If you think your information was stolen, there's a number to call
You've probably seen that headline about 2.9 billion people's data getting stolen. It's a pretty scary number, isn't it?
But one privacy expert has decided to express his inner Shakespeare and suggest that the headline got it all wrong that A breach by any other name would not be this stinky.
Juliet was arguing that it did not matter that her love interest, Romeo, was from a rival family. In todays cybersecurity terms, it does not always matter how many people have been impacted by a data breach or what data was compromised, InterstateTechnology and Regulatory Council (ITRC) Chief Operating Officer James E. Lee said in the organizations latest Weekly Breach Breakdown podcast.
Whats important is the fact that there has been a data breach, how it occurred, and whether victims were notified. Often lost in translation is the difference between how many records have been exposed and how many victims have been impacted.
Lee says that where the media got it wrong was that there werent 2.9 billion users, but that the criminals made off with 2.9 billion records covering 30 years of information. He contends that there were likely multiple records about the same people over 30 years, meaning fewer individuals are likely to have been impacted than the billions claimed in news articles.
Think of it like this: if you have 2.9 billion apples, it doesn't mean you have 2.9 billion apple trees. You could have just bought those apples at the grocery store.
It's also possible that many of those records are duplicates or just plain irrelevant. Plus, not all data arecreated equal. Some data, like your name and address, aremore valuable to hackers than other data, like your favorite color.
Julio Casal, the chief intelligence officer for Constella, a provider of AI powered identity risk intelligence services, confirmed that. The data comes from a poor collection operation from a mix of sources and includes many errors, he said.
Its the who behind this, instead
Part of the data that the hackers stole included that from a data broker called National Public Data. They scrape information from websites and sell it to private investigators, background check websites, data resellers, mobile apps, applications, etc.
The problem is, National Public Data hasn't told anyone about the hack. No government agency, no victims. We only know about it because someone found their information for sale online and traced it back to National Public Data.
So why is there no National Public Data breach notice to victims? That's kind of weird, right? Why wouldn't they tell people?
There are several reasons why, Lee says. The company may not have notified officials or individuals including the fact that organizations that suffer a data breach are also allowed under state laws to determine if there is a risk to a person from the release of the information. If the decision is there is no risk, there is generally no requirement to notify anyone, including victims.
The U.S. Department of Justice, along with several U.S. lawmakersand at least two state attorneys general, are digging deeper into the National Data cyberattack, so eventually, the truth should come out.
The bottom line
So, while the National Public Data breach is certainly a cause for concern, it's important to stay informed and take steps to protect your personal information. That might mean changing your passwords, monitoring your accounts for suspicious activity, and being careful about what information you share online.
If you want to learn how to secure your personal or business info, or if you think you have already been the victim of an identity crime like a data breach, Lee invites you to speak with an expert ITRC advisor via text or on the phone (888.400.5530), chat live on the web, or exchange emails. Just visit www.idtheftcenter.org to get started.
Photo Credit: Consumer Affairs News Department Images
Posted: 2024-09-04 13:30:14
