What you can do about the massive data breach that probably exposed all of your personal i...

Posted:
in General Discussion

A recent data breach exposed sensitive information including social security numbers for billions of people globally, potentially leading to a significant increase in identity theft and cybercrimes. Here's what you need to know, and what you should do about it.

Top section of a Social Security card with blue border featuring the words Social Security, overlaying a blue patterned background.
Massive data break leaks billions of Social Security numbers



The USDoD hacking group breached National Public Data (NPD), a data broker offering personal information for background checks. This is not an ordinary data breach.

Over 2.7 billion records were stolen, with an unparalleled amount of information.

The breach compromised 2.7 billion records, including:


  • Names

  • Addresses

  • Birth dates

  • Social Security numbers

  • Phone numbers



Teresa Murray, Consumer Watchdog Director for PIRG, finds this breach more concerning than prior incidents due to the data's volume and sensitivity.

"If this in fact is pretty much the whole dossier on all of us, it certainly is much more concerning [than prior breaches], Murray explained to the Los Angeles Times. "And if people weren't taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them."

Despite the severity of the breach, National Public Data has yet to issue formal notifications to affected individuals. The company has claimed to have purged the entire database of personal entries, opting to delete non-public personal information.

However, it's unclear if this action is sufficient to mitigate the risks the breach poses.

Risks and implications



The leaked information is a goldmine for cybercriminals, providing nearly all the data to commit identity theft. With Social Security numbers, birth dates, and addresses, criminals can create fraudulent accounts, apply for loans, and manipulate existing accounts.

Although the breach lacks email addresses and driver's license photos, the missing data can be supplemented with information from previous breaches.

The fallout from such a breach can be catastrophic. Identity theft can lead to significant financial loss, damage to credit scores, and a lengthy recovery process for victims.

Moreover, the ease with which this data can be weaponized highlights the pressing need for heightened security measures.

For example, a specific threat associated with the exposed data is the risk of a SIM swap attack. In a SIM swap attack, cybercriminals use stolen personal information to convince your mobile carrier to transfer your phone number to a new SIM card.

Once they have your number, they can intercept SMS-based two-factor authentication codes and gain access to your accounts. Given the detailed personal information leaked in this breach, the likelihood of such attacks increases significantly.

Urgent steps to protect yourself



Protecting yourself from SIM swap attacks involves setting up a PIN or passcode with your mobile carrier and being alert to unusual activity, like sudden loss of service.

Next, placing a credit freeze at the three major credit bureaus in the US prevents criminals from opening new accounts in your name. It's free and restricts access to your credit report.

iPhone screen displaying security keys information, with a hardware security key placed on the screen. The text explains the importance of using security keys for account protection.
A security key that works with iPhones



Monitoring your accounts is also crucial. Identity theft protection services can watch your accounts and scan the dark web for compromised personal information. While these services often cost money, companies that experience data breaches sometimes offer them to affected customers for free.

Strengthen your passwords with unique, strong ones. Consider using a password manager. Enable two-factor authentication (2FA) with codes from an authenticator app or a hardware security key. Such a code makes it nearly impossible for attackers to breach your iCloud account, even armed with your password and a faked SIM.

A security key is a physical device you insert into your computer or connect to your smartphone. Unlike codes sent via SMS or apps, security keys are immune to phishing attacks because they only work with registered websites.

What makes security keys particularly effective is their immunity to phishing attacks. Traditional two-factor authentication methods, like SMS codes, can be intercepted by attackers posing as legitimate services -- like in a SIM swap attack.

However, security keys are different. They are bound to the specific websites you register them with, meaning they won't work on fraudulent sites that try to mimic legitimate ones.

Even if a hacker manages to steal your password, they won't be able to access your account without the physical key.

By implementing measures like credit freezes, strong passwords, two-factor authentication, and using security keys, you can significantly reduce your risk of becoming a victim.

Stay vigilant, keep your security practices up to date, and remember that in the digital world, your best defense is always being one step ahead of potential attackers. Taking these precautions today can save you from potential headaches and financial losses in the future.



Read on AppleInsider

dewme

Comments

  • Reply 1 of 7
    profprof Posts: 94member
    A recent data breach exposed sensitive information including social security numbers for billions of people globally
    Sure, leaked social security numbers for billions of people globally... for a concept that is very much unique to the US (and of course it's billions of citizens).

    appleinsideruserwatto_cobra
  • Reply 2 of 7
    gatorguygatorguy Posts: 24,594member
    prof said:
    A recent data breach exposed sensitive information including social security numbers for billions of people globally
    Sure, leaked social security numbers for billions of people globally... for a concept that is very much unique to the US (and of course it's billions of citizens).

    The affected are residents of the US, Canada, and the UK. When the Social Security numbers are mentioned, they are included if pertinent and not "only if you have one". 
    It's also billions of records, and not billions of unique people. 
    edited August 15
  • Reply 3 of 7
    Name, Address, Birth date, Social Security number, Phone numbers…
    More or less in the public domain in many countries. Why is this Social Security Number so sensitive to reveal? Isn’t that just a unique number for an individual?
    baconstangwatto_cobra
  • Reply 4 of 7
    hexclockhexclock Posts: 1,305member
    gunverth said:
    Name, Address, Birth date, Social Security number, Phone numbers…
    More or less in the public domain in many countries. Why is this Social Security Number so sensitive to reveal? Isn’t that just a unique number for an individual?
    Type your social sec number into this forum and wait and see. 
  • Reply 5 of 7
    longpathlongpath Posts: 399member
    gunverth said:
    Name, Address, Birth date, Social Security number, Phone numbers…
    More or less in the public domain in many countries. Why is this Social Security Number so sensitive to reveal? Isn’t that just a unique number for an individual?
    The reason is that multiple institutions use this number as a unique identifier, even though it’s technically not supposed to be used for anything other than SS benefits. Blame the IRS or the Federal Reserve, if you prefer. Congress has allowed the SS number to become the de facto unique identifier but done nothing to secure it in any way.
    gatorguy
  • Reply 6 of 7
    blastdoorblastdoor Posts: 3,528member
    Instead of doing real things to improve data security and privacy, it seems most governments are working to undermine security and privacy. I think it’s out of ignorance rather than malevolence, but governments need to wake up to the threat to human civilization posed by poor information security. We need a top to bottom rethink and willingness to accept that protecting citizens from bad guys getting their info might just have to mean law enforcement can’t always get what it wants.
  • Reply 7 of 7
    avon b7avon b7 Posts: 7,971member
    It is impossible to stop unique identifying and readable numbers seeping out to the internet.

    Having billions of them floating around in a packaged format might make getting access to them easier but that shouldn't make identity theft itself an easy task.

    In the digital age, digital problems require digital solutions so the burden should fall on those who provide services to implement stricter vetting.

    Flimsy proof of identity is often the first foot in the door. 

    Someone tried to open a bank account in the UK with my brother's information but a backroom call from the bank to my brother's phone plus a message sent through the messaging system of his banking app, thwarted the attempt.

    It definitely seems as though the US has a problem with identity theft but I don't know if it is statistically significant when compared to other countries. I've always seen the claims of high incidence but there are a lot of people in the US so that might have an impact on the numbers. 

    Here in Spain I have to use varying systems (with varying degrees of security requirements) to access sensitive information. Viewing information might require a certain system but modifying information/making payments etc will require a higher level of interaction. 

    To get my Gov.UK ID I had to jump through a few hoops that required scanning my passport with one app and them scanning my face with another etc.

    Similar to in Spain. Even something as simple a playing the lottery online required a special online scanning process of my ID card, face etc.
Sign In or Register to comment.