In August 2024, Bloomberg Law reported a data breach affecting nearly three billion people. The breach, which took place in April 2024, involved the cybercriminal group “USDoD” targeting a database from National Public Data, a company specializing in background checks. This massive leak included sensitive personal information like Social Security numbers, addresses, and full names, now circulating on the dark web.
What Happened
National Public Data confirmed the breach in August 2024, revealing that unauthorized access led to the exposure of millions of records. The stolen information is being sold on the dark web, raising serious concerns about potential misuse. A class action lawsuit has been proposed, alleging that National Public Data obtained this data through improper means, including scraping non-public sources.
The precise number of individuals affected is still unclear. The Maine Attorney General estimates about 1.3 million people may be impacted, while cybersecurity expert Troy Hunt suggests that up to 134 million unique email addresses could be involved. The breach, attributed to the USDoD group, highlights the extensive reach and potential consequences of this cyberattack.
Checking for Compromise
To see if your personal data has been compromised, National Public Data has set up a platform at npd.pentester.com. Here, you can enter your first name, last name, and birth year to check if your information is among the leaked data. This tool aims to help you determine if your data is at risk and needs attention.
Steps to Protect Yourself
If you discover that your data, especially your Social Security number, has been exposed, follow these steps:
1. Report to IdentityTheft.gov: File a report on IdentityTheft.gov to get a recovery plan and support. You can also call 1-877-438-4338 for help.
2. File a Complaint with IC3: Use the Internet Crime Complaint Center (IC3) to report the breach online, which helps law enforcement address the issue.
3. Notify Credit Bureaus: Alert one of the major credit bureaus—Equifax, Experian, or TransUnion—about the breach. This will help monitor your credit for any unusual activity.
4. Consider a Credit Freeze or Fraud Alert: A credit freeze prevents new accounts from being opened in your name, while a fraud alert requires creditors to verify your identity before extending credit.
5. Monitor Your Credit Reports: Regularly check your credit reports for any unusual activity. You can get a free annual credit report from AnnualCreditReport.com.
6. File a Police Report: Report the theft to your local police and keep a copy of the report. This can be crucial if you need to prove identity theft in the future.
7. Contact the IRS: To prevent tax-related fraud, inform the IRS that your Social Security number has been compromised. Call 1-800-908-4490 or visit Identity Theft Central for guidance.
Additional Precautions
Even after the breach, you can still take steps to limit potential damage:
– Check for Email Compromise: Use services like Have I Been Pwned to see if your email was involved in the breach. This can help you secure your email accounts.
– Consider Credit Monitoring: Enroll in a credit monitoring service for alerts about suspicious activity or attempts to open new accounts in your name.
Dealing with Persistent Misuse
If your Social Security number continues to be misused despite taking these precautions, consider applying for a new number. However, the Social Security Administration (SSA) requires substantial evidence of ongoing fraudulent use before issuing a new number.