Social Security Numbers Leaked in Massive Hack: What You Need to Know

We see news about sweeping, detrimental cyberattacks nearly every day, but the news surfacing this week is unprecedented. The massive breach of National Public Data is one of the worst, widest-ranging cyberattacks we have seen in recent years, with urgent and potentially devastating repercussions for millions of Americans. Here’s what you need to know.

In April, a hacker group by the name of USDoD orchestrated a massive cyberattack against the background check company National Public Data (NPD), which exposed the personal information of 2.9 billion individuals. Yes, you read that right – 2.9 BILLION individuals.

The leaked data reportedly includes Social Security numbers, full names, addresses, and more, sparking widespread concerns about identity theft and financial fraud. A class-action lawsuit filed in Fort Lauderdale, Florida and reported on by journalists at Bloomberg Law details the scope of the attack and NPD’s response.

A press release from the law firm conducting the class-action lawsuit claims that 277.1 gigabytes of data were released in the hack, including names, addresses, Social Security numbers, and relatives.

According to cybersecurity experts, the hacking group attempted to sell the records of U.S., U.K., and Canadian victims on the dark web in exchange for $3.5 million. It is unclear whether the data was sold, but since April, a hacker known as “Fenice” allegedly leaked the data for free.

First of all, over 277 gigabytes of data is a lot. One gigabyte is approximately 1 billion bytes of data. One gigabyte can store approximately 678,000 pages of text. The amount in this hack, 277GB, could store 187,806,000 pages. That’s over 125,000 copies of the Bible. Suffice to say, the scale of this attack is massive.

Further, the information leaked is more than your typical cyberattack. Most large-scale hacks and data breaches we see involve usernames and passwords, or at the worst, credit card and financial information of victims. This attack directly targeted and leaked some of the most sensitive identity data possible: Social Security numbers. With Social Security numbers and your address, relatives and other identity data, bad actors can open new lines of credit, commit fraud, and cause drastic financial harm. It’s the cyberhacking equivalent of going for the jugular.

The truth is, we are living in the wild west of cybersecurity. Technology is rapidly changing, hackers have more powerful tools than ever before, and the large organizations handling our most sensitive data are simply not keeping up. Watching these attacks unfold in real time sometimes feels like watching a thief break into a home using a wrecking ball.

However, we’re not going to be 100% doom and gloom about the state of cybersecurity. There ARE actions you can take to protect yourself, your data, and your identity.

1. Credit Freezes: Consumers are advised to place a security freeze on their credit reports with major bureaus—Equifax, Experian, and TransUnion—to prevent unauthorized access.
2. Vigilant Monitoring: Regularly checking bank statements, credit reports, and online accounts for any unusual activity is crucial. Early detection of suspicious activity can help mitigate potential damage.
3. Password Management: Using strong, unique passwords for each account.
4. Enable Multi-Factor Authentication: This adds layers of security, making it harder for hackers to gain unauthorized access.
5. Beware of Phishing Scams: Post-breach, there’s an increased risk of phishing attacks. Consumers should be wary of emails or messages requesting personal information or creating a sense of urgency.
6. Beware of Phone spoofing: Beware of unexpected phone calls in which hackers may pose as your bank or other institutions to glean more of your personal data.

In addition to these steps, industry experts recommend keeping security software up to date and considering dark web monitoring services. These tools can help detect if personal data has been leaked online, which can help you decide which steps to take next.

If you’re looking to add cybersecurity software to your business’s arsenal, 2b1 Care is a 360 degree cybersecurity platform. Our team provides the capabilities you need to prevent, mitigate, and resolve cyberattacks at all stages. With hackers empowered with incredibly dangerous technology, 2b1 has worked tirelessly to build a tool that will detect and alert you to sophisticated cyberattacks. You can read more about our services here.

The NPD breach has led to a class-action lawsuit and has absolutely raised significant concerns about our digital infrastructure.

Senator Rick Scott of Florida has chimed in on the need for stricter digita; protections. “It is disturbing and unacceptable that Americans are just now learning of this massive hack.. It is absolutely critical that threats such as this hack are dealt with swiftly and not allowed to become yet another source of concern and anxiety for hardworking American families.” We hope a data breach of this size and severity will spur U.S. representatives to seriously consider the needs for robust policy regarding data privacy, cybersecurity protections, and consumer rights.

If you are worried about your data following this cyberattack, we recommend monitoring your accounts and taking the steps above to freeze your credit. If you’re interested in 2b1 Care’s suite of cybersecurity tools or want to discuss cybersecurity for your business, contact our team now.