The sensitive information of 2.9 billion people has been leaked on the dark web, around four months after the background check company National Public Data (NPD) was breached by prominent hacking group USDoD, according to a court filing.
Full names, addresses, date of birth, phone numbers, and Social Security Numbers were compromised in the cyber hack, and according to cybersecurity experts, the scale of this leak makes it “more concerning” than similar instances because of the window it could open on identity theft.
With most US citizens likely to have been impacted by the leak, we explain what it could mean if you’ve been affected, before outlining some preventative measures you can take to minimize potential risks.
Massive Hack Exposes Information of Billions, Lawsuit Claims
A new class action lawsuit alleges that the hacking group USDoD stole the unencrypted data of billions of people after hacking National Public Data – a Florida-based company which offers personal information to employers, private investigators and others who conduct background checks.
This just in! View
the top business tech deals for 2024 👨💻
The lawsuit was filed after California resident Christopher Hofmann claimed he recieved an alert from his identify theft protection service in late July, notifying him that his personal information was leaked to the dark web.
According to the lawsuit, after the hacking group retrieved the personal records -which include physical addresses, full names of siblings and parents, and Social Security Numbers – they attempted to extort the company for $3.5 million. However, Bleeping Computer reported that the file was later leaked for free on dark web data forum.
National Public Data hasn’t formally notified individuals about the breach. Yet, the company has reached out to customer via email, explaining that it has “purged the entire database” and deleted all “non-public personal information”.
If You’re a US Citizen, You’ve Probably Been Impacted In the Breach
With the lawsuit claiming that billions of individuals have been involved in the breach, and the US population only standing at around 330 million, its likely that the nation’s total population has been affected. This is corroborated by experts like Cliff Steinhauer, director of information security and engagement at The National Cybersecurity Alliance, who claims that its likely ‘that everyone with a Social Security number was impacted”.
Yet, other experts like James E. Lee, chief operating officer at the Identity Theft Resource Center, believe these figures could be slightly overblown. This is because some individuals have multiple records in the database, and the lawsuit also alleges that some data belongs to deceased individuals, with the records dating back at least three decades according to law firm Schubert Jonckheer & Kolbe.
Either way, the breach could be among the biggest in US history, with the potential number of people impacted only being slightly smaller than a 2013 Yahoo! data breach that compromised the data of around 3 billion individuals.
Concerned About the Hack? Here’s How to Protect Yourself
While National Public Data has since deleted all non-public information, the leak still puts affected individuals at risk of incidents like identity theft. This is because the type of data stolen can be used to take over someone’s account, or to make fake accounts in your name.
What’s more, according to Teresa Murray, consumer watchdog director for the U.S. Public Interest Research Group, the scale of the hack makes it ‘more concerning’ than prior breaches, and if people weren’t taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them.”.
However, if you think your data has been compromised in the attack, the good news it that there’s lots of actionable steps you’re able to take to protect yourself.
- Freeze your credit cards – If you’re worried about a bad actor using your information to access your bank account, we’d recommend freezing your account. All you need to do is tap a button on your online banking app and potentially enter some personal information. The temporary freeze won’t impact your credit score, either.
- Enable two-factor authentication (2FA) – Switching on 2FA is one of the easiest ways to protect your accounts against identity theft. You can enable this feature when creating an account, or switch it on later on in the settings.
- Improve your passwords – Even if hackers have access to your sensitive information, it’ll still be difficult for them to enter your accounts without your password. However, this is only the case if you’re using a strong password containing a mix of upper and lower case letters, numbers and special characters. Thanks to password managers, you don’t need to commit these complex codes to memory.
Also, be more vigilant than usual about any strange activity taking place with your online accounts and banking. If you spot anything suspicious, be sure to report it straight away.
