In what could be one of the most significant data breaches in history, the Social Security numbers of virtually every American may have been compromised. This breach, potentially affecting billions, highlights the ongoing vulnerabilities in the way sensitive information is stored and managed.
Four months ago, a notorious hacking group, identified as USDoD, claimed to have stolen an extraordinary amount of personal data from a major data broker known as National Public Data (NPD). This broker provides personal information to a range of clients, including employers, private investigators, and agencies conducting background checks. The hacking group initially offered to sell this data, which they claimed included the personal records of 2.9 billion people across the United States, Canada, and the United Kingdom, for a staggering $3.5 million.
Recently, a member of the USDoD group, identified only as “Felice,” reportedly released most of this data for free on an online marketplace known for trafficking stolen personal information. According to screenshots captured by cybersecurity news outlet BleepingComputer, Felice stated that the data includes approximately 2.7 billion records, each containing full names, addresses, dates of birth, Social Security numbers, and phone numbers, among other personal details. While email addresses and certain identification photos seem to be absent from this haul, the sheer volume and sensitivity of the available data are cause for significant concern.
Teresa Murray, a consumer watchdog director for the U.S. Public Interest Research Group (PIRG), emphasized the potential ramifications of such a breach. “If this in fact is pretty much the whole dossier on all of us, it certainly is much more concerning than prior breaches,” she said in a recent interview. Murray stressed that this incident should serve as a “five-alarm wake-up call” for individuals who have not yet taken steps to protect their personal information.
In response to the alleged breach, National Public Data has not yet formally notified the affected individuals. However, the company has reportedly communicated with those who reached out via email, stating that it is aware of the situation and is actively investigating. The company also mentioned that it has purged its entire database, effectively opting everyone out and deleting any non-public personal information. Despite this, NPD acknowledged that some records might still be retained to comply with legal obligations.
The potential consequences of this breach are vast. With access to Social Security numbers, birth dates, and other identifying information, bad actors could easily engage in identity theft, fraud, and other criminal activities. Teresa Murray warned that the stolen data could be used to take over existing accounts, create new fraudulent accounts, and wreak financial havoc. Although email addresses and photo IDs were not included in the leaked data, criminals could potentially combine information from previous breaches to complete the puzzle, making the threat even more severe.
This breach comes just weeks after a major data breach from one of the largest cellular carries in the US.
Experts are advising individuals to take immediate action to safeguard their identities. One of the most effective steps is to freeze your credit files with the three major credit bureaus—Experian, Equifax, and TransUnion. This measure, which is free to implement, will prevent anyone from opening new credit accounts in your name. However, it is essential to remember to lift the freeze temporarily if you need to apply for credit or services that require a credit check.
As data breaches become increasingly common, the need for enhanced cybersecurity measures and personal vigilance has never been more critical. This latest breach underscores the persistent and growing threat posed by cybercriminals, and it serves as a sobering reminder of the fragility of our personal information in the digital age.