A major data breach has recently exposed the personal details of approximately 2.7 billion people. The hack, carried out by the notorious group USDoD, targeted National Public Data (NPD), a firm known for supplying personal information to various organizations for background checks. The breach, which was initially reported about four months ago, has seen a substantial portion of the stolen data, including Social Security numbers, addresses, and birth dates, released for free on an online marketplace for stolen data.
Identity Theft Risks
This breach poses serious risks, potentially leading to widespread identity theft and fraud. Teresa Murray from the U.S. Public Interest Research Group (PIRG) warns that this incident is more alarming than previous breaches and urges people to take immediate action to protect their personal information. The stolen data could enable criminals to create fraudulent accounts or gain unauthorized access to existing ones, including bank and insurance accounts.
Although some information, like email addresses and passport photos, was not included in the leak, the available data—comprising names, Social Security numbers, and phone numbers—is still sufficient to cause significant harm. Murray highlights the danger of criminals using this data in conjunction with information from other breaches to commit a variety of crimes.
Legal and Company Responses
A class-action lawsuit has been filed in Fort Lauderdale, Florida, alleging that USDoD stole the records from NPD. The company, which has not yet notified affected individuals, issued a vague statement confirming awareness of the breach and stating that they are investigating the matter. NPD claims to have purged its database of personal information, though it may retain certain records for legal reasons.
Expert Opinions on the Breach
Cybersecurity experts have verified that the leaked data appears authentic, heightening concerns about its potential impact. The stolen information is crucial for verifying identities and resetting passwords, making the breach particularly dangerous. With access to this data, criminals could impersonate victims and gain entry to their accounts.
Murray warns that criminals might use this stolen data alongside information from other breaches to enhance their fraudulent activities. This combination could lead to even more severe consequences, from financial fraud to broader identity theft.
Steps to Protect Yourself
In light of the breach, experts recommend taking several precautionary steps. One of the most effective measures is to place a credit freeze with the three major credit bureaus—Experian, Equifax, and TransUnion. This free service prevents new credit accounts from being opened in your name. Remember to lift the freeze temporarily if you need to apply for credit.
Additionally, be cautious of unsolicited emails or texts claiming to be from credit agencies. These are often scams designed to collect personal information. Instead, visit the official websites of the credit bureaus to handle any credit-related concerns.
Enhanced Security Measures
To further safeguard your identity, consider enrolling in an identity monitoring service that alerts you to suspicious activity or your information appearing on the dark web. Some companies offer these services for free if you’ve been affected by a breach. Tools from Google and Experian can also help check if your data has been compromised.
Securing your current accounts is equally important. Use strong, unique passwords for each account and consider using a password manager to keep track of them. Implementing two-factor authentication (2FA) adds an extra layer of security. An authenticator app is preferable to SMS-based 2FA, as it provides better protection even if your phone number is compromised.
Watch Out for Scammers
Scammers often exploit data breaches by posing as legitimate organizations to trick victims into revealing more information. Murray advises against clicking on links or calling numbers from unsolicited messages. If you receive a suspicious communication, verify the contact details independently and reach out directly to the organization.