What you need to do NOW
A new breach one of the biggest in history has potentially compromised the personal information of 2.9 billionrecords.Just by itself, this breach isbigger than all the breaches in the first half of 2024and could rival the 2013Yahoo! breach, which compromised the data of 3 billion records.
And while what hackers accessed and are selling on the Dark Webis not unique and has been available in criminal marketplaces for years --every Americans Social Security number, addresses, for example -- it magnifies how easy it is to access the level of personal information we hold dear.
What happened
Identity Theft Resource Center Chief Operating Officer, James E. Lee, told ConsumerAffairs that what's different is the way we learned of the breach: through alawsuit, not a state-mandated data breach notice. Typically in data breaches --like what Ticketmaster andAT&T suffered --those companiesproactively communicate what happened directlyto their customers.
The tentacles of this go back to April 2024 when an infamous hacking group known as USDoD claimed to have stolen these personal records from National Public Data (NPD) a company that provides background check services to employers, investigators, and other businesses.USDoD offered the whole database for sale to the tune of $3.5 million. A version of the stolen data was later leaked for free on a dark web forum, according to Bleeping Computer.
As of now, there have been no formal notifications or warnings from NPD to the public, nor have there been any filings with state attorneys general, which some states require following data breaches. That means darn near every one of us has been left hanging for close to four months.
Were you lucky or unlucky?
The lawsuit said that the database does not contain information from individuals who use data opt-out services for example, when you visit a website and click on the box saying that you do not want e-mails, pop-ups, or be included in the site's analytics.
The lawsuit claims that people who did not use data opt-out services and lived in the U.S.were immediately found. The records reportedly showed their:
-
First name
-
Last name
-
Address
-
Address history (3 decades+)
-
Social Security number
And allowed anyone looking at the database to also find:
-
Their parent
-
Their nearest siblings
-
Deceased relatives
-
Uncles, aunts, and cousins
Dont let this happen to you
Because this data has been circulating for years, Lee saysthe steps people should take are the same habits they should have already adopted as part of good cyber hygiene:
Freeze your credit. Its the only action that can stop an identity criminal from accessing your credit. The credit and identity monitoring you buy or get due to a data breach are helpful in telling you what happened, but cannot stop anything from happening.
ConsumerAffairs theft protection experts also suggest enrolling in acredit monitoring service. Itcan also alert you if your information appears on the dark web or if there are unusual activities in your accounts.
Make sure you have a different password on every account no reusing the same or similar passwords on each account.
Use a password manager to help create and keep track of passwords. The password manager built into your browser is fine for most people, but you can always pay for one if you want. Apple is also about to launch a stand-alone password manager as an app.
"Better yet, create passkeys whenever they are available for your mobile devices. They are far more secure than a password," Lee suggests.
Make sure you use multifactor authentication (MFA) when available. "Ask any business where you have a relationship why they dont offer MFA if its not available (and be prepared to go elsewhere if you dont like the answer)," commented Lee.
Photo Credit: Consumer Affairs News Department Images
Posted: 2024-08-15 18:02:09
