A serious data breach that reportedly includes Social Security numbers has put many individuals on edge about identity theft and the chance that their personal information has been exposed online.
National Public Data, a background check and public records company, is facing a flurry of sophistication motion lawsuits concerning the breach. The suits were filed this month within the Federal District Court for the Southern District of Florida and allege that the non-public information of tens of millions of individuals was accessed by cybercriminals in April.
A number of the stolen data is outwardly already popping up on the dark web: The plaintiffs suing National Public Data say they’ve been alerted of exposures by credit monitoring and identity theft protection services. Here’s every part we all know concerning the breach, including what to do when you’re affected.
What’s the National Public Data breach?
In keeping with the lawsuits, the info accessed by cybercriminals includes full names, addresses, family history, Social Security numbers and other sensitive information. National Public Data aggregates data from public sources, but the corporate also had access to nonpublic personal information.
National Public Data “was targeted for a cyber-attack attributable to its status as an information company that collects and maintains highly precious PII on its systems,” in accordance with one in all the lawsuits. (PII stands for private identifiable information.) The plaintiffs allege that the corporate was “reckless” with the info, putting their information in danger.
In keeping with the LA Times, the corporate first responded to customer support complaints with a message that claims, “we’re aware of certain third-party claims about consumer data and are investigating these issues.”
Later, National Public Data added an update on its website that reads, “There appears to have been an information security incident which will have involved a few of your personal information… The data that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es).”
The update went on to clarify there was an initial hack (or hack attempt) in December 2023. The corporate confirmed “potential leaks of certain data in April 2024 and summer 2024.”
What number of persons are actually affected?
There are key questions that the corporate hasn’t explained, like why did it have access to Social Security numbers to start with and what number of were accessed by cybercriminals.
One in every of the lawsuits alleges that National Public Data was promoting services on its website including an “SSN trace” and a people finder tool that had an option to go looking by Social Security number. The suit cites this web archive.
The incident is now drawing the eye of members of Congress. In a statement Wednesday, Sen. Rick Scott, R-Fla., said he’s “demanding motion and accountability” after reports that cybercriminals have “potentially stolen the Social Security numbers and other sensitive information of each American citizen.”
That extreme claim — that everybody’s Social Security number was exposed — has not been confirmed. Government officials have yet to explain the scope of the attack, and National Public Data couldn’t be reached for comment by Money or other outlets.
You might have also seen reports that billions of records were stolen. It is important to consider that, even when true, that doesn’t mean billions of individuals had their records stolen, because the figures which can be going around discuss with rows of information. Plus, it’s unclear how much of the info could also be from public sources, or just inaccurate.
In a blog post, Troy Hunt, a web security expert and operator of Have I Been Pwned, pumped the brakes on the panic concerning the breach: He said the criminals who purportedly obtained the info tried to sell it for $3.5 million, and advertised it with exaggerated claims about what the download includes.
“Clearly, there’s a financial motive involved here,” he wrote. It’s also unknown, at this point, how much of the info leaking out is real and the way much is fake — Hunt was in a position to find examples of clearly invalid information within the leaks. He ended his blog post, “Treat this as informational only, an intriguing story that does not require any further motion.”
The right way to protect yourself
While we wait for more information concerning the true scope and severity of the info breach, it’s a wise idea to brush up the steps you possibly can take to protect yourself from identity theft.
To begin, keep a detailed watch in your financial accounts so you possibly can catch suspicious activity quickly. You possibly can even arrange account alerts to get texts each time a recent transaction is posted.
Experts say it’s best to strongly consider a credit freeze any time your identity could have been exposed. While you freeze your credit, it stops scammers from with the ability to fraudulently get a loan using your data. You possibly can do that at no cost by contacting the credit bureaus: Experian, Equifax and Transunion. You too can get free copies of your credit report at AnnualCreditReport.com.
Identity theft protection and credit monitoring services may enable you to get alerted in case your personal information leads to a breach. (A number of the plaintiffs within the lawsuits against National Public Data say that is how they came upon about exposures.) These are typically paid services that supply convenience in exchange for a monthly fee.
More from Money:
8 Best Identity Theft Protection Services of August 2024
Dollar Scholar Asks: When and Why Should I Freeze My Credit?
Job Scams Are Rising — Here’s How You Can Protect Yourself From Employment Fraud