About four months after hacking group USDoD (not to be confused with the U.S. Department of Defense) stole personal records of 2.9 billion people in a data breach of National Public Data, a member of the group has reportedly released most of the data for free on an online marketplace for stolen personal data.
National Public Data is an organization which offers personal information to employers, private investigators, staffing agencies, and others doing background checks. The data of the victims that was stolen includes Social Security numbers.
The threat of identity theft looms large. The breach of National Public Data did not include email addresses, which many people use to log on to services. However, any number of other data breaches could provide that information to bad actors. Consolidated with the data from this breach, bad actors could create fake accounts in victims' names, talk someone into resetting passwords on victims' existing accounts, or steal money.
If you suspect that your Social Security number has been leaked or stolen, experts say you should freeze your credit files at the three major credit bureaus. There are services that monitor your accounts and the dark web to guard against identity theft. Finally, two-factor authentication on accounts adds another layer of security on top of login credentials.
Be wary of scammers posing as services that a victim uses, trying to deceive victims into voluntarily giving their information, thinking they are genuine security officers of their bank or other service provider. As a general rule, avoid clicking on links or calling phone numbers in unsolicited texts or emails. Avoid giving account information to anyone claiming to be a security officer without verifying that you are speaking to the company's genuine fraud department. Jon Healey "Hackers may have stolen the Social Security numbers of every American. Here's how to protect yourself" latimes.com (Aug. 13, 2024).
Commentary
With regard to determining whether passwords or passphrases have been compromised, there are a number of sites that can check whether your accounts have been involved in a known or suspected breach.
Troy Hunt's "Have I Been Pwned" site, allows users to enter their email address or username, and the site will return whether any associated accounts have been involved in any data breaches known to the site. Similarly, the associated "1Password" password manager updates the user if any of the associated accounts have been compromised according to the Have I Been Pwned site.
Finally, the Google Chrome web browser has a feature that includes a password check whenever the user logs in on a website, alerting the user that the passwords has been involved in a known data breach. Davey Winder "Has Your Password Been Stolen? Here's How To Find Out" forbes.com (Apr. 14, 2022).
Here are the types of data cybercriminals like to acquire:
Bank and financial account numbers
Credit card numbers
Stock account numbers
Retirement account numbers
Loan or line of credit numbers
Social Security numbers
PIN numbers
Login or user names
Passwords
Driver's license numbers
Health insurance information
Health records
Birthdates
Email addresses
Personal addresses
Telephone numbers
Private images
Trade secrets
Customer lists
Customer credit card and financial account information
Business plans
Business processes
Any other type of financial or other account information