Hackers Leak 2.7 Billion Social Security Numbers

Topic

New Reply

[Lars220]

Hackers leak 2.7 billion data records with Social Security numbers
By Lawrence Abrams  –  August 11, 2024  –  Bleeping Computer

“Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases. – – – If you live in the US, this data breach has likely leaked some of your personal information. As the data contains hundreds of millions of social security numbers, it is suggested that you monitor your credit report for fraudulent activity and report it to the credit bureaus if detected. Furthermore, as previously leaked samples also contained email addresses and phone numbers, you should be vigilant against phishing and SMS texts attempting to trick you into providing additional sensitive information.”

Note, I may have gotten the title wrong, not sure if there are actually that many Social Security numbers ever even issued, probably just “data records”, but that sure does seem like a lot. Enough for everyone in the USA maybe (?) Stay Alert!

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

• This topic was modified 7 months ago by Lars220.
• This topic was modified 7 months ago by Lars220.

5 users thanked author for this post.

Cybertooth, SueW, Alex5723, windbg, Captain Al

Reply | Quote

Replies

For USA based readers, and others just for information:
Clark Howard, a leading consumer advocate and money expert, has been sharing practical advice to help people for more than 30 years. The following links will give good instructions on how to “Freeze” your credit at 7 – yes SEVEN Credit Bureaus. Includes the 3 major bureaus and 4 minor bureaus that most people have never heard of. Clark provides names, addresses, telephone numbers, and websites to contact these credit bureaus. Even if you only do the 3 major credit bureaus, go ahead and read about the minors also.
Please visit these two links for more information:

How To Freeze and Unfreeze Your Credit
With Experian, Equifax and TransUnion
https://clark.com/credit/credit-freeze-and-thaw-guide/

Should I Freeze My Credit With the Other Credit Bureaus?
https://clark.com/credit/smaller-credit-bureaus-credit-freeze/

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

10 users thanked author for this post.

dataman1701, snissen, windbg, Steve, Cybertooth, jburk07, SueW, SB9K, WCHS, opti1

Reply | Quote

Social Security Numbers consist of only nine digits, so obviously cannot be more than one billion — and that would be if every possible number were to be issued, which is not done because some blocks are reserved.

Also from the same Bleeping Computer article:

“It is important to note that a person will have multiple records, one for each address they are known to have lived. This also means that this data breach did not impact 3 billion people as has been erroneously reported in many articles that did not properly research the data.”

3 users thanked author for this post.

Microfix, satrow, Lars220

Reply | Quote

Lars220 wrote:

Note, I may have gotten the title wrong, not sure if there are actually that many Social Security numbers ever even issued, probably just “data records”

Thank you for your input.

Amazing Truths Revealed: Link to Simply Magnificent AskWoody Knowledge Bases

Reply | Quote

dg1261 wrote:

Social Security Numbers consist of only nine digits

““Almost 2.7 billion records of personal information for people..”

1 user thanked author for this post.

SueW

Reply | Quote

National Public Data Published Its Own Passwords

..KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today…

a reader alerted KrebsOnSecurity that a sister NPD property — the background search service recordscheck.net — was hosting an archive that included the usernames and password for the site’s administrator…

1 user thanked author for this post.

windbg

Reply | Quote

National Public Data Breach: Only 134 Million Unique Emails Leaked and Company Acknowledges Incident

..Troy Hunt, security expert and creator of the Have I Been Pwned breach checking service, investigated the leaked dataset and found it only contained 134 million unique email addresses as well as 70 million rows from a database of U.S. criminal records. The email addresses were not associated with the SSNs.

Other records in the dataset include a person’s name, mailing address, and SSN, but some also contain other sensitive information, such as names of relatives, according to Bloomberg…

3 users thanked author for this post.

Cybertooth, windbg, dg1261

Reply | Quote

Alex5723 wrote:

National Public Data Breach: Only 134 Million Unique Emails Leaked and Company Acknowledges Incident

Quoting from the underlying techrepublic article:

Several websites have been set up to help individuals check if their information has been exposed in the National Public Data breach, including npdpentester.com and npdbreach.com.

Note the npdpentester site demands you disable any ad blockers before it will continue. Oh, the irony! A site purportedly aiming to help you determine if your privacy has been breached, insists that they be allowed to invade your privacy!

 

7 users thanked author for this post.

Steve, WSbobby-p, Alex5723, Cybertooth, SueW, NaNoNyMouse, satrow

Reply | Quote

The TechRepublic article says that

At the time, the malware website VX-Underground said this data dump does not contain information on people who use data opt-out services.

At the risk of sounding naive, what exactly is a “data opt-out service”? The term is unfamiliar and rather vague, so maybe I’m even already using one without being aware of it.

 

Keep Running Windows 7 Safely for Years to Come  
Make Windows 10 look and work like Windows 7

Reply | Quote

Cybertooth wrote:

data opt-out service

https://www.wired.com/story/opt-out-data-broker-sites-privacy/

3 users thanked author for this post.

windbg, dg1261, Cybertooth

Reply | Quote

dg1261 wrote:

Quoting from the underlying techrepublic article:

“Several websites have been set up to help individuals check if their information has been exposed in the National Public Data breach, including npdpentester.com and npdbreach.com.”

Note the npdpentester site demands you disable any ad blockers before it will continue.

Following this story elsewhere, I noticed that in his “Security Now” podcast Steve Gibson reported the search website as npd.pentester.com, which seems to be what TechRepublic maybe intended. So the npdpentester variation could just be some typo-squatting opportunist looking to cash in on some easy ad revenue.

Also, podcast host Leo Laporte discovered on air (fast forward to 1:39:00 in the above link) that his wife’s info was conspicuously missing from the breached database. She uses the “DeleteMe” opt-out service, so his discovery became an impromptu testimonial for the service. (Not that it helps any of us now that the horse is out of the barn, but existing customers of the service appear to have gotten their money’s worth.)

 

4 users thanked author for this post.

Steve, SueW, snissen, Cybertooth

Reply | Quote

FWIW, one of the data monitoring services I subscribe to notified me on Monday Sep 16 that my private data was just found on the dark web. So we know that even the most protected data is now available for sale because of this National Public Data breach.

BTW, I use the DeleteMe service too, to opt out of data brokers, but it doesn’t monitor the dark web.

1 user thanked author for this post.

SueW

Reply | Quote

Microsoft : National Public Data breach: What you need to know

In early 2024, National Public Data, an online background check and fraud prevention service, experienced a significant data breach. Over 2.7 billion records with highly sensitive personal data of nearly 170 million people were exposed…

This article provides detailed information about the breach, the data exposed, and recommended actions to help you stay safe…

Microsoft Defender is part of the Microsoft 365 personal or family subscriptions and includes identity theft monitoring. If you’ve enabled identity theft monitoring, you’ll automatically receive an email or push notification if your data is found in the NPD breach or future breaches.

If you’ve enabled identity theft monitoring, you’ll also have access to the following features to help reduce the impact from this breach:

Credit monitoring: Microsoft Defender includes credit monitoring, which actively tracks your credit file for any new events (like new accounts, inquiries, or negative items) that may harm your credit and reputation. It helps safeguard your identity and finances by promptly notifying you of such occurrences, allowing you to take action right away to help prevent identity theft and fraud.

Expert recommendations: Microsoft Defender provides a list of recommended actions to take based on the data found in the breach. These actions help you protect yourself from malicious actors.

Restoration support: Microsoft Defender subscribers have access to a team of restoration experts who can help answer questions and provide guidance on how to protect your identity and help restore identity theft.

Insurance: Microsoft Defender subscribers are covered by identity theft insurance1 that covers both the costs associated with identity restoration (up to $1M USD), as well as financial damages incurred because of identity theft (up to $100k USD)…

Not a Microsoft 365 subscriber?

Do you want to know if your personal data is compromised? Microsoft offers a free identity scan using Microsoft Defender to find out if your personal data is exposed on the dark web…

1 user thanked author for this post.

snissen

Reply | Quote

Saw this on our news tonight.

The company at the center of what could be the largest data breach in history has filed for bankruptcy.

The Social Security numbers of hundreds of millions of people may be involved, and the bankruptcy filing could jeopardize compensation for those victims.

New 8 On Your Side consumer investigator Brian Roche has been following this story since it broke.

About two months ago, News 8 learned of this data breach at National Public Data, a company that provides background checks for corporate clients.

The company initially said just over 1.3 million people were involved.

However, a threat actor placed a large database for sale from NPD on the dark web, claiming it had the data points of 2.9 billion consumers – both dead and alive – including Social Security numbers.

NPD confirms the breach involved the names, email addresses, phone numbers and mailing addresses of “hundreds of millions” of victims.

To no great surprise, several class action lawsuits were filed. At least 20 states are seeking civil penalties from the company.

National Public Data filed for bankruptcy last week, claiming it has less than $50,000.

That makes it highly unlikely that consumers are going to see a dime from this whole thing, including any kind of credit monitoring.

https://www.wgal.com/article/national-public-data-files-for-bankrupcy-after-massive-data-breach/62601448

Windows 11 Pro
Version 23H2
OS build 22631.4890

4 users thanked author for this post.

Steve, SueW, windbg, Alex5723

Reply | Quote