Billions of personal information records may have been exposed in April after a hacking group gained access to records from the background check service National Public Data (NPD), prompting warnings from cybersecurity experts. NPD confirmed this week that a security incident within their company resulted in a leak of personal information, including social security numbers for millions of people.
In their statement on Friday, NPD warned that the “the information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es).” It recommended the public to take a number of steps to safeguard their identities, including freezing their credit and putting fraud alerts on their files at big credit bureaus.
The breach came to public awareness after a class-action lawsuit was filed August 1 in U.S. District Court in Florida, which was first reported by Bloomberg Law.
National Public Data did not share how many people were at risk, but hackers, who have been identified as part of the hacking group USDoD, have been offering, for sale, what they claimed were billions of NPD records since April, though the Washington Post reported that “security researchers who looked at the trove said some of the claims were exaggerated.”
According to David Brumley, a professor of electrical and computer engineering at Carnegie Mellon University, these breaches will become more popular with centralization of data.
“We are not talking about a startup here,” Brumley said. “Looking forward, we have to have higher standards for the custodians of our data.”
Here is how you can check if your social security has been compromised by the breach and what to do to protect your information.
How to check if your social security information has been compromised
NPD has not notified specific people whose data has been compromised. In their statement, they say they are working with law enforcement to review affected records and “will try to notify you if there are further significant developments applicable to you.”
Cybersecurity firm Pentester compiled a free database after the breach with the information in it—redacting social security numbers and dates of birth– and created a search tool for people to see if their information was involved. People can enter their name, state, and year of birth here, and the search will instantly look for information in the billions of records leaked online in the massive data breach.
What to do if you’re affected by the leak
If your social security number was breached, the best thing to do is to freeze your credit files through creating an account with one of the three consumer credit reporting agencies: Equifax, Experian or TransUnion. This can prevent identity theft. Credit reporting agencies also have services for those who set up accounts to check if their social security numbers have been compromised.
Even if your social security number was not leaked, Brumley says there are protections that should become the norm in this era of data breaches.
He urges people to set up two-factor authentication on as many online accounts as possible, or use an authentication app to secure your online accounts. He also advises to set up account alerts with your bank, including any and all charges outside of your home country and ATM withdrawals.
Brumley says his major piece of advice is to “be vigilant.”
Vigilance, he says, includes checking your credit score constantly, especially before large purchases like car loans and mortgages. It also includes awareness of phishing scams, since Brumley says leaks of this size open up the space for scammers to pose as banks and those trying to help.
He also says people should be double checking with their banks, even if they have alert services on for large purchases and withdrawals. He says that even though some banks have regulations where they require extra identification, people can now engineer ways to fool these checks. He adds that it’s up to each individual to keep a watchful eye on their credit, their identity, and their bank information.
“There’s not much more you can do when this much data has been compromised,” Brumley adds.
Discussion about this post