2.9 billion records, including Social Security numbers, stolen in data hack: What to know

An enormous amount of Social Security numbers and other sensitive information for millions of people could be in the hands of a hacking group after a data breach and may have been released on an online marketplace, The Los Angeles Times reported this week.

The hacking group USDoD claimed it had allegedly stolen personal records of 2.9 billion people from National Public Data, according to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Florida, reported by Bloomberg Law. The breach was believed to have happened in or around April 2024, according to the lawsuit.

Here's what to know about the alleged data breach.

2025 COLA: Estimate dips with inflation, but high daily expenses still burn seniors

What information is included in the data breach?

The class-action law firm Schubert, Jonckheer & Kolbe said in a press release that the stolen file includes 277.1 gigabytes of data , and includes names, address histories, relatives and Social Security numbers dating back at least three decades.

According to a post from a cybersecurity expert on X, formerly Twitter, USDoD claims to be selling the 2.9 billion records for citizens of the U.S., U.K. and Canada on the dark web for $3.5 million.

Since the information was posted for sale in April, others have released different copies of the data, according to the cybersecurity and technology news site Bleeping Computer.

A hacker known as " Fenice " leaked the most complete version of the data for free on a forum in August, Bleeping Computer reported.

What is National Public Data?

National Public Data is a Florida-based background check company operated by Jerico Pictures, Inc. USA TODAY has reached out to National Public Data for comment.

The company has not publicly confirmed a data breach, but The Los Angeles Times reported that it has been telling people who contacted via email that "we are aware of certain third-party claims about consumer data and are investigating these issues."

What to do if you suspect your information has been stolen

If you believe your information has been stolen or has appeared on the dark web, there are a few steps you can take to prevent fraud or identity theft.

Money.com recommends taking the following steps:

• Make sure your antivirus is up to date and perform security scans on all your devices. If you find malware, most antivirus programs should be able to remove it, but in some cases you may need professional help.
• Update your passwords for bank accounts, email accounts and other services you use, and make sure they are strong and different for every account. Include uppercase and lowercase letters, numbers and punctuation marks, and never use personal information that a hacker could guess.
• Use multi-factor authentication for any accounts or services that offer it to ensure you are the person logging in.
• Check your credit report, and report any unauthorized use of of your credit cards. If you notice any suspicious activity, you can ask credit bureaus to freeze your credit.
• Be careful with your email and social media accounts, and beware of phishing, an attempt to get your personal information by misrepresenting who a message or email is from.

This article originally appeared on USA TODAY: 2.9 billion records, including Social Security numbers, stolen in data hack: What to know