Hackers may have stolen the Social Security numbers of every American. Here's how to protect yourself (2024)

About four months after a notorious hacking group claimed to have stolen an extraordinary amount of sensitive personal information from a major data broker, a member of the group has reportedly released most of it for free on an online marketplace for stolen personal data.

The breach, which includes Social Security numbers and other sensitive data, could power a raft of identity theft, fraud and other crimes, said Teresa Murray, consumer watchdog director for the U.S. Public Information Research Group.

“If this in fact is pretty much the whole dossier on all of us, it certainly is much more concerning” than prior breaches, Murray said in an interview. “And if people weren’t taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them.”

Advertisem*nt

According to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Fla., the hacking group USDoD claimed in April to have stolen personal records of 2.9 billion people from National Public Data, which offers personal information to employers, private investigators, staffing agencies and others doing background checks. The group offered in a forum for hackers to sell the data, which included records from the United States, Canada and the United Kingdom, for $3.5 million, a cybersecurity expert said in a post on X.

The lawsuit was reported by Bloomberg Law.

Last week, a purported member of USDoD identified only as Felice told the hacking forum that they were offering “the full NPD database,” according to a screenshot taken by BleepingComputer. The information consists of about 2.7 billion records, each of which includes a person’s full name, address, date of birth, Social Security number and phone number, along with alternate names and birth dates, Felice claimed.

Advertisem*nt

Business

Information on nearly all customers of the telecommunications giant AT&T was downloaded to a third-party platform in a 2022 security breach.

July 12, 2024

National Public Data didn’t respond to a request for comment, nor has it formally notified people about the alleged breach. It has, however, been telling people who contacted it via email that “we are aware of certain third-party claims about consumer data and are investigating these issues.”

In that email, the company also said that it had “purged the entire database, as a whole, of any and all entries, essentially opting everyone out.” As a result, it said, it has deleted any “non-public personal information” about people, although it added, “We may be required to retain certain records to comply with legal obligations.”

Several news outlets that focus on cybersecurity have looked at portions of the data Felice offered and said they appear to be real people’s actual information. If the leaked material is what it’s claimed to be, here are some of the risks posed and the steps you can take to protect yourself.

The threat of ID theft

The leak purports to provide much of the information that banks, insurance companies and service providers seek when creating accounts — and when granting a request to change the password on an existing account.

A few key pieces appeared to be missing from the hackers’ haul. One is email addresses, which many people use to log on to services. Another is driver’s license or passport photos, which some governmental agencies rely on to verify identities.

Still, Murray of PIRG said that bad actors could do “all kinds of things” with the leaked information, the most worrisome probably being to try to take over someone’s accounts — including those associated with their bank, investments, insurance policies and email. With your name, Social Security number, date of birth and mailing address, a fraudster could create fake accounts in your name or try to talk someone into resetting the password on one of your existing accounts.

“For somebody who’s really suave at it,” Murray said, “the possibilities are really endless.”

It’s also possible that criminals could use information from previous data breaches to add email addresses to the data from the reported National Public Data leak. Armed with all that, Murray said, “you can cause all kinds of chaos, commit all kinds of crimes, steal all kinds of money.”

California

Phishing attack hits L.A. County public health agency, jeopardizing 200,000-plus residents’ personal info

The personal information of more than 200,000 people in Los Angeles County was potentially exposed after a hacker used a phishing email to steal login credentials.

June 14, 2024

How to protect yourself

Data breaches have been so common over the years, some security experts say sensitive information about you is almost certainly available in the dark corners of the internet. And there are a lot of people capable of finding it; VPNRanks, a website that rates virtual private network services, estimates that 5 million people a day will access the dark web through the anonymizing TOR browser, although only a portion of them will be up to no good.

Advertisem*nt

If you suspect that your Social Security number or other important identifying information about you has been leaked, experts say you should put a freeze on your credit files at the three major credit bureaus, Experian, Equifax and TransUnion. You can do so for free, and it will prevent criminals from taking out loans, signing up for credit cards and opening financial accounts under your name. The catch is that you’ll need to remember to lift the freeze temporarily if you are obtaining or applying for something that requires a credit check.

Technology and the Internet

Are you the victim of identity theft? Here’s what to do

If you’re a victim of identity thieves or a data hack, you need to act quickly. Here’s what to do to protect yourself.

Oct. 26, 2022

Placing a freeze can be done online or by phone, working with each credit bureau individually. PIRG cautions never to do so in response to an unsolicited email or text purporting to be from one of the credit agencies — such a message is probably the work of a scammer trying to dupe you into revealing sensitive personal information.

For more details, check out PIRG’s step-by-step guide to credit freezes.

You can also sign up for a service that monitors your accounts and the dark web to guard against identity theft, typically for a fee. If your data is exposed in a breach, the company whose network was breached will often provide one of these services for free for a year or more.

If you want to know whether you have something to worry about, multiple websites and service providers such as Google and Experian can scan the dark web for your information to see whether it’s out there. But those aren’t specific to the reported National Public Data breach. For that information, try a free tool from the cybersecurity company Pentester that offers to search for your information in the breached National Public Data files. Along with the search results, Pentester displays links to the sites where you can freeze your credit reports.

As important as these steps are to stop people from opening new accounts in your name, they aren’t much help protecting your existing accounts. Oddly enough, those accounts are especially vulnerable to identity thieves if you haven’t signed up for online access to them, Murray said — that’s because it’s easier for thieves to create a login and password while pretending to be you than it is for them to crack your existing login and password.

Advertisem*nt

Trump campaign says its emails were hacked

Former President Trump’s campaign says it has been hacked and is blaming Iranian actors, saying they stole and distributed sensitive internal documents.

Aug. 10, 2024

Of course, having strong passwords that are different for every service and changed periodically helps. Password manager apps offer a simple way to create and keep track of passwords by storing them in the cloud, essentially requiring you to remember one master password instead of dozens of long and unpronounceable ones. These are available both for free (such as Apple’s iCloud Keychain) and for a fee.

Beyond that, experts say it’s extremely important to sign up for two-factor authentication. That adds another layer of security on top of your login and password. The second factor is usually something sent or linked to your phone, such as a text message; a more secure approach is to use an authenticator app, which will keep you secure even if your phone number is hijacked by scammers.

Yes, scammers can hijack your phone number through techniques called SIM swaps and port-out fraud, causing more identity-theft nightmares. To protect you on that front, AT&T allows you to create a passcode restricting access to your account; T-Mobile offers optional protection against your phone number being switched to a new device, and Verizon automatically blocks SIM swaps by shutting down both the new device and the existing one until the account holder weighs in with the existing device.

Your worst enemy may be you

As much or more than hacked data, scammers also rely on people to reveal sensitive information about themselves. One common tactic is to pose as your bank, employer, phone company or other service provider with whom you’ve done business and then try to hook you with a text or email message.

Banks, for example, routinely tell customers that they will not ask for their account information by phone. Nevertheless, scammers have coaxed victims into providing their account numbers, logins and passwords by posing as bank security officers trying to stop an unauthorized withdrawal or some other supposedly urgent threat.

People may even get an official-looking email purportedly from National Public Data, offering to help them deal with the reported leak, Murray said. “It’s not going to be NPD trying to help. It’s going to be some bad guy overseas” trying to con them out of sensitive information, she said.

Advertisem*nt

It’s a good rule of thumb never to click on a link or call a phone number in an unsolicited text or email. If the message warns about fraud on your account and you don’t want to simply ignore it, look up the phone number for that company’s fraud department (it’s on the back of your debit and credit cards) and call for guidance.

“These bad guys, this is what they do for a living,” Murray said. They might send out tens of thousands of queries and get only one response, but that response could net them $10,000 from an unwitting victim. “Ten thousand dollars in one day for having one hit with one victim, that’s a pretty good return on investment,” she said. “That’s what motivates them.”

More to Read

  • Editorial: A ransomware attack closed L.A. courts for two days. The public deserves a full accounting

    Aug. 13, 2024

  • Column: Why hugely profitable corporations won’t spend enough to keep hackers from stealing your private info

    July 17, 2024

  • LAUSD investigates claims that student and teacher data are for sale on the dark web

    June 7, 2024

Hackers may have stolen the Social Security numbers of every American. Here's how to protect yourself (2024)

FAQs

How do you protect yourself if your SSN is stolen? ›

If you know your Social Security information has been compromised, you can request to Block Electronic Access. This is done by calling our National 800 number (Toll Free 1-800-772-1213 or at our TTY number at 1-800-325-0778).

Has everyone's Social Security number been stolen? ›

It hasn't been confirmed that the Social Security number of every American was leaked. The lawsuit says the plaintiff got an alert in July from an identity theft protection company saying his Social Security number had been leaked as a result of a breach of National Public Data.

How to protect from Social Security hacks? ›

How to freeze your credit
  1. Equifax: Go to the Equifax consumer services center or call 888-378-4329.
  2. TransUnion: Go to the TransUnion's website or call 800-916-8800.
  3. Experian: Contact Experian's security freeze center or call 888-397-3742.
10 hours ago

Who stole the Social Security number? ›

The theft happened in April, according to a class-action lawsuit filed in federal court in Fort Lauderdale, Florida. It says the hacking group known as USDoD stole the records from National Public Data, which offers personal information to employers, private investigators and others who do background checks.

How do I lock my SSN from being used? ›

First, you can contact the Social Security Administration by phone at 800-772-1213 and request to block electronic access to your Social Security information. This process prevents anyone — including you — from changing or accessing your Social Security record.

How do I check if my SSN is being used? ›

If you think someone may be using your SSN to work, check your Social Security Personal Earnings and Benefit Statement. You can get a copy by calling 1-800-772-1213, or online at www.ssa.gov/online/ssa-7004.pdf.

Can you get a new Social Security number if someone steals your identity? ›

If you decide to apply for a new number, you'll need to prove your identity, age, and U.S. citizenship or immigration status. For more information, ask for Your Social Security Number and Card (Publication Number 05-10002). You'll also need to provide evidence that you're having ongoing problems because of the misuse.

Can you recover from SSN theft? ›

Submit a report with IdentityTheft.gov

The report will also provide you with a recovery plan and advise you on ways to rebuild your credit. Alerting the government about your stolen identity can ensure you have a report on file if they detect suspicious activity on your tax return or other federal documents.

Can you be tracked by your SSN? ›

Public database monitoring.

Criminals can use your SSN to commit crimes or even put your name on the sex offender's list. By monitoring public databases around the country, you'll be alerted if anyone has used your SSN or identity for nefarious purposes.

How do I make my SSN more secure? ›

PRACTICES TO AVOID
  1. Never list an SSN when posting a paper record on a public bulletin board.
  2. Never send SSNs via an electronic format.
  3. Never have a computer log-in system where a person has to use their SSN.
  4. Never use SSNs on ID cards.
  5. Never send SSNs on postcards.
  6. Never store SSNs on unprotected computer systems.

How do I password protect my SSN? ›

You may not be aware of it, but you can lock your Social Security number to prevent unauthorized access if your SSN has been compromised. To block electronic access to your SSN, call the Social Security Administration at 800-772-1213.

Can you protect yourself from being hacked? ›

Using dual-factor authentication on your accounts adds an extra layer of security for your online data. It makes it harder for a hacker to get access to your online information, even if able to crack your password. Hackers will still need to bypass another security layer in a time-sensitive login process.

How to check SSN breach? ›

Keep monitoring

There are online services that you can check, like Have I Been Pwned, a free website that shows if your email has been involved in a data breach. Malwarebytes' Digital Footprint Portal does a similar job but it can also check whether your info has been posted on the dark web.

Who picks your Social Security number? ›

Since 1972, the Social Security Administration has been issuing SSN's centrally from its headquarters in Baltimore. The area code now indicates the person's State of residence as shown on the SSN application. There are several exceptions to these rules.

Who has the right to your Social Security number? ›

Anyone can refuse to disclose his or her number, but the requester can refuse its services if you do not give it. Businesses, banks, schools, private agencies, etc., are free to request someone's number and use it for any purpose that does not violate a federal or state law.

Can you freeze your Social Security number? ›

You also can lock your SSN by visiting the Department of Homeland Security's myE-Verify website. Activating the site's Self Lock feature can stop someone from using your SSN for employment fraud. Keep in mind that you're not able to "freeze" your SSN, meaning that it can't be used at all.

What do I do if my Social Security check is stolen? ›

If you still need to report a late, missing, or stolen Social Security payment, call us toll-free at 1-800-772-1213 (TTY 1-800-325-0778) or contact your local Social Security office. We will review the case and if the payment is due, we will replace it.

How much does it cost to change your Social Security number? ›

There is no charge for correcting your Social Security card or getting one for the first time.

Top Articles
Sperm Donor Profile for Donor 5477
Vibrant, by Gloss Coats
Ups Notary Store Near Me
Social Security Administration Lubbock Reviews
Nene25 Sports
Craigslist Cassopolis Mi
Best Taq 56 Loadout Mw2 Ranked
Hydro Quebec Power Outage Map
Neighborhood Walmart Pharmacy Hours
Dusk Hypixel Skyblock
Timothy Warren Cobb Obituary
Roadwarden Thais
Hessaire Mini Split Remote Control Manual
Rugged Gentleman Barber Shop Martinsburg Wv
Dangerous Cartoons Act - Backlash
Ironman Kona Tracker
Nantucket Hdc
Advanced Eyecare Bowling Green Mo
Gargoyle Name Generator
Ticket To Paradise Showtimes Near Movie Tavern Bedford
Spaghetti Models | Cyclocane
Tamilblasters Movie Download Isaimini
Prey For The Devil Showtimes Near Amc Ford City 14
Hmr Properties
Class B Permit Jobs
Walmart Supercenter Nearest To My Location
Sissy Hypno Gif
25Cc To Tbsp
Conference Usa Message Boards
2005 Chevy Colorado 3.5 Head Bolt Torque Specs
Skechers Outlet Greensboro Nc
Hendraheim Skyrim
Durrell: The Alexandria Quartet - The Modern Novel
Are Swagg And Nadia Dating? The Streamers Appear More Than Friends - Eliktopia
Switchback Travel | Best Camping Chairs of 2024
Walb Game Forecast
Basis Independent Brooklyn
Rs3 Bis Perks
Philasd Zimbra
Deborah Clearbranch Psychologist Georgia
Goose Band Setlists
Sheex Sheets Review (2024) | Mattress Nerd
Associate Resources Aces-How To Create An Account And How Its Features Work
Nobivac Pet Passport
Colonial Interceptor
Splunk Stats Count By Hour
A1.35.3 Spanish short story: Tending the Garden
Bostick Thompkins Funeral Home
Enter The Gungeon Gunther
Ukg Dimensions Urmc
Leslie Pool Supply Simi Valley
Ms Trigger Happy Twitter
Latest Posts
Article information

Author: Tyson Zemlak

Last Updated:

Views: 6031

Rating: 4.2 / 5 (43 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Tyson Zemlak

Birthday: 1992-03-17

Address: Apt. 662 96191 Quigley Dam, Kubview, MA 42013

Phone: +441678032891

Job: Community-Services Orchestrator

Hobby: Coffee roasting, Calligraphy, Metalworking, Fashion, Vehicle restoration, Shopping, Photography

Introduction: My name is Tyson Zemlak, I am a excited, light, sparkling, super, open, fair, magnificent person who loves writing and wants to share my knowledge and understanding with you.