Your Social Security number may have been leaked - here's how to protect yourself
A class action lawsuit has claimed that hackers have leaked personal information of billions on the dark web. The stolen data includes Social Security numbers, addresses, and names of siblings, parents both living and deceased. The lawsuit filed against a background check and fraud prevention company alleges that the personal data belongs to over 2.9 billion people, Bloomberg Law first reported. The data could allow fraudsters to hack into financial accounts or take out unauthorized loans.
Background of the Lawsuit
The allegation of the data breach arose in a lawsuit filed by California resident Christopher Hofmann. Hofmann alleged that his identity theft protection service informed him about a potential leak of his personal information on the dark web.
The breach allegedly occurred in April, when a hacker group called USDoD leaked unencrypted personal information of billions from National Public Data (NPD), which offers personal information to employers, private investigators, staffing agencies and others doing background checks, according to the lawsuit.
A background-check company doing business as National Public Data exposed the personal information of nearly 3 billion individuals in an April data breach, a proposed class action says. https://t.co/Gv1tPUANDK
— Bloomberg Law (@BLaw) August 3, 2024
The hacker leaked a version of the stolen data that was also shared for free on a hacking forum, tech site Bleeping Computer reported.
The data allegedly available for sale for $3.5 million contains records of individuals from the U.S., Canada, and the U.K., a cybersecurity expert said in an X post.
Massive #DataBreach Alert ⚠️
— HackManac (@H4ckManac) April 8, 2024
2.9 billion records of USA, Canada, and UK citizens allegedly for sale for $3.5 million.
The threat actor USDoD claims to be selling a 4 TB database containing 2.9 billion rows apparently exfiltrated from National Public Data, a public records data… pic.twitter.com/kgSd3RpoP2
Impact of the breach
Cybersecurity experts told the New York Post that many of the stolen records are duplicates, thus the true number of people impacted by the breach is likely to be smaller than what's being claimed.
According to BleepingComputer, the leaked data could be dated and all of it may not be accurate. However, the leaked data does contain sensitive personal information that can cause damage to some.
How to check if your Social Security number was leaked
In the report by The Post, cybersecurity expert, Dr Tommy Morris recommended that internet users visit a free website called the npdpentester.com that was created to help people navigate the NPD data breach. Other websites like Google, Experian and Have I Been Pwned could also help with the same.
What to do if your social security number has been leaked
For those who suspect that their Social Security number or other important identifying information has been leaked, experts suggest that they should put a freeze on their credit files to prevent fraud.
Individuals can visit the websites of any of the three major credit bureaus, Experian, Equifax, and TransUnion to do so, for free. This will prevent criminals from taking out loans, signing up for credit cards, and opening financial accounts under their name.
How to protect yourself
Putting fraud alerts on credit reports can also secure accounts. These alerts call and verify information of credit applicants to make sure it is the owner of the account. Any of the three credit bureaus could be contacted to put a fraud alert on accounts.
People can also sign up for a service that monitors their accounts and the dark web to prevent identity theft. However, these services typically aren't free after a trial period.
Lastly, replacing older passwords with strong ones and setting up two-factor authentication for all transactions can also help. Individuals should refrain from sharing any sensitive information over calls, emails, SMS, etc., from imposters posing as bank officials.
