identity theft.
Finally, additional steps can help prevent someone from stealing your bank account information and prevent them from applying for a short-term payday loan in your name.
Watch out for phishing attempts
Once they have some personal information, criminals can search for more. After a breach, they can launch waves of phishing attempts that take you to fake websites that aim to steal your personal information, either by tricking you or by stealing it without your knowledge. By taking Thus, watch out for phishing attempts, especially after breaches.
Make sure that the correspondence you receive from the corporation is authentic. Fraudsters can impersonate them to obtain personal data. Links sent in emails, texts or messages should not be clicked or tapped. Alternatively, visit the relevant website directly or call them.
You can use a text scam detector from well-known service provider for even more security. By identifying any suspicious links and alerting you to them, it stops scams before you even click. Additionally, it prevents you from accessing dubious websites that unintentionally lead to harmful links.
Be sure to use two-factor authentication and update your passwords
Changing your password is a good way to stay active. Rather than using the same password across multiple websites and services, it is recommended to create strong and distinct passwords. You can stay organized and store your credentials securely using a password manager.
While creating a strong, one-of-a-kind password is a great first line of defense, you benefit from adding an extra layer of security to your accounts by turning on two-factor authentication. These days, it’s not unusual to see banks and other online businesses restrict access to your accounts to one-time pass codes that are delivered to your email or smartphone.
Take down your private information from data broker websites
The complaint that was filed claims that National Public Data “constitutes” private information.
Additionally, the website’s homepage states that the information is “collected from various public records databases, court records, state and national databases, and other repositories across the country.” Although we are unable to independently verify this, we can warn that some sources may include data broker websites.
Although some damage has already been done, we still recommend deleting your personal information from these data broker websites. In the event that there are more violations elsewhere, this may prevent further exposure. We can do this for you with our Personal Data Cleanup. This data broker detects websites that scan and sell your personal information.
Ada Spark is a tech explorer and creative content creator with 6+ years of experience. Appreciate teamwork and creative strategies to promote content. Always looking to work according to the latest trends and create content that makes a difference. Also familiar with infographics and other forms of content.