A lawsuit claims that 2.9 billion records, including SSNs and addresses, may have been stolen.
Your Social Security number may be in the hands of hackers, according to a new lawsuit filed in Florida.
A hacking group known as USDoD claimed it had stolen Social Security numbers, addresses, and more sensitive data, a lawsuit filed earlier this month states. In April, USDoD allegedly stole unencrypted personal information from a data broker called National Public Data (NPD).
Here’s a closer look at this massive data breach.
What information was stolen in the data breach?
The data breach came to light thanks to a class-action lawsuit filed by a California man, who claims an identity theft protection service alerted him that his personal information had been leaked. The law firm representing Hoffman claims that 2.9 billion records were stolen from NPD, which scrapes public record databases and then sells that information to background check companies, investigators, and others. Then, on April 8, the hackers offered to sell the databases on the dark web for $3.5 million, per a press release from law firm Schubert Jonckheer & Koble.
Since then, others have leaked copies of the data, the cybersecurity news site Bleeping Computer reports.
Citing the cybersecurity site vx-underground, the law firm says the stolen file contains 277.1 gigabytes of data, including the names, address histories, relatives, and Social Security numbers “dating back at least three decades.”
Because NPD acquired the data without people knowing, “individuals may not even know that they have been affected,” the law firm notes. It also claims that NPD hasn’t confirmed the breach.
How can you protect yourself?
If your data falls into the wrong hands, it can be used to steal your identity. But there are a few things you can do to protect yourself.
- Monitor your bank accounts: Check your statements regularly, and if you see any suspicious charges, report them to your bank or credit card company.
- Place a fraud alert: If you think you may be a victim, you can also place a fraud alert on your credit. A fraud alert requires a business to verify your identity before it issues new credit in your name. Fraud alerts last one year; to add one to your report, you only need to contact one of the three major credit bureaus, Experian, Equifax, and TransUnion, per the FTC. (That company is then responsible for alerting the other two.)
- Place a credit freeze: If your identity has been stolen, “one of the most important things you can do is put a freeze on your credit report,” Ira Rheingold, executive director of the National Association of Consumer Advocates, shared with us in 2022. A credit freeze restricts access to your credit report, which means that while the freeze is in effect, no one — including yourself — will be able to open a new credit account. You can always temporarily lift a freeze if you do need to apply for credit.
- Update your passwords: Most of us are guilty of using the same password — or variations of it — across multiple accounts, but that may make stealing your identity a lot easier. The software security company, McAfee, suggests updating them and making sure each one is unique — and if you have trouble keeping track of them, using a password manager that you can refer to.
For more advice, check out our guide to preventing identity theft.
