2.7 billion IDs hacked in recent breach

You are probably affected

National Public Data (NPD) is a private company based in Florida that collects information for background checks. Its databases held 2.7 billion people’s full name, address, date of birth, Social Security number and phone number, alternate names and birth dates and email addresses.

NPD was hacked in April, and possibly again this summer, and all that information became available for purchase on the dark web — the seedy underbelly of the internet where criminal activity thrives. [Ed. Note: In addition, the personal information of almost one million Medicare beneficiaries was exposed during a data breach in May 2023.]

This is a sobering reminder that our personal data — everything from our usernames and passwords to our birth dates and Social Security numbers — are just a few keystrokes away from falling into the hands of criminals.

What you need to do

There are a few ways to check if your information was part of the leak. You can visit NPDbreach.com to see if you were part of this specific leak, and if so, which pieces of your personal information may have been compromised.

Even if you have no reason to think NPD would have your information, it’s still important to check their site. Criminals can do a lot of damage to your credit, finances — even your reputation — with just your full name, date of birth and address, let alone your Social Security number.

If your information has been leaked, you can protect your credit by putting a freeze on it with the three major credit bureaus: Experian, Equifax and TransUnion. The process is not difficult, but you have to contact each of these companies individually. [See below for more information.]

If you plan to make any major purchases (like a car or a house) or open any new accounts (like a credit card or with a new bank) that require a credit check, you will have to contact each agency to lift the freeze temporarily. Call it a “thaw,” if you will.

Scammers go phishing

One of things that worries experts about the NPD hack is that it not only compromised identifying personal information, but also people’s email addresses.

Those things in combination make it easier for scammers to impersonate someone (spoof their email) or create sophisticated phishing emails targeting specific users.

Phishing scams are designed to get people to voluntarily offer up personal information — usually Social Security or credit card numbers — or click on malicious links, often by pretending to be legitimate companies or by scaring people into clicking links to avoid supposed late fees or other strange charges to their accounts.

Unfortunately, it’s fairly common for people’s email addresses to be leaked as part of — for lack of a better word — minor data breaches. So many apps and websites require us to put in our email addresses, even if we don’t set up an account with them. That information gets stored and can be compromised. Same with usernames and passwords.

You can check to see if your email address — and related information — has been leaked in any data breach at haveibeenpwned.com. If your email address has been part of any known hack, this site will tell you, along with which data breach compromised your address and what other kind of information may also have been exposed by that hack.

Prevention

There are several things we can do to protect ourselves: use unique passwords for every site (we know — much easier said than done), two-factor authentication, and specific online security services, including antiviral software to safeguard our information, and credit monitoring to alert us when something has happened.

The hazard of modern life is that even the most basic things we do now require us to give up personal information that is then stored electronically. And unfortunately, that information is never as safe as we wish it to be.

© 2024 The Dominion Post, Morgantown, W.Va., DominionPost.com. Distributed by Tribune Content Agency, LLC.

Five tips to protect your ID

• Sign up for 24/7 credit monitoring and activate two-factor authentication.
• Never respond to unsolicited requests for information.
• Review credit card, bank accounts and loans on a regular basis.
• Place a free fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts.
• Freeze your credit reports with these three primary companies: Experian, TransUnion and Equifax. In this context, “freezing” means that you prohibit your credit reports from being accessed by most third parties. When you need to access your credit reports to open new accounts or obtain loans, contact all three companies to “unfreeze.”

You can open an account and freeze your credit reports at no cost at all three companies (though they offer paid plans for additional services).

Here are the websites you will need to visit: experian.com/freeze/center.html; transunion.com/credit-freeze; equifax.com/personal/credit-report-services/credit-freeze.

—Donna LeValley

© 2024 The Kiplinger Washington Editors, Inc. Distributed by Tribune Content Agency, LLC.