SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Billions of SSNs hacked, apparently in April and we are just now learning about it
Page 1 2 
Go
New
Find
Notify
Tools
Reply
  
Billions of SSNs hacked, apparently in April and we are just now learning about it Login/Join 
Step by step walk the thousand mile road
Picture of Sig2340
posted
China already has all of my security clearance documents (gee thanks, OPM, you imbeciles), so I'm only mildly enraged about this.

quote:
CBSnews.com: MoneyWatch Hackers may have stolen the Social Security numbers of many Americans. Here's what to know.

By Aimee Picchi
Edited By Anne Marie Lee
Updated on: August 15, 2024 / 1:12 PM EDT / CBS News

A new lawsuit is claiming hackers have gained access to the personal information of "billions of individuals," including their Social Security numbers, current and past addresses and the names of siblings and parents — personal data that could allow fraudsters to infiltrate financial accounts or take out loans in their names.

The allegation arose in a lawsuit filed earlier this month by Christopher Hofmann, a California resident who claims his identity theft protection service alerted him that his personal information had been leaked to the dark web by the "nationalpublicdata.com" breach. The lawsuit was earlier reported by Bloomberg Law.

The breach allegedly occurred around April 2024, with a hacker group called USDoD exfiltrating the unencrypted personal information of billions of individuals from a company called National Public Data (NPD), a background check company, according to the lawsuit. Earlier this month, a hacker leaked a version of the stolen NPD data for free on a hacking forum, tech site Bleeping Computer reported.

That hacker claimed the stolen files include 2.7 billion records, with each listing a person's full name, address, date of birth, Social Security number and phone number, Bleeping Computer said. While it's unclear how many people that includes, it's likely "that everyone with a Social Security number was impacted," said Cliff Steinhauer, director of information security and engagement at The National Cybersecurity Alliance, a nonprofit that promotes online safety.

"It's a reminder of the importance of protecting yourself, because clearly companies and the government aren't doing it for us," Steinhauer told CBS MoneyWatch.

NPD didn't immediately respond to a request for comment.

Here's what to know about the alleged hack.

What is National Public Data?

National Public Data is a data company based in Coral Springs, Florida, that provides background checks for employers, investigators and other businesses that want to check people's backgrounds. Its searches include criminal records, vital records, SSN traces and more information, its website says.

There are many similar companies that scrape public data to create files on consumers, which they then sell to other businesses, Steinhauer said.

"They are data brokers that collect and sell data about people, sometimes for background check purposes," he said. "It's because there's no national privacy law in the U.S. — there is no law against them collecting this data against our consent."
What happened with the USDoD hack?

According to the new lawsuit, USDoD on April 8 posted a database called "National Public Data" on the dark web, claiming to have records for about 2.9 billion individuals. It was asking for a purchase price of $3.5 million, the lawsuit claims.

However, Bleeping Computer reported that the file was later leaked for free on a hacker forum, as noted above.
How many people have been impacted?

The number of people impacted by the breach is unclear. Although the lawsuit claims "billions of individuals" had their data stolen, the total population of the U.S. stands at about 330 million. The lawsuit also alleges that the data includes personal information of deceased individuals.

Bleeping Computer reports that the hacked data involves 2.7 billion records, with individuals having multiple records in the database. In other words, one individual could have separate records for each address where they've lived, which means the number of impacted people may be far lower than the lawsuit claims, the site noted.

The data may reach back at least three decades, according to law firm Schubert Jonckheer & Kolbe, which said on Monday it is investigating the breach.

Did NPD alert individuals about the hack?

It's unclear, although the lawsuit claims that NPD "has still not provided any notice or warning" to Hoffman or other people affected by the breach.

"In fact, upon information and belief, the vast majority of Class Members were unaware that their sensitive [personal information] had been compromised, and that they were, and continue to be, at significant risk of identity theft and various other forms of personal, social, and financial harm," the lawsuit claims.

Information security company McAfee reported that it hasn't found any filings with state attorneys general. Some states require companies that have experienced data breaches to file reports with their AG offices.
What should I do to protect my information?

Security experts recommend that consumers put freezes on their credit files at the three big credit bureaus, Experian, Equifax and TransUnion. Freezing your credit is free, and will stop bad actors from taking out loans or opening credit cards in your name.

"The biggest thing is to freeze your credit report, so it can't be used to open new accounts in your name and commit other fraud in your name," Steinhauer said.

Steinhauer recommends consumers take several additional steps to protect their data and finances:

  • Make sure your passwords are at least 16 characters in length, and are complex.
  • Use a password manager to save those long, complex passwords.
  • Enable multifactor authentication, which Steinhauer calls "critical," because simply using a single password to access your accounts isn't enough protection against hackers.
  • Be on alert for phishing and other scams. One red flag is that the scammers will try to create a sense of urgency to manipulate their victims.
  • Keep your security software updated on your computer and other devices. For instance, make sure you download the latest security updates from Microsoft or Apple onto your apps and devices.


You can also get a tracking service that will alert you if your data appears on the dark web.

"You should assume you have been compromised and act accordingly," Steinhauer said.








Nice is overrated

"It's every freedom-loving individual's duty to lie to the government."
Airsoftguy, June 29, 2018
 
Posts: 32525 | Location: Loudoun County, Virginia | Registered: May 17, 2006Reply With QuoteReport This Post
Political Cynic
Picture of nhtagmember
posted Hide Post
Swell

What’s the point in protecting myself if the leak is from a company not under my control

Can NPD be sued by individuals that have had their data compromised by negligence?
 
Posts: 54150 | Location: Tucson Arizona | Registered: January 16, 2002Reply With QuoteReport This Post
Step by step walk the thousand mile road
Picture of Sig2340
posted Hide Post
quote:
Originally posted by nhtagmember:
Swell

What’s the point in protecting myself if the leak is from a company not under my control

Can NPD be sued by individuals that have had their data compromised by negligence?


Yes, join the class action against them.





Nice is overrated

"It's every freedom-loving individual's duty to lie to the government."
Airsoftguy, June 29, 2018
 
Posts: 32525 | Location: Loudoun County, Virginia | Registered: May 17, 2006Reply With QuoteReport This Post
thin skin can't win
Picture of Georgeair
posted Hide Post
quote:
Billions of SSNs hacked


Hmmmmm, do you have to involve the evasive Japanese nanobots to make this math work?



You only have integrity once. - imprezaguy02

 
Posts: 12903 | Location: Madison, MS | Registered: December 10, 2007Reply With QuoteReport This Post
Member
Picture of uvahawk
posted Hide Post
So interesting that our overlords in the federal government have been silent on this breach. Wonder what they knew and when. I suppose it is pointless to ask what they propose to do about it and when.
 
Posts: 261 | Location: Low Country, South Carolina | Registered: November 28, 2004Reply With QuoteReport This Post
Member
posted Hide Post
In a country of 360 million we have billions of social security numbers? Just who all are we paying benefits too?


“That’s what.” - She
 
Posts: 434 | Location: Kentucky | Registered: June 06, 2021Reply With QuoteReport This Post
Partial dichotomy
posted Hide Post
^^^




SIGforum: For all your needs!
Imagine our influence if every gun owner in America was an NRA member! Click the box>>>
 
Posts: 39576 | Location: SC Lowcountry/Cape Cod | Registered: November 22, 2002Reply With QuoteReport This Post
Ignored facts
still exist
posted Hide Post
quote:
Originally posted by jed7s9b:
In a country of 360 million we have billions of social security numbers?


I wondered the same thing. even if you count the dead, it's not Billions.

Heck, since it's a 9 digit number then only 1 Billion are possible. Actually less than that since they likely won't issue 000-00-0000 as a SSN.


.
 
Posts: 11258 | Location: 45 miles from the Pacific Ocean | Registered: February 28, 2003Reply With QuoteReport This Post
Member
posted Hide Post
If you think your number is not well know by the bad guys you would probably be wrong. The trick is bad guys tying your SSN to your birthdate, current address, and phone number. That's a bit harder to do and unknown if the breach tied the SSN to other person id information (hackers claimed they did). Safe thing to do is put a lock on your credit report. The wife and I have had one for years. A pain in the ass when a loan is applied for.
 
Posts: 7806 | Registered: October 31, 2008Reply With QuoteReport This Post
Member
Picture of konata88
posted Hide Post
This kind of stuff needs to have severe criminal penalties, not just civil. It's just fucking ridiculous - every year, multiple large scale breaches. Yes, the info is out there but doesn't make these breaches any less palatable.

I've tried locking my credit. 2 out of 3 worked. The third agency is a pain in the ass. I can't get it to lock. And they keep sending me junk email. "Your credit score went up/down this month" "Your debt went up/down this month" I can't seem to unsubscribe from them either.




"Wrong does not cease to be wrong because the majority share in it." L.Tolstoy
"A government is just a body of people, usually, notably, ungoverned." Shepherd Book
 
Posts: 13348 | Location: In the gilded cage | Registered: December 09, 2007Reply With QuoteReport This Post
Member
Picture of jcsabolt2
posted Hide Post
Sorry to say, ALL of our data is already out in the wild. Simply way too many companies making $$$ millions and billions off of it. Your Govt doesn't care or Congress would already have done something about it.


----------
“Nobody can ever take your integrity away from you. Only you can give up your integrity.” H. Norman Schwarzkopf
 
Posts: 3667 | Registered: July 06, 2006Reply With QuoteReport This Post
Political Cynic
Picture of nhtagmember
posted Hide Post
It was billions of records and not SSN’s

Still a big loss
 
Posts: 54150 | Location: Tucson Arizona | Registered: January 16, 2002Reply With QuoteReport This Post
His diet consists of black
coffee, and sarcasm.
Picture of egregore
posted Hide Post
Billions with a B? There aren't that many people in the US. Hundreds of thousands I could believe.

I check my credit accounts and reports for unauthorized activity regularly. No problems to report.
 
Posts: 29173 | Location: Johnson City, TN | Registered: April 28, 2012Reply With QuoteReport This Post
Drill Here, Drill Now
Picture of tatortodd
posted Hide Post
quote:
Originally posted by konata88:
This kind of stuff needs to have severe criminal penalties, not just civil.
IMO, even more effective would be getting a pound of flesh from the hacker. I bet a lot of the hacking would stop if .mil and .gov cyberwarfare groups targeted hacker scum as training opportunities. Use taxpayer money to set-up win win situations for both US citizens and the cyberwarfare trainees. Put something nastier than stuxnet on the hacker's servers to ruin the servers, use hacker's email and social media accounts to send death threats to Putin, turn off hacker's family member's gov't benefits, donate hacker's bank accounts to charity, etc.



Ego is the anesthesia that deadens the pain of stupidity

DISCLAIMER: These are the author's own personal views and do not represent the views of the author's employer.
 
Posts: 24094 | Location: Northern Suburbs of Houston | Registered: November 14, 2005Reply With QuoteReport This Post
Member
Picture of Ozarkwoods
posted Hide Post
They now know what toilet paper I prefer. I’m going back to the phone book. Can’t use the Sears ads anymore! Big Grin


ΜΟΛΩΝ ΛΑΒΕ
 
Posts: 4915 | Location: SWMO | Registered: October 20, 2009Reply With QuoteReport This Post
A Grateful American
Picture of sigmonkey
posted Hide Post
quote:
Originally posted by egregore:
Billions with a B? There aren't that many people in the US. ...



Yeah, I'm not sure how that even works.

220 million born since 1935 when SSAN began, and only about 550 million Americans ever since the founding.

What the hekkin' kind of COVID accounting is going on?




"the meaning of life, is to give life meaning" Ani Yehudi אני יהודי Le'olam lo shuv לעולם לא שוב!
 
Posts: 44827 | Location: Box 1663 Santa Fe, New Mexico | Registered: December 20, 2008Reply With QuoteReport This Post
Member
posted Hide Post
I froze my credit files on all 3 agencies years ago after an insurance company hack. Best move I ever made. Since I don't apply for credit anywhere it's no hassle for me but, even if you plan on credit applications in the future, you get a PIN to unfreeze them. You just have to ask which agency the potential creditor uses. It's nice not having to pay attention to all the hacks that seem to occur regularly lately.


____________
Pace
 
Posts: 904 | Location: in the PA woods | Registered: March 11, 2013Reply With QuoteReport This Post
Member
Picture of Perception
posted Hide Post
I think the confusion comes from poor writing. It's billions of records that were stolen, not billions of unique socials. They buy and sell massive amounts of data all the time, they could conceivably have hundreds of records for every person in the country.




"The people hate the lizards and the lizards rule the people."
"Odd," said Arthur, "I thought you said it was a democracy."
"I did," said Ford, "it is."
"So," said Arthur, hoping he wasn't sounding ridiculously obtuse, "why don't the people get rid of the lizards?"
"It honestly doesn't occur to them. They've all got the vote, so they all pretty much assume that the government they've voted in more or less approximates the government they want."
"You mean they actually vote for the lizards."
"Oh yes," said Ford with a shrug, "of course."
"But," said Arthur, going for the big one again, "why?"
"Because if they didn't vote for a lizard, then the wrong lizard might get in."
 
Posts: 3621 | Location: Two blocks from the Center of the Universe | Registered: December 30, 2004Reply With QuoteReport This Post
A Grateful American
Picture of sigmonkey
posted Hide Post
Yeah, I pretty much figured it was billions of records, and that the data is various sets.

But the "fear porn" is strong Kool-Aide.

I do the best I can to cover my concerns and just close my eyes and go to sleep each night without worrying.

But would be nice if "reporters", were intelligent, educated and were to "think before they ink".




"the meaning of life, is to give life meaning" Ani Yehudi אני יהודי Le'olam lo shuv לעולם לא שוב!
 
Posts: 44827 | Location: Box 1663 Santa Fe, New Mexico | Registered: December 20, 2008Reply With QuoteReport This Post
Political Cynic
Picture of nhtagmember
posted Hide Post
^^^

Surely you jest
 
Posts: 54150 | Location: Tucson Arizona | Registered: January 16, 2002Reply With QuoteReport This Post
  Powered by Social Strata Page 1 2  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Billions of SSNs hacked, apparently in April and we are just now learning about it

© SIGforum 2024