On April 8, 2024 , a group of hackers known as "USDoD" posted to a hacking forum claims that they had access to over 2.9 billion records stolen from a background checking company known as National Public Data. According to the post, the data contained names, addresses and social security numbers of people located in the U.S. The group wanted to sell the data for $3.5 million.
On Aug. 2, 2024, Bloomberg Law reported on a class action lawsuit filed against National Public Data. The lawsuit alleged that the company had collected its data from non-public sources, meaning that people did not knowingly provide their information to the company. The lawsuit accused National Public Data of " negligence, unjust enrichment, and breaches of fiduciary duty and third-party beneficiary contract," according to the Bloomberg Law report.
Just four days later, on Aug. 6, 2024, the information stolen in the data breach was posted to the same hacking forum. This time, however, it was available for free. According to a report from BleepingComputer , an online publication focused on technology and cybersecurity, the files contained nearly 2.7 billion entries, a bit less than the 2.9 billion figure originally claimed in April. Some entries contained more information than others, including phone numbers, birthdates and aliases, but all entries contained a social security number, an address and a name. In the following week, major publications like The Los Angeles Times and The New York Times reported on the data breach.
Snopes independently investigated the data breach and found that many of the entries were legitimate, although not without some typos and errors. We were able to confirm that not everyone's information was leaked, although many people's were.
National Public Data posted the following statement to its webpage addressing the data breach:
There appears to have been a data security incident that may have involved some of your personal information. The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024. We conducted an investigation and subsequent information has come to light. What Information Was Involved? The information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es).
However, the lawsuit claims that National Public Data did not alert individuals who were affected by the breach.
The cybersecurity company Pentester released a free tool that allows users to search the leaked database for their information. A Pentester spokesperson told Snopes via email that the company sourced the information from the hacking forum and then altered the database to redact the social security numbers to protect people's identity. The spokesperson recommended that users concerned about their information being publicly available should request a free credit freeze from the three credit bureaus, Equifax , Experian and TransUnion , and monitor their credit situation closely.
While individuals don't have control over a company getting hacked and revealing their information, they can still take steps to help limit how compromised they would be.
On the technology side, ensure that you are not reusing passwords and turn on two-factor authentication. On the more personal side, stay skeptical of any phone calls, emails or text messages you receive that claim to be from your bank or another service provider you work with, and never send money or give out information like usernames and passwords to these people. If you're concerned that the messages could be legitimate, separately search for the supposed company's customer service line or fraud department to ask for help.
Sources:
Bloch, Emily. "6 Things to Know about the Social Security Number Hack." Https://Www.Inquirer.Com, 15 Aug. 2024, https://www.inquirer.com/news/nation-world/social-security-breach-usdod-hack-20240815.html.
DeLetter, Emily. "2.9 Billion Records, Including Social Security Numbers, Stolen in Data Hack: What to Know." USA TODAY, https://www.usatoday.com/story/tech/2024/08/15/social-security-hack-national-public-data-breach/74807903007/ . Accessed 16 Aug. 2024.
"Hackers Leak 2.7 Billion Data Records with Social Security Numbers." BleepingComputer, https://www.bleepingcomputer.com/news/security/hackers-leak-27-billion-data-records-with-social-security-numbers/ . Accessed 16 Aug. 2024.
"Hackers May Have Stolen the Social Security Numbers of Every American. Here's How to Protect Yourself." Los Angeles Times, 13 Aug. 2024, https://www.latimes.com/business/story/2024-08-13/hacker-claims-theft-of-every-american-social-security-number .
Hackers May Have Stolen Your Social Security Number in a Massive Breach. Here's What to Know. - CBS News. 16 Aug. 2024, https://www.cbsnews.com/news/social-security-number-leak-npd-breach-what-to-know/ .
Lieber, Ron. "What to Know About the Latest Social Security Number Breach." The New York Times, 15 Aug. 2024. NYTimes.com, https://www.nytimes.com/2024/08/15/business/social-security-numbers-stolen-hack.html .
Personal Data of 3 Billion People Stolen in Hack, Suit Says (1). https://news.bloomberglaw.com/privacy-and-data-security/background-check-data-of-3-billion-stolen-in-breach-suit-says . Accessed 16 Aug. 2024.
Security Incident. https://nationalpublicdata.com/Breach.html . Accessed 16 Aug. 2024.
"X.Com." X (Formerly Twitter), https://x.com/vxunderground/status/1797047998481854512?lang=en . Accessed 16 Aug. 2024.
Local News
Comments / 0