Sign Up | Log In
REAL WORLD EVENT DISCUSSIONS
Hackers May Have Stolen Every American's Social Security Number From Background Check Firm
Friday, August 16, 2024 1:27 PM
SIGNYM
I believe in solving problems, not sharing them.
Quote: Billions of records that purportedly contain personal data of every American, Canadian and Briton has reportedly found its way to a shadowy online identify-theft marketplace -- where it's been served up at no charge to legions of criminals. In April, a notorious hacker group called "USDoD" claimed it had obtained 2.9 billion personal data records that it stole from National Public Data, an obscure background check firm that is a DBA brand of a Jerico Pictures Inc in Coral Springs, Florida. Claiming the data covered every person in the United States, Canada and the United Kingdom, the hackers put the trove up for sale at $3.5 million. In the following months, other groups published distinct subsets of the data haul, Bleeping Computer reports. However, on August 6, someone claiming to have obtained breached National Public Data information via another person or entity called "SXUL," served up 2.7 billion records in two files totaling 277GB -- for free. A screenshot captures a post to a hacking forum offering free access to the National Public Data personal-information trove (via Bleeping Computer) Each person contained in the database will have a separate record associated with each of their known residential addresses. "This data [set] may be outdated, as it does not contain the current address for any of the people we checked, potentially indicating that the data was taken from an old backup," reports Bleeping Computer. Nonetheless, "If you live in the US, this data breach has likely leaked some of your personal information." Cybersecurity firm Pentester has created an online tool you can use to check if your personal information is included in the National Public Data breach. To use it, you need only enter your name, state and birth year. This Tyler Durden found his date of birth, mailing address, phone number and Social Security number are readily available to bad actors digging into the trove. A class action lawsuit has been filed against Jerico Pictures in US District Court in Fort Lauderdale. According to the 50-page complaint, National Public Data "scrapes the [personally identifiable information] of potentially billions of individuals from non-public sources" without their consent or knowledge, and failed its "legal and equitable duties...to protect and safeguard that information from unauthorized access." According to a page on National Public Data's website that addresses the vast data theft, "the information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es)." “For somebody who’s really suave at it, the possibilities are really endless," Public Information Research Group consumer watchdog director Teresa Murray told the Los Angeles Times. She warns that identify thieves could combine the National Public Data information with data from previous hacks to "cause all kinds of chaos, commit all kinds of crimes, steal all kinds of money. Here are a few ways to reduce your risk of being victimized: Freeze your credit files. To make it harder for criminals to open new accounts in your name, you can direct three major credit rating agencies -- Equifax, Experian and TransUnion -- to lock down your credit reports. Keep in mind, that will freeze your files for you too, so you'll need to unfreeze them when you're seeking credit or doing something else necessitating a credit check. Activate two-factor authentication for existing accounts. These protocols require an extra login step beyond just an email and password -- such as a code that's texted to you, or a code you obtain from an authenticator app linked to the account. This is important because criminals can use your leaked data to reset your login credentials. Strengthen your password game. Use many-charactered passwords, and avoid using the same one for multiple accounts -- especially the high-stakes ones. Consider a password-manager app to make that arrangement easier on you. While news of the breach is grim, it's a least spawned some fine humor, particularly from those who don't feel they have much to lose:
Quote: Was your data leaked in massive breach?: How to know, and what to do now NEXSTAR) — Billions in personal information records may have been exposed in an April data breach, a recent lawsuit has alleged, prompting warnings from identity experts. A class action lawsuit filed in Florida claims a hacking group was able to access the database of National Public Data (NPD), a background check company that provides access to data “from various public record databases, court records, state and national databases and other repositories nationwide.” The group made the database, which was said to contain “2,900,000,000 records on United States citizens,” public on the dark web. A purported member reduced that number last week, telling a hacking forum there were almost 2.7 billion records in the data, BleepingComputer reports. They also claimed the data was for residents in the U.S., the U.K., and Canada (which have a combined population of less than 440 million). Your Social Security number is probably on the dark web. Should you be worried? NPD has not responded to multiple media requests for information regarding the breach. The company has, however, responded to some who reached out to them via email that it is “aware of certain third-party claims about consumer data and are investigating these issues,” the Los Angeles Times reported Tuesday. NPD also explained it had “purged the entire database” and deleted “non-public personal information.”
Quote: Unfortunately, if your data was part of the alleged brief, that isn’t very helpful now. There are, however, steps you can take to help protect yourself. Was your information leaked in the breach? Cybersecurity technology platform Pentester was able to review the data once it became public and create a tool that allows people to search for their information. While the information in the leaked database was not redacted, Pentester has masked personal birth years and Social Security numbers. If the name, state, and birth year you input match information found in the NPD breach, you’ll see a list of “exposed information.” That includes a name, date of birth, address, phone number, and Social Security number. You’ll also be encouraged to freeze your credit (more on that in a moment).
Quote: Simple measures, like freezing your credit, can reduce your exposure for these types of crimes of opportunity. That can prevent bad actors from using your Social Security number to take out loans or open new credit cards. Freezing your credit prevents any new credit, like loans or new credit cards, from being approved, whether it’s legitimate or not. You are able to freeze (and ‘thaw,’ or lift the freeze) your credit report for free with the three major credit reporting agencies: Equifax, Experian, and TransUnion. If you think someone is using your Social Security number and creating credit problems for you, you should report it at IdentityTheft.gov, the Social Security Administration says. You’ll go through the steps of putting a fraud alert on your credit reports, alerting the FTC, and possibly filing a police report. From there, you may need to go through several steps of damage control to clear your name.
Friday, August 16, 2024 3:33 PM
6IXSTRINGJACK
Thursday, September 5, 2024 5:24 PM
JAYNEZTOWN
Thursday, September 5, 2024 7:16 PM
Thursday, September 5, 2024 9:15 PM
Quote:Originally posted by SIGNYM: The problem, SIX ... and everyone else ... is that that they'll access your CURRENT accounts. Those you can protect with dual factor ID or whatever.. The problem is that with all of your relevant info, somebody can apply for a credit card, loan, or even mortgage using your current credit rating.
Thursday, September 5, 2024 10:03 PM
Quote:Originally posted by SIGNYM: The problem, SIX ... and everyone else ... is that that they'll access your CURRENT accounts. Those you can protect with dual factor ID or whatever.. The problem is that with all of your relevant info, somebody can apply for a credit card, loan, or even mortgage using your current credit rating. SIX: Where do you think they got all that info from? It's already out there. You put it out there. All 3rd party data brokerage firms do is scour the internet for information that we've put out there and they package it all up without knowing if it's good info or bad info.
Quote: How are they going to access your current accounts with this information whether or not you already use two-factor authentication? They didn't hack your bank and get your login information. They didn't hack into your email to get the ability to reset passwords on accounts that you bank at and do credit on.
Quote:Do you use the same password on every site that you use on your banks? If so, you probably should have changed those a long time ago. Somebody hacked linkedin many years ago and they got my password there. All I could do was laugh when I saw it. Somebody sent me an email showing me they had my linkedin account password and they regretted to inform me that they used that password to get into all of my accounts and were demanding a ransom. There was no doubt they actually had my old linkedin password since that was the password, but they didn't get into anything else. Given that they emailed me, I'm sure they tried that password on other things like my email account, but it didn't work anywhere else.
Quote:As for applying for credit... I don't really believe that's happening. I've been hearing that horror story for 20 years yet I've never met anyone who ever had somebody else taking out a ton of credit in their name.
Quote: These leaks happen all the time to one degree or another. If that were really possible, this story is old enough where we'd have already heard of 10,000 people and counting who have had their credit ruined.
Quote: I'm honestly more curious how people have been able to use my already established credit cards from time to time over the years. I've caught them 4 times. It's been anywhere from a $4 charge from some random store at an airport, to somebody charging up over $3k with over $2.5 of that going to Macy's and Nordstrom's alone. Idiot paid his cable bill with it too though, so I hope they got what they deserved.
Friday, September 6, 2024 1:50 AM
Quote:Originally posted by SIGNYM: Quote:Originally posted by SIGNYM: The problem, SIX ... and everyone else ... is that that they'll access your CURRENT accounts. Those you can protect with dual factor ID or whatever.. The problem is that with all of your relevant info, somebody can apply for a credit card, loan, or even mortgage using your current credit rating. SECOND: Where do you think they got all that info from? It's already out there. You put it out there. All 3rd party data brokerage firms do is scour the internet for information that we've put out there and they package it all up without knowing if it's good info or bad info. No. Social Security numbers are NOT public information. They aren't out on the Internet waiting to be hoovered up. At least, they're not supposed to be. And even when they exist on databases here and there, the databases are too small to be bothered with. The problem comes in when data handling is contracted out to larger firms. Those firms get that information from everywhere... loan applications, rental applications, credit card applications, job applications.... What a nice fat juicy target!
Quote:Originally posted by SIGNYM: The problem, SIX ... and everyone else ... is that that they'll access your CURRENT accounts. Those you can protect with dual factor ID or whatever.. The problem is that with all of your relevant info, somebody can apply for a credit card, loan, or even mortgage using your current credit rating. SECOND: Where do you think they got all that info from? It's already out there. You put it out there. All 3rd party data brokerage firms do is scour the internet for information that we've put out there and they package it all up without knowing if it's good info or bad info.
Quote:Quote: How are they going to access your current accounts with this information whether or not you already use two-factor authentication? They didn't hack your bank and get your login information. They didn't hack into your email to get the ability to reset passwords on accounts that you bank at and do credit on. Theoretically they can't, but I know someone who might have been hacked thru public WiFi.
Quote:Quote:Do you use the same password on every site that you use on your banks? If so, you probably should have changed those a long time ago. Somebody hacked linkedin many years ago and they got my password there. All I could do was laugh when I saw it. Somebody sent me an email showing me they had my linkedin account password and they regretted to inform me that they used that password to get into all of my accounts and were demanding a ransom. There was no doubt they actually had my old linkedin password since that was the password, but they didn't get into anything else. Given that they emailed me, I'm sure they tried that password on other things like my email account, but it didn't work anywhere else. True. If you manage your passwords should not be a problem. Oh BTW I got a funny email about how "they" knew my browsing habits and how I was gonna be in BIG TROUBLE unless I sent them $$. I just laughed and deleted the email.
Quote:As for applying for credit... I don't really believe that's happening. I've been hearing that horror story for 20 years yet I've never met anyone who ever had somebody else taking out a ton of credit in their name. [/quote} Well, I've known two at work, and it was a nightmare. One nobody knows how it happened, the other was just good old fashioned mail theft. Maybe most of the people you know don't have good credit scores?
Quote:Quote: I'm honestly more curious how people have been able to use my already established credit cards from time to time over the years. I've caught them 4 times. It's been anywhere from a $4 charge from some random store at an airport, to somebody charging up over $3k with over $2.5 of that going to Macy's and Nordstrom's alone. Idiot paid his cable bill with it too though, so I hope they got what they deserved. Someone probably copied your credit card info including the security code and sold it online. I found a charge for baby items purchased in London ... LONDON!... paid for in pounds, with the foreign exchange all neatly calculated! How the hell did the credit card company let THAT one thru???
Quote:Our local gas station apparently had a credit card skimmer cause I used my card there once and had a few bogus charges racked up.
Quote:Even weirder, I had a couple of hardcopy check literally stolen out of a Post Office mailbox with the payee and amount altered. Fortunately the teller noticed when the idiot tried to cash it. Under his name. heh heh heh
YOUR OPTIONS
NEW POSTS TODAY
OTHER TOPICS
FFF.NET SOCIAL