REAL WORLD EVENT DISCUSSIONS

Hackers May Have Stolen Every American's Social Security Number From Background Check Firm

POSTED BY: SIGNYM
UPDATED: Friday, September 6, 2024 01:50
SHORT URL:
VIEWED: 246
PAGE 1 of 1

Friday, August 16, 2024 1:27 PM

SIGNYM

I believe in solving problems, not sharing them.


Quote:

Billions of records that purportedly contain personal data of every American, Canadian and Briton has reportedly found its way to a shadowy online identify-theft marketplace -- where it's been served up at no charge to legions of criminals.

In April, a notorious hacker group called "USDoD" claimed it had obtained 2.9 billion personal data records that it stole from National Public Data, an obscure background check firm that is a DBA brand of a Jerico Pictures Inc in Coral Springs, Florida. Claiming the data covered every person in the United States, Canada and the United Kingdom, the hackers put the trove up for sale at $3.5 million.

In the following months, other groups published distinct subsets of the data haul, Bleeping Computer reports. However, on August 6, someone claiming to have obtained breached National Public Data information via another person or entity called "SXUL," served up 2.7 billion records in two files totaling 277GB -- for free.
A screenshot captures a post to a hacking forum offering free access to the National Public Data personal-information trove (via Bleeping Computer)

Each person contained in the database will have a separate record associated with each of their known residential addresses. "This data [set] may be outdated, as it does not contain the current address for any of the people we checked, potentially indicating that the data was taken from an old backup," reports Bleeping Computer. Nonetheless, "If you live in the US, this data breach has likely leaked some of your personal information."

Cybersecurity firm Pentester has created an online tool you can use to check if your personal information is included in the National Public Data breach. To use it, you need only enter your name, state and birth year. This Tyler Durden found his date of birth, mailing address, phone number and Social Security number are readily available to bad actors digging into the trove.

A class action lawsuit has been filed against Jerico Pictures in US District Court in Fort Lauderdale. According to the 50-page complaint, National Public Data "scrapes the [personally identifiable information] of potentially billions of individuals from non-public sources" without their consent or knowledge, and failed its "legal and equitable duties...to protect and safeguard that information from unauthorized access."

According to a page on National Public Data's website that addresses the vast data theft, "the information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es)."

“For somebody who’s really suave at it, the possibilities are really endless," Public Information Research Group consumer watchdog director Teresa Murray told the Los Angeles Times. She warns that identify thieves could combine the National Public Data information with data from previous hacks to "cause all kinds of chaos, commit all kinds of crimes, steal all kinds of money.

Here are a few ways to reduce your risk of being victimized:

Freeze your credit files. To make it harder for criminals to open new accounts in your name, you can direct three major credit rating agencies -- Equifax, Experian and TransUnion -- to lock down your credit reports. Keep in mind, that will freeze your files for you too, so you'll need to unfreeze them when you're seeking credit or doing something else necessitating a credit check.
Activate two-factor authentication for existing accounts. These protocols require an extra login step beyond just an email and password -- such as a code that's texted to you, or a code you obtain from an authenticator app linked to the account. This is important because criminals can use your leaked data to reset your login credentials.
Strengthen your password game. Use many-charactered passwords, and avoid using the same one for multiple accounts -- especially the high-stakes ones. Consider a password-manager app to make that arrangement easier on you.

While news of the breach is grim, it's a least spawned some fine humor, particularly from those who don't feel they have much to lose:


https://www.zerohedge.com/personal-finance/hackers-may-have-stolen-eve
ry-americans-social-security-number-background-check


******

Quote:

Was your data leaked in massive breach?: How to know, and what to do now

NEXSTAR) — Billions in personal information records may have been exposed in an April data breach, a recent lawsuit has alleged, prompting warnings from identity experts.

A class action lawsuit filed in Florida claims a hacking group was able to access the database of National Public Data (NPD), a background check company that provides access to data “from various public record databases, court records, state and national databases and other repositories nationwide.”

The group made the database, which was said to contain “2,900,000,000 records on United States citizens,” public on the dark web. A purported member reduced that number last week, telling a hacking forum there were almost 2.7 billion records in the data, BleepingComputer reports. They also claimed the data was for residents in the U.S., the U.K., and Canada (which have a combined population of less than 440 million).
Your Social Security number is probably on the dark web. Should you be worried?

NPD has not responded to multiple media requests for information regarding the breach. The company has, however, responded to some who reached out to them via email that it is “aware of certain third-party claims about consumer data and are investigating these issues,” the Los Angeles Times reported Tuesday. NPD also explained it had “purged the entire database” and deleted “non-public personal information.”



A little late, dontcha think?? Why didn't they do that BEFORE????

Quote:

Unfortunately, if your data was part of the alleged brief, that isn’t very helpful now. There are, however, steps you can take to help protect yourself.
Was your information leaked in the breach?

Cybersecurity technology platform Pentester was able to review the data once it became public and create a tool that allows people to search for their information. While the information in the leaked database was not redacted, Pentester has masked personal birth years and Social Security numbers.

If the name, state, and birth year you input match information found in the NPD breach, you’ll see a list of “exposed information.” That includes a name, date of birth, address, phone number, and Social Security number. You’ll also be encouraged to freeze your credit (more on that in a moment).

Pentester's offer is legit. I tried it.

Quote:

Simple measures, like freezing your credit, can reduce your exposure for these types of crimes of opportunity. That can prevent bad actors from using your Social Security number to take out loans or open new credit cards.

Freezing your credit prevents any new credit, like loans or new credit cards, from being approved, whether it’s legitimate or not. You are able to freeze (and ‘thaw,’ or lift the freeze) your credit report for free with the three major credit reporting agencies: Equifax, Experian, and TransUnion.

If you think someone is using your Social Security number and creating credit problems for you, you should report it at IdentityTheft.gov, the Social Security Administration says. You’ll go through the steps of putting a fraud alert on your credit reports, alerting the FTC, and possibly filing a police report. From there, you may need to go through several steps of damage control to clear your name.


MORE AT https://thehill.com/homenews/nexstar_media_wire/4829866-was-your-data-
leaked-in-massive-breach-how-to-know-and-what-to-do-now
/

NOTIFY: Y   |  REPLY  |  REPLY WITH QUOTE  |  TOP  |  HOME  

Friday, August 16, 2024 3:33 PM

6IXSTRINGJACK


Meh...

Just more Scare Theater, IMO.

Your social security number is already everywhere. The fact we use the last 4 digits of it for any sort of identification over the phone or online is just Security Theater in the reverse.

I worked at RGIS Inventory when I was 18/19 years old. Since we didn't have a home base and we got paid once we started work at the individual stores, there obviously couldn't be any time clock to punch in on. We were required to sign in by putting down our full name and our full social security number. For all I know, my name and SS# are sitting in a box in a corporate warehouse several hundred times over. (I bet they haven't done that for 20 years now).


Besides... All of this data wasn't given to this data brokerage firm by the government or by individual citizens. They were able to collate the data because we put it out there ourselves. And that might be the best news of all because people are stupid and people put a lot of wrong information in places. Half of that data is probably worthless, making 100% of the data questionable in value.

This is really just a story of one criminal hacking another criminal.


Change your passwords on your bank accounts and credit cards if you feel worried about it. Use two factor authentication on important stuff if you weren't already using it.

--------------------------------------------------

Trump will be fine.
He will also be your next President.

NOTIFY: Y   |  REPLY  |  REPLY WITH QUOTE  |  TOP  |  HOME  

Thursday, September 5, 2024 5:24 PM

JAYNEZTOWN


Massive Indian Army Network Using AI and Fake Accounts Operating Without Detection for Three Years

https://www.newsguardtech.com/special-reports/india-ai-fake-accounts-n
etwork

NOTIFY: N   |  REPLY  |  REPLY WITH QUOTE  |  TOP  |  HOME  

Thursday, September 5, 2024 7:16 PM

SIGNYM

I believe in solving problems, not sharing them.


The problem, SIX ... and everyone else ... is that that they'll access your CURRENT accounts. Those you can protect with dual factor ID or whatever..

The problem is that with all of your relevant info, somebody can apply for a credit card, loan, or even mortgage using your current credit rating.

-----------
"It may be dangerous to be America's enemy, but to be America's friend is fatal." - Henry Kissinger

Why SECOND'S posts are brainless: "I clocked how much time: no more than 10 minutes per day. With cut-and-paste (Ctrl C and Ctrl V) and AI, none of this takes much time."
Or, any verification or thought.

NOTIFY: Y   |  REPLY  |  REPLY WITH QUOTE  |  TOP  |  HOME  

Thursday, September 5, 2024 9:15 PM

6IXSTRINGJACK


Quote:

Originally posted by SIGNYM:
The problem, SIX ... and everyone else ... is that that they'll access your CURRENT accounts. Those you can protect with dual factor ID or whatever..

The problem is that with all of your relevant info, somebody can apply for a credit card, loan, or even mortgage using your current credit rating.



Where do you think they got all that info from?

It's already out there. You put it out there.

All 3rd party data brokerage firms do is scour the internet for information that we've put out there and they package it all up without knowing if it's good info or bad info.


How are they going to access your current accounts with this information whether or not you already use two-factor authentication? They didn't hack your bank and get your login information. They didn't hack into your email to get the ability to reset passwords on accounts that you bank at and do credit on.

Do you use the same password on every site that you use on your banks? If so, you probably should have changed those a long time ago. Somebody hacked linkedin many years ago and they got my password there. All I could do was laugh when I saw it. Somebody sent me an email showing me they had my linkedin account password and they regretted to inform me that they used that password to get into all of my accounts and were demanding a ransom. There was no doubt they actually had my old linkedin password since that was the password, but they didn't get into anything else. Given that they emailed me, I'm sure they tried that password on other things like my email account, but it didn't work anywhere else.




As for applying for credit... I don't really believe that's happening. I've been hearing that horror story for 20 years yet I've never met anyone who ever had somebody else taking out a ton of credit in their name. These leaks happen all the time to one degree or another.

If that were really possible, this story is old enough where we'd have already heard of 10,000 people and counting who have had their credit ruined.


I'm honestly more curious how people have been able to use my already established credit cards from time to time over the years. I've caught them 4 times. It's been anywhere from a $4 charge from some random store at an airport, to somebody charging up over $3k with over $2.5 of that going to Macy's and Nordstrom's alone. Idiot paid his cable bill with it too though, so I hope they got what they deserved.

--------------------------------------------------

Trump will be fine.
He will also be your next President.

NOTIFY: Y   |  REPLY  |  REPLY WITH QUOTE  |  TOP  |  HOME  

Thursday, September 5, 2024 10:03 PM

SIGNYM

I believe in solving problems, not sharing them.



Quote:

Originally posted by SIGNYM:
The problem, SIX ... and everyone else ... is that that they'll access your CURRENT accounts. Those you can protect with dual factor ID or whatever..

The problem is that with all of your relevant info, somebody can apply for a credit card, loan, or even mortgage using your current credit rating.

SIX: Where do you think they got all that info from?
It's already out there. You put it out there.
All 3rd party data brokerage firms do is scour the internet for information that we've put out there and they package it all up without knowing if it's good info or bad info.


No.

Social Security numbers are NOT public information. They aren't out on the Internet waiting to be hoovered up. At least, they're not supposed to be. And even when they exist on databases here and there, the databases are too small to be bothered with.

The problem comes in when data handling is contracted out to larger firms. Those firms get that information from everywhere... loan applications, rental applications, credit card applications, job applications....

What a nice fat juicy target!

Quote:

How are they going to access your current accounts with this information whether or not you already use two-factor authentication? They didn't hack your bank and get your login information. They didn't hack into your email to get the ability to reset passwords on accounts that you bank at and do credit on.

Theoretically they can't, but I know someone who might have been hacked thru public WiFi.

Quote:

Do you use the same password on every site that you use on your banks? If so, you probably should have changed those a long time ago. Somebody hacked linkedin many years ago and they got my password there. All I could do was laugh when I saw it. Somebody sent me an email showing me they had my linkedin account password and they regretted to inform me that they used that password to get into all of my accounts and were demanding a ransom. There was no doubt they actually had my old linkedin password since that was the password, but they didn't get into anything else. Given that they emailed me, I'm sure they tried that password on other things like my email account, but it didn't work anywhere else.

True. If you manage your passwords should not be a problem.
Oh BTW I got a funny email about how "they" knew my browsing habits and how I was gonna be in BIG TROUBLE unless I sent them $$. I just laughed and deleted the email.

Quote:

As for applying for credit... I don't really believe that's happening. I've been hearing that horror story for 20 years yet I've never met anyone who ever had somebody else taking out a ton of credit in their name.
Well, I've known two at work, and it was a nightmare. One nobody knows how it happened, the other was just good old fashioned mail theft.

Maybe most of the people you know don't have good credit scores?

Quote:

These leaks happen all the time to one degree or another.

If that were really possible, this story is old enough where we'd have already heard of 10,000 people and counting who have had their credit ruined.

You can't squeeze blood from the millions of turnips out there.

Quote:

I'm honestly more curious how people have been able to use my already established credit cards from time to time over the years. I've caught them 4 times. It's been anywhere from a $4 charge from some random store at an airport, to somebody charging up over $3k with over $2.5 of that going to Macy's and Nordstrom's alone. Idiot paid his cable bill with it too though, so I hope they got what they deserved.


Someone probably copied your credit card info including the security code and sold it online. I found a charge for baby items purchased in London ... LONDON!... paid for in pounds, with the foreign exchange all neatly calculated! How the hell did the credit card company let THAT one thru???

Our local gas station apparently had a credit card skimmer cause I used my card there once and had a few bogus charges racked up.

Even weirder, I had a couple of hardcopy check literally stolen out of a Post Office mailbox with the payee and amount altered. Fortunately the teller noticed when the idiot tried to cash it. Under his name. heh heh heh.

Anyway, what "they" recommend is putting a freeze on your credit checks with Experian, TransUnion and Equifax. Bc the FIRST thing that a mortgage lender, auto dealership, landlord, credit card agency etc etc does is CHECK YOUR CREDIT SCORE. If they're prevented from checking your score, not only can't they process your application, they'll probably figure you've been hacked and the person applying with your info is a scammer.

-----------
"It may be dangerous to be America's enemy, but to be America's friend is fatal." - Henry Kissinger

Why SECOND'S posts are brainless: "I clocked how much time: no more than 10 minutes per day. With cut-and-paste (Ctrl C and Ctrl V) and AI, none of this takes much time."
Or, any verification or thought.

NOTIFY: Y   |  REPLY  |  REPLY WITH QUOTE  |  TOP  |  HOME  

Friday, September 6, 2024 1:50 AM

6IXSTRINGJACK


Quote:

Originally posted by SIGNYM:

Quote:

Originally posted by SIGNYM:
The problem, SIX ... and everyone else ... is that that they'll access your CURRENT accounts. Those you can protect with dual factor ID or whatever..

The problem is that with all of your relevant info, somebody can apply for a credit card, loan, or even mortgage using your current credit rating.

SECOND: Where do you think they got all that info from?
It's already out there. You put it out there.
All 3rd party data brokerage firms do is scour the internet for information that we've put out there and they package it all up without knowing if it's good info or bad info.


No.

Social Security numbers are NOT public information. They aren't out on the Internet waiting to be hoovered up. At least, they're not supposed to be. And even when they exist on databases here and there, the databases are too small to be bothered with.

The problem comes in when data handling is contracted out to larger firms. Those firms get that information from everywhere... loan applications, rental applications, credit card applications, job applications....

What a nice fat juicy target!



Yeah. They're not public information. That doesn't mean it isn't far too easy for people to get it. There have been hacks of one level or another like this all the time. When they hit something like a bank or credit card provider or a hospital, it's probably a lot more valuable because that would be databases with current users along with their SS#'s. It's all out there. I'm sure my grandma's was all out there even though she never once used the internet in her life and she refused to.

Quote:

Quote:

How are they going to access your current accounts with this information whether or not you already use two-factor authentication? They didn't hack your bank and get your login information. They didn't hack into your email to get the ability to reset passwords on accounts that you bank at and do credit on.

Theoretically they can't, but I know someone who might have been hacked thru public WiFi.



Maybe. I refuse to use public wi-fi. Easy for me to do with no smartphone though.

Quote:

Quote:

Do you use the same password on every site that you use on your banks? If so, you probably should have changed those a long time ago. Somebody hacked linkedin many years ago and they got my password there. All I could do was laugh when I saw it. Somebody sent me an email showing me they had my linkedin account password and they regretted to inform me that they used that password to get into all of my accounts and were demanding a ransom. There was no doubt they actually had my old linkedin password since that was the password, but they didn't get into anything else. Given that they emailed me, I'm sure they tried that password on other things like my email account, but it didn't work anywhere else.

True. If you manage your passwords should not be a problem.
Oh BTW I got a funny email about how "they" knew my browsing habits and how I was gonna be in BIG TROUBLE unless I sent them $$. I just laughed and deleted the email.



Oh yeah. lol. Get stuff like this from time to time.

Quote:

As for applying for credit... I don't really believe that's happening. I've been hearing that horror story for 20 years yet I've never met anyone who ever had somebody else taking out a ton of credit in their name. [/quote} Well, I've known two at work, and it was a nightmare. One nobody knows how it happened, the other was just good old fashioned mail theft.

Maybe most of the people you know don't have good credit scores?



Well mine is 828 or 832 depending on which agency you ask. I'm envious of both my dad and step-mom who are both rocking an 850. I don't think I'll ever get that because I never had a mortgage and haven't had a car loan in going on 25 years. My friends all own houses and keep up with the bills, so I'd imagine that they're doing alright. I think my pool is probably higher than average.

Quote:

These leaks happen all the time to one degree or another.

If that were really possible, this story is old enough where we'd have already heard of 10,000 people and counting who have had their credit ruined.

You can't squeeze blood from the millions of turnips out there.


Oh they'd do it if they could. Even just doing it randomized or alphabetical down the list they're bound to run into a few that would be worth milking and make all the duds worth their time. Also keep in mind that most of the people doing stuff like this live outside of America in 3rd world shitholes where a USD still goes pretty far.

Quote:

Quote:

I'm honestly more curious how people have been able to use my already established credit cards from time to time over the years. I've caught them 4 times. It's been anywhere from a $4 charge from some random store at an airport, to somebody charging up over $3k with over $2.5 of that going to Macy's and Nordstrom's alone. Idiot paid his cable bill with it too though, so I hope they got what they deserved.


Someone probably copied your credit card info including the security code and sold it online. I found a charge for baby items purchased in London ... LONDON!... paid for in pounds, with the foreign exchange all neatly calculated! How the hell did the credit card company let THAT one thru???



Yeah. But how? I never pay for anything inside of stores with credit, and I'm extremely picky about where I ever use it online. I have a lot of cards that I regularly rotate. The ones with rewards get used most often though. But some of my cards go well over a year and close to two without being used. I've had scam charges show up on cards that haven't been used in over a year out of the blue. It's just weird, and I never get any explanation about it. They just do their little investigation and clear the charges and tell me that they can't speak about any investigations when I ask how it happens.

Quote:

Our local gas station apparently had a credit card skimmer cause I used my card there once and had a few bogus charges racked up.


Yup. Haven't paid for gas at the pump with credit for 6 years myself.

You do know not to use your Debit Card for anything like that, right? At least you have protection when you're using credit cards.

Quote:

Even weirder, I had a couple of hardcopy check literally stolen out of a Post Office mailbox with the payee and amount altered. Fortunately the teller noticed when the idiot tried to cash it. Under his name. heh heh heh


Wow. That's a crazy one for several reasons.


--------------------------------------------------

Trump will be fine.
He will also be your next President.

NOTIFY: Y   |  REPLY  |  REPLY WITH QUOTE  |  TOP  |  HOME  

YOUR OPTIONS

NEW POSTS TODAY

USERPOST DATE

OTHER TOPICS

DISCUSSIONS
Where is the 25th ammendment when you need it?
Sat, November 23, 2024 20:14 - 16 posts
In the garden, and RAIN!!! (2)
Sat, November 23, 2024 20:07 - 4758 posts
Australia - unbelievable...
Sat, November 23, 2024 19:59 - 22 posts
Elections; 2024
Sat, November 23, 2024 19:33 - 4796 posts
MAGA movement
Sat, November 23, 2024 19:28 - 12 posts
More Cope: David Brooks and PBS are delusional...
Sat, November 23, 2024 16:32 - 1 posts
List of States/Governments/Politicians Moving to Ban Vaccine Passports
Sat, November 23, 2024 16:27 - 168 posts
Once again... a request for legitimate concerns...
Sat, November 23, 2024 16:22 - 17 posts
What's wrong with conspiracy theories
Sat, November 23, 2024 15:07 - 19 posts
human actions, global climate change, global human solutions
Sat, November 23, 2024 14:38 - 945 posts
Convicted kosher billionaire makes pedophile Roman Polanski blush
Sat, November 23, 2024 13:46 - 34 posts
The worst Judges, Merchants of Law, Rogue Prosecutors, Bad Cops, Criminal Supporting Lawyers, Corrupted District Attorney in USA? and other Banana republic
Sat, November 23, 2024 13:39 - 50 posts

FFF.NET SOCIAL