You may have heard about a lawsuit filed regarding a data breach concerning social security numbers. I encourage you to read at least the first few pages of the linked class action complaint to see how massive a violation of privacy this is.

The data breach concerns National Public Data, a company which offers background checks. They collect personally identifiable information (PII) as a part of their business. The defendant claims that NPD scraped PII from non-public sources (¶11). NPD then stored the data in an insecure manner and did not adequately protect this personal information (¶25). Consequently, a hacking group by the name of “USDoD” stole records of 2.9 billion individuals from NPD. According to the document, the data was independently reviewed by VX-underground, the cybersecurity company. They confirmed the breach included full names, address and address history, and social security numbers. They were also able to identify familial connections, both living and deceased (¶ 22-24).

Based on this class action complaint, NPD’s conduct was grossly negligent, leading to potential identity theft for almost anyone in the United States. It was also a massive privacy violation by scraping data from non-public sources. Even after they took millions of Americans personal information, they failed to secure the data from hackers.

Criminals can ruin your life if they target you with this information. They can open lines of credit without you knowing. You might only find out until creditors call you, demanding that you pay them back (¶60).

So, yeah. I am very concerned. I’ll have to figure out how to defend against this identity theft. Overall, I’m new to the privacy community, but I’m feeling like “privacy” in the United States is an absolute mess. If your data wasn’t somewhere on the dark web, it might be now. Protect your data. Stay safe.

    • MajorHavoc
      link
      fedilink
      arrow-up
      7
      ·
      edit-2
      4 months ago

      Generally they need all of your personal information (Full Name, Date of Birth and SSN - which costs them 25 cents or less on the dark web), plus your username and password that you create when you first visit each site. (Which hopefully isn’t on the dark web, because it’s new and unique.)

      The new username and password that you create are what give some security.

      And a warning, only because someone reading along will need it:

      don’t re-use a password used elsewhere.

      Re-used passwords, from past data breaches, paired nicely with email addresses and full names, also cost about 25 cents on the dark web.

      • brbposting@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        4
        ·
        4 months ago

        Oh nice

        Bitwarden FTW! (If they get hacked it’ll only take, oh, an entire day to change all my passwords 😉 you’re probably a KeePass person?)

        • MajorHavoc
          link
          fedilink
          arrow-up
          3
          ·
          4 months ago

          you’re probably a KeePass person?

          Yeah. I feel seen. Naturally I try to only use the finest artisinal open source from F-Droid.

          Though, honestly, I’m impressed by BitWarden and I’m happy enough to recommend it.

    • /home/addison
      link
      fedilink
      arrow-up
      2
      ·
      4 months ago

      If they have all your info, then it’s possible for someone to get around a credit freeze. But it’s unlikely.

      Scammers will buy a chunk of records from these databases and start opening lines of credit for each. If one doesn’t work because credit is frozen, it’s easier to move on to the next account.