Social security numbers, names, addresses, email addresses and phone numbers were included in the 2.9 billion records of a data breach. The tool from security company Pentester.com tells you whether your data has been affected.
Personal data of millions of Americans hacked in data theft
Millions of social security numbers were hacked after a massive data theft. Here’s how you can protect yourself.
National Public Data, which aggregates data for background checks, has confirmed that it was the victim of a massive data theft involving Social Security numbers and other personal information of millions of Americans.
The Coral Springs, Florida-based company posted a notice on its website that “there appears to have been a data security incident that may have affected some of your personal information. The incident is believed to have involved a malicious third party attempting to hack into data in late December 2023. Potential data breaches may occur in April 2024 and summer 2024.”
News of the data theft first emerged as part of a class action lawsuit filed in U.S. District Court in Fort Lauderdale, Florida, which Bloomberg Law first reported on. 2.9 billion records were stolen from the National Public Data (NPD), including names, addresses, Social Security numbers and relatives dating back at least three decades, according to the law firm Schubert, Jonckheer & Kolbe, which filed the lawsuit.
According to NPD, the stolen data included names, email addresses, phone numbers and mailing addresses, as well as social security numbers. The company said it was cooperating with investigators and had “taken additional security measures to prevent such data theft from occurring again and to protect our systems.”
Violation of national public data protection regulations: Why you should be concerned about massive data theft and what to do.
Identity protection: How and why you should freeze your credit
How to determine if your Social Security number or data has been compromised
Cybersecurity firm Pentester said it obtained the data and developed a tool to help you determine if your information is included in the data breach. It displays names, addresses, address histories and social security numbers. You can find it at npd.pentester.com.
Because financial institutions use social security numbers in loan and credit card applications and investments, access to this information by threat actors poses a serious risk, said Richard Glaser, co-founder of Pentester.com, in a note on the company’s website.
He also suggested freezing credit reports. “Names, addresses and phone numbers can change, but your Social Security number cannot,” Glaser said.
Data leak: How to protect your creditworthiness
NPD also advised consumers to “closely monitor their bank accounts and contact their financial institution immediately if they notice any unauthorized activity.” Consumers may want to obtain a credit report and have a fraud alert set up on their credit file, the company said.
Consumers should do more and freeze their credit reports, Odysseas Papadimitriou, CEO of personal finance site WalletHub, told USA TODAY. “Placing a fraud alert is not as effective as freezing your report,” he said.
“A fraud alert is more of a warning to lenders that they can easily ignore. In practice, it doesn’t do much good,” Papadimitriou said. “A freeze, on the other hand, stops fraud by preventing identity thieves from opening accounts in your name.”
He and other security experts advise consumers to take this step because their personal information is likely to end up in the hands of hackers.
The class action lawsuit alleges that the cybercriminal group USDoD accessed the NPD’s network and stole unencrypted personal information. The group then published a database on the dark web on April 8, 2024, purporting to contain information on 2.9 billion people and attempted to sell it for $3.5 million.
Follow Mike Snider on X and Threads: @mikesnider and Subscribe.
What is everyone talking about? Subscribe to our trend newsletter to receive the latest news of the day
:max_bytes(150000):strip_icc():focal(999x0:1001x2)/sean-diddy-combs-christian-combs-040524-1-3cfe0987eb054382a9ead378b5aaaa0f.jpg "Sean “Diddy” Combs’ son is seen in the courtroom reading the indictment against his father")
