Massive Data Breach Potentially Exposes Social Security Numbers of Millions
A recent lawsuit has brought to light a significant data breach that may have compromised the personal information of millions of individuals, including sensitive details like Social Security numbers, previous and current addresses, and family member names. This breach, linked to a company named National Public Data (NPD), could have severe consequences for those affected, potentially enabling fraudsters to exploit this information for financial gain.
The lawsuit, filed by California resident Christopher Hofmann, alleges that the breach occurred around April 2024. Hofmann's identity theft protection service notified him that his personal data had been leaked on the dark web, linked to a breach involving "nationalpublicdata.com." This breach, attributed to a hacker group known as USDoD, reportedly resulted in the theft of unencrypted personal data belonging to billions of individuals.
According to reports, including one from Bleeping Computer, a portion of this stolen data was later shared freely on a hacking forum. The leaked information allegedly includes 2.7 billion records, each containing a person's full name, address, date of birth, Social Security number, and phone number.
What Is National Public Data?
National Public Data, based in Coral Springs, Florida, is a background check company that serves employers, investigators, and other entities requiring thorough background information. The company offers searches that include criminal records, vital records, and SSN traces, among other details.
The USDoD Hack: What Happened?
The lawsuit claims that on April 8, the hacker group USDoD posted a database called "National Public Data" on the dark web, offering the records of approximately 2.9 billion individuals for $3.5 million. However, the data was later leaked for free, making the information widely accessible to cybercriminals.
Who Is Affected?
While the lawsuit claims billions of individuals have been impacted, it's important to note that the U.S. population is around 330 million. The discrepancy suggests that many records might belong to the same individuals but list different addresses or other variations of their data. Furthermore, the breach may include information on deceased individuals, complicating the total number of affected people.
The stolen data is believed to span several decades, according to Schubert Jonckheer & Kolbe, a law firm investigating the breach.
Has NPD Informed Those Affected?
As of now, it's unclear whether NPD has notified the individuals whose data was compromised. The lawsuit alleges that most of the affected individuals remain unaware of the breach and the risks they face, including identity theft and other personal, social, and financial harms.
Moreover, security experts and companies like McAfee have not found any filings with state attorneys general, which some states require following a data breach.
How to Protect Your Information
In light of this breach, security experts strongly recommend that consumers freeze their credit reports with the three major credit bureaus—Experian, Equifax, and TransUnion. This free service can prevent unauthorized loans or credit cards from being issued in your name.
Additionally, consider subscribing to a tracking service that will alert you if your data appears on the dark web. Enabling two-factor authentication on your accounts is another essential step to protect against unauthorized access.
إرسال تعليق