You may have heard about a lawsuit filed regarding a data breach concerning social security numbers. I encourage you to read at least the first few pages of the linked class action complaint to see how massive a violation of privacy this is.

The data breach concerns National Public Data, a company which offers background checks. They collect personally identifiable information (PII) as a part of their business. The defendant claims that NPD scraped PII from non-public sources (¶11). NPD then stored the data in an insecure manner and did not adequately protect this personal information (¶25). Consequently, a hacking group by the name of “USDoD” stole records of 2.9 billion individuals from NPD. According to the document, the data was independently reviewed by VX-underground, the cybersecurity company. They confirmed the breach included full names, address and address history, and social security numbers. They were also able to identify familial connections, both living and deceased (¶ 22-24).

Based on this class action complaint, NPD’s conduct was grossly negligent, leading to potential identity theft for almost anyone in the United States. It was also a massive privacy violation by scraping data from non-public sources. Even after they took millions of Americans personal information, they failed to secure the data from hackers.

Criminals can ruin your life if they target you with this information. They can open lines of credit without you knowing. You might only find out until creditors call you, demanding that you pay them back (¶60).

So, yeah. I am very concerned. I’ll have to figure out how to defend against this identity theft. Overall, I’m new to the privacy community, but I’m feeling like “privacy” in the United States is an absolute mess. If your data wasn’t somewhere on the dark web, it might be now. Protect your data. Stay safe.

  • refalo
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    4 months ago

    Can’t someone who has your SSN just thaw it themselves?

    • IphtashuFitz@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      4 months ago

      Not easily. The scammer likely has your current address & contact info, but knows nothing about your history.

      To confirm your identity when you contact these reporting agencies they will use details from your credit history by asking detailed questions the scammer likely won’t know. For example it might be questions like these:

      • What kind of car did you purchase in 2005?
      1. Honda
      2. Ford
      3. Saab
      4. Jeep
      5. None of the above
      • Which one of these companies did you work for previously?
      1. IBM
      2. Pizza Hut
      3. Macy’s
      4. Jiffy Lube
      5. None of the above

      They’ll throw 3 or 4 questions like these at you that you’ll have to answer correctly. They might involve places you used to live, banks you have had accounts with, etc. The chances of a scammer with your SSN knowing all these details about you is pretty tiny.