According to multiple news outlets, hackers may have compromised the Social Security numbers of millions of Americans. A major breach, initially claimed by a well-known hacking collective about four months ago, involved the theft of a vast amount of sensitive personal data from a leading data broker.
On April 8, the cybercriminal group known as USDoD listed a database for sale on a dark web forum, titled “National Public Data.” According to a complaint filed in the US District Court for the Southern District of Florida, the database reportedly contains the personal information of 2.9 billion individuals. The group has priced the database at $3.5 million.
A member of the group reportedly made much of this sensitive information freely available on an internet forum known for trading stolen personal data. Teresa Murray, the consumer watchdog director for the U.S. Public Interest Research Group, expressed her concerns to the Los Angeles Times about the potential consequences of the exposed Social Security numbers and other confidential data. She warned that this could lead to an increase in identity theft, fraud, and various other criminal activities.
National Public Data, a company specializing in collecting personal data for resale and background checks, is at the center of the proposed class action lawsuit. The data is said to originate from National Public Data—a business alias for Jerico Pictures, Inc.
The LA Times reported:
According to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Fla., the hacking group USDoD claimed in April to have stolen personal records of 2.9 billion people from National Public Data, which offers personal information to employers, private investigators, staffing agencies and others doing background checks.
The group offered in a forum for hackers to sell the data, which included records from the United States, Canada and the United Kingdom, for $3.5 million
The offer was made on a hacker forum, and despite not closing a deal, parts of the data had already been leaked elsewhere. Engadget noted that the latest release lacks the phone numbers and email addresses found in previous leaks. In response to this data breach, individuals are advised to take several protective measures. It’s crucial to regularly check credit reports and alert credit bureaus. Additionally, employing services that monitor both your accounts and the dark web can enhance protection against identity theft.
The breach, allegedly permitted by the Cybersecurity and Infrastructure Security Agency (CISA), has created serious concerns about the agency’s capability to protect sensitive information. CISA, which is also tasked with securing U.S. elections, is now under fire for its role in safeguarding such crucial data.
Every entry in the dataset contains a person’s name, mailing address, and social security number, and may also include alternate names linked to the individual. None of this data is protected by encryption. Unlike earlier leaks, which featured phone numbers and email addresses, this latest leak of 2.7 billion records does not include such contact details.
