You may not be familiar with
National Public Data, but it's a company that profits by selling access to
personal data—your data—to credit card companies, employers, and private
investigators. Recently, a hacker group named USDoD stole approximately 2.9
billion records from this company, possibly including your Social Security
number (SSN).
USDoD originally sought to
sell the stolen data for $3.5 million. However, before they could cash in,
another hacker group, Fenice, took the data and leaked it on the dark web.
How Bad Is the Breach?
According to security experts
at Vx-Underground, the leaked data includes:
- First and last names
- Current and past addresses
(up to 30 years)
- Social Security numbers
Vx-Underground also noted that
the breach does not affect individuals who use data opt-out services—tools that
allow you to remove your information from certain databases. But if you're not
one of those individuals, your personal details could be part of the 277GB of
data now available for fraud and identity theft. While the breach may not
affect 2.7 billion unique people, the risk of identity theft remains serious.
What to Do First
The first step is to see if
your data is part of the breach. A quick way to do this is by using the website
*Have I Been Pwned*. Just enter your email, and within seconds, you’ll know
which data breaches have compromised your information.
While many breaches are
relatively minor—such as leaking your chess.com email—others, like the USDoD
breach, pose a greater threat.
Protect Yourself
If your information has been
exposed, it’s crucial to assess the risk. If you suspect your data is being
misused, consider signing up for an identity theft protection service. ZDNET
recommends Aura as a top choice for identity protection and credit monitoring.
But simply having these
services isn't enough—you should regularly check your credit reports for
unauthorized activity. Any suspicious transactions should be reported to the
credit bureaus (Experian, Equifax, and TransUnion). You might also want to
freeze your credit to prevent anyone from opening new accounts in your name.
Additionally, stay alert for
phishing attacks. Scammers often use leaked data to craft convincing emails,
texts, or phone calls. Be cautious of messages claiming your accounts have been
hacked or offering deals that seem too good to be true. Never click on links
from unsolicited messages.
What to Do If You Click on a
Phishing Link
If you accidentally click on a
phishing link, don’t panic—just act quickly:
1. **Disconnect from the
internet**: Prevent any malware from spreading.
2. **Back up your important
data**: Use an external hard drive or USB.
3. **Run antivirus software**:
If you don’t have any installed, download it from another device.
4. **Change your passwords**:
Focus on banking and credit card accounts first, using strong, unique
passwords.
5. **Enable multi-factor
authentication**: Add an extra layer of security to your accounts.
If our Social Security Number
Is Compromised
If you suspect your SSN has
been exposed, follow these steps:
1. **Report identity theft to
the FTC**: Visit *IdentityTheft.gov* to file a report and get a recovery plan.
2. **File a police report**:
This documentation can be helpful, even if local law enforcement can’t
immediately investigate.
3. **Check your credit
reports**: Use *AnnualCreditReport.com* to monitor any unauthorized accounts or
activity.
4. **Freeze your credit**:
Contact Equifax, Experian, and TransUnion to prevent new accounts from being
opened in your name.
5. **Review your Social
Security statement**: Watch for unreported income or other suspicious activity.
Additionally, contact the IRS
to prevent tax-related fraud:
- **Call the IRS Identity
Protection Specialized Unit**: Reach them at 1-800-908-4490 for assistance.
- **Submit an Identity Theft
Affidavit**: Fill out IRS Form 14039 if you suspect fraud, either online or by
mail.
- **Respond to IRS notices**:
If the IRS alerts you to suspicious activity, follow their instructions
carefully.
Stay Vigilant
Unfortunately, protecting your
identity is a long-term process. Even after taking these steps, you must
continue monitoring your accounts and credit reports. Identity theft recovery
is far more difficult than preventing it, so ongoing vigilance is key.
Stay proactive, and don’t
hesitate to report any suspicious activity to authorities and financial institutions
immediately.
