Could this be the biggest data breach ever? National Public Data (NPD), a background check company, was hacked in December 2023 and they finally admitted to have exposed the full Social Security Numbers from nearly everyone in the United States (gift article). Atlas Data Privacy found 272 million unique SSNs in the database of 2.7 billion records. The entire US population is only about 330 million. 😡
This LA Times article adds more detail about how NPD has delayed and withheld information about this huge hack. Unfortunately, our knowledge of their ineptitude keeps growing: National Public Data Published Its Own Passwords The best title goes to Wired (paywall) with The Slow-Burn Nightmare of the National Public Data Breach.
Cybersecurity firm Pentester has released this NPD Breach Check Tool that lets you enter just your name and birth year to see if your data is included. With just this little bit of information, the tool was able to provide evidence that they knew my historical addresses, phone number, full Social Security Number, and date of birth. 🤬
We’re getting close to the point where Social Security numbers will not be secret enough to provide any assurance for identity verification. I believe that these data brokers should each first have to pay us a subscription fee for the right to store and resell our personal data, on top of being financially liable if they lose it. 300 years of “free credit monitoring” is not adequate.
These media articles recommend the following actions:
- Freeze your credit reports. Also consider freezing the reports for your minor children. Experian is the most annoying. Don’t fall for their upsells and “Experian CreditLock”, which is not the same as a free Freeze!
- Use multi-factor authentication whenever possible. Hardware keys, authenticator apps, or at the minimum SMS texts.
- Set up account alerts. Just be sure those alerts aren’t phishing attempts themselves. Don’t click on vague links. Visit sites directly.
- Harden your personal e-mail address. The e-mail where your password resets arrive is one of the most valuable targets for criminals.
The Best Credit Card Bonus Offers – August 2024
Big List of Free Stocks from Brokerage Apps
Best Interest Rates on Cash - August 2024
Free Credit Scores x 3 + Free Credit Monitoring
Best No Fee 0% APR Balance Transfer Offers
Little-Known Cellular Data Plans That Can Save Big Money
How To Haggle Your Cable or Direct TV Bill
Big List of Free Consumer Data Reports (Credit, Rent, Work)
I would also consider locking your cell number to help prevent Sim swapping. This is when a bad actor ports your number out to a phone in their control so a to gain access to your accounts which have 2 factor authentication. Many cell phone providers let easily you lock your number in their app.
wow, this is terrible that they got SSN of everyone!
why didn’t they encrypt all the numbers?
there should be a class-action law suit.
I think a class action lawsuit has already been filed, but they don’t seem to be working in avoiding these breaches…
I see records with my name and address but some other phone numbers and/or ssn… potentially unidentified identity theft ? What should one do in this situation?
My name is not unique enough to see all the results for my state through that search tool. My wife’s data is in there with addresses going back 35 years.