About four months after a well-known hacking group said they had stolen a monumental amount of sensitive personal information from a major data broker, a member of the group posted a large part of it for free on an online marketplace for stolen personal data.
The leak, which contains Social Security numbers and other sensitive data, could lead to a spate of identity theft, fraud and other crimes, said Teresa Murray, director of consumer watchdog at the U.S. Public Information Research Group.
“If this is pretty much the entire dossier on all of us, it’s certainly much more concerning,” Murray said in an interview. “And if people didn’t take precautions in the past, which they should have done, this should be a wake-up call for them.”
Historical Leak: Sensitive Data of Americans Exposed
According to a class-action lawsuit filed in the U.S. District Court in Fort Lauderdale, Florida, the hacker group USDoD claimed in April to have broken into the personal records of 2.9 billion people of National Public Data, which provides personal information to employers, private investigators, employment agencies and others who perform background checks.
The group offered at a forum for hackers to sell the data, which included records from the United States, Canada and the United Kingdom, for $3.5 million, a cybersecurity expert said in a post on X.
The lawsuit was reported by Bloomberg Law.The previous week, an alleged member of the US Department of Defense identified only as Felice told the hacker forum that they were offering “the complete NPD database,” according to a screenshot taken by BleepingComputer. ”The information contains about 2.7 billion records, each of which includes a person’s full name, address, date of birth, Social Security number and phone number, along with alternative names and dates of birth,” Felice said.
Cybercriminals Leak SSNs And More: Protect Your Finances and Personal Data
National Public Data did not respond to a request for comment or formally notify people about the alleged breach. However, it has been telling people who contacted the company via email that “we are aware of certain third-party claims about consumer data and are investigating these issues.”
In that email, the company also expressed that it had “purged the entire database, in its entirety, of each and every entry, which basically excluded everyone.” As a result, he said, he has removed any “non-public personal information” about people, although he added: “We may be required to keep certain records to comply with legal obligations.”
Some media outlets that specialize in cybersecurity have examined parts of the data that Felice offered and have reported that it appears to be real information from real people. If the leaked material is what is claimed, one of the biggest risks posed may be identity theft.
The leak aims to give you much of the information that banks, insurance companies and service providers look for when making accounts and granting a request to change the password of an already existing account.
But it seems that some key pieces were missing from the hackers’ loot. One of the most important of them are email addresses, which most people use to log in to services. Another is the photographs of driver’s licenses or passports, which some government agencies use to verify identities.
Massive Social Security Numbers Breach: What You Should Do Right Now!
If you believe that your Social Security number or other important identifying information of yours has been hacked, experts recommend that you freeze your credit files at the three major credit bureaus, Experian, Equifax and TransUnion. This is done for free and will prevent criminals from requesting loans, credit cards and opening financial accounts in your name.
The trick is that you will need to remember to remove the freeze temporarily if you are in the process of applying for something that requires a credit check.
