As of this week, several class action lawsuits have been piling up in court against the Social Security Administration (SSA) after a massive data breach of more than 2.9 billion pieces of information from Social Security and its beneficiaries was discovered.
The leak includes Social Security Numbers, names of beneficiaries, residence addresses, and contact information, and occurred in the month of April 2024.
On August 1, a lawsuit was filed in the Southern District Court of Florida on behalf of California resident Christopher Hofmann and more than 100 other people. The lawsuit alleges that a group of cybercriminals, known as USDoD, stole and disclosed a database on a dark web forum.
According to the lawsuit, this database with 2.9 billion data records was put up for sale for $3.5 million.
National Public Data Admits Hackers Stole Data
Jerico Pictures Inc., the Coral Springs, Florida-based entity doing business as National Public Data, released a statement last week acknowledging that “the information suspected to have been breached contained name, email address, telephone number, social security number and postal address(es).”
The company attributed the “data security incident” to a “hacking” event committed by a “strange bad actor,” and clarified that there was a hacking attempt in December 2023, as well as “possible leaks of certain data in April 2024 and summer 2024.”
What to Do in Case of Identity Theft
The Social Security Administration (SSA) has a series of guidelines that a beneficiary must follow in the event that their personal data has been breached, and their identity has been stolen to commit fraud:
- As a first urgent step, contact the Federal Trade Commission at www.idtheft.gov or call 1-877-IDTHEFT (1-877-438-4338); TTY 1-866-653-4261.
- File a report with the local police department where the identity theft occurred and keep a copy of the report as evidence of the crime.
- Contact the fraud unit of a consumer reporting company. The company you call must communicate with others.
- Monitor your credit report to identify changes you don’t recognize.
If a person calls you by phone or contacts you by SMS, email, or social networks, suggesting that there is “a problem” with your Social Security number or account, trying to get private information from you, hang up the phone immediately o delete the communication, and do not believe no extortion or threats.
People should then go online to oig.ssa.gov to report the scam to the government agency.
Jerico Pictures Inc. and National Public Data claims to have taken additional security measures to prevent future security breaches, in order to protect its systems and data. NPD also asked that online users “closely monitor their financial accounts and if they see any unauthorized activity, they should immediately contact their financial institution.”
Companies like Equifax, Experian, and TransUnion, among others, can provide free credit reports, and you can ask to have a fraud alert placed on your file.