Could this be the biggest data breach ever? National Public Data (NPD), a background check company, was hacked in December 2023 and they finally admitted to have exposed the full Social Security Numbers from nearly everyone in the United States (gift article). Atlas Data Privacy found 272 million unique SSNs in the database of 2.7 billion records. The entire US population is only about 330 million. ?
This LA Times article adds more detail about how NPD has delayed and withheld information about this huge hack. Unfortunately, our knowledge of their ineptitude keeps growing: National Public Data Published Its Own Passwords The best title goes to Wired (paywall) with The Slow-Burn Nightmare of the National Public Data Breach.
Cybersecurity firm Pentester has released this NPD Breach Check Tool that lets you enter just your name and birth year to see if your data is included. With just this little bit of information, the tool was able to provide evidence that they knew my historical addresses, phone number, full Social Security Number, and date of birth. ?
We’re getting close to the point where Social Security numbers will not be secret enough to provide any assurance for identity verification. I believe that these data brokers should each first have to pay us a subscription fee for the right to store and resell our personal data, on top of being financially liable if they lose it. 300 years of “free credit monitoring” is not adequate.
These media articles recommend the following actions:
- Freeze your credit reports. Also consider freezing the reports for your minor children. Experian is the most annoying. Don’t fall for their upsells and “Experian CreditLock”, which is not the same as a free Freeze!
- Use multi-factor authentication whenever possible. Hardware keys, authenticator apps, or at the minimum SMS texts.
- Set up account alerts. Just be sure those alerts aren’t phishing attempts themselves. Don’t click on vague links. Visit sites directly.
- Harden your personal e-mail address. The e-mail where your password resets arrive is one of the most valuable targets for criminals.
