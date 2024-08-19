Social Security numbers are critically important pieces of personal data for Americans. SSNs are considered to be a primary type of personally identifiable information, i.e., PII, and are supposed to be kept secure and private.

National Public Data disclosed a massive data breach in August 2024, which involved the Social Security numbers of nearly every American. The data leaked also includes full names, phone numbers, and current and past addresses.

The total number of records breached is estimated to be 2.9 billion records, totaling 277GB of data. It is unclear if all the records are unique -- or as some cybersecurity experts suspect, there are duplicates. Records include people living in the United States, United Kingdom and Canada.

A cybercriminal organization known as USDoD is allegedly behind the data breach. USDoD initially tried to sell all the data for approximately $3.5 million worth of cryptocurrency on a dark web forum.

What is National Public Data? National Public Data (NPD) is a data broker company based in Coral Springs, Fla. The company was founded in 2008 by Salvatore Verini and is technically part of a business known as Jerico Pictures. The company provides background check services to a variety of clients -- including employers, private investigators and other businesses that require verification of individuals' backgrounds. The company's services encompass searches for criminal records, vital records and Social Security numbers. NPD's database is designed to assist in making informed decisions about hiring, tenancy and other personal assessments.

What information was stolen? The following information was included in the NPD data breach: Full names. Complete names of individuals, which are crucial for identity verification.

Complete names of individuals, which are crucial for identity verification. Addresses. Current and past addresses, spanning up to three decades, providing a comprehensive history of individuals' residences.

Current and past addresses, spanning up to three decades, providing a comprehensive history of individuals' residences. Social Security numbers. A critical piece of PII used for many official purposes -- such as obtaining a loan or credit card -- making them highly valuable for identity theft.

A critical piece of PII used for many official purposes -- such as obtaining a loan or credit card -- making them highly valuable for identity theft. Phone numbers. Contact information that can be exploited for phishing and other fraudulent activities.

Contact information that can be exploited for phishing and other fraudulent activities. Dates of birth. Essential for identity verification and often used in combination with other data to commit fraud.

Essential for identity verification and often used in combination with other data to commit fraud. Information about relatives. Data on people's family members -- including parents, siblings, aunts, uncles and cousins.

Data on people's family members -- including parents, siblings, aunts, uncles and cousins. Criminal records. The breach potentially includes criminal records, as NPD offers background check services including criminal record searches.

Did NPD alert consumers about the breach? NPD did not immediately alert consumers about the breach. The company first admitted and acknowledged that it was the victim of a data breach in a breach disclosure notification published on its website on Aug. 15, 2024. In the disclosure, NPD acknowledged that a third-party threat actor attempted to hack into NPD data in December 2023, with potential leaks in April 2024 and summer 2024.

How to determine what data breaches you've been involved in There are several ways individuals can determine if their personal information has been compromised in this or other data breaches. Consider the following methods: Have I Been Pwned. HIBP was created by researcher Troy Hunt as a free service. A user can enter their email address to see if it has been involved in known data breaches.

HIBP was created by researcher Troy Hunt as a free service. A user can enter their email address to see if it has been involved in known data breaches. Credit monitoring services. Many credit monitoring services -- such as those offered by Equifax, Experian and TransUnion -- provide alerts for suspicious activity on credit reports, which can indicate a data breach.

Many credit monitoring services -- such as those offered by Equifax, Experian and TransUnion -- provide alerts for suspicious activity on credit reports, which can indicate a data breach. Monitor financial accounts. NPD's official disclosure advises individuals to closely monitor their financial accounts for any unauthorized activity.

NPD's official disclosure advises individuals to closely monitor their financial accounts for any unauthorized activity. Watch for notifications. While not always reliable, companies sometimes notify individuals if their data has been involved in a breach. However, in this case, NPD initially did not provide widespread notification.

What can bad actors do with this personal information? Bad actors can potentially use the stolen personal information for a variety of malicious purposes, including the following: Opening fraudulent credit card accounts. Bad actors use stolen identities to open new lines of credit.

Bad actors use stolen identities to open new lines of credit. Applying for loans. Securing loans in victims' names, leaves them with the financial burden.

Securing loans in victims' names, leaves them with the financial burden. Committing tax fraud. Stolen PII enables bad actors to file false tax returns to claim refunds.

Stolen PII enables bad actors to file false tax returns to claim refunds. Accessing existing financial accounts. This provides unauthorized access to bank accounts.

This provides unauthorized access to bank accounts. Creating fake identities. This is often done for illegal activities.