Social Security Number of Every American May Be Compromised after Massive Data Hack
Almost 3 billion records compromised in hack on US background-checking firm, who appeared to be collecting data without the consent of those whose information was being gathered.
It is now being widely reported that a member of a notorious hacking group has released sensitive personal information four months after compromising a major data broker.
The group, USDoD, claimed it stole over 2.9 billion records of personal information from Americans, including their Social Security numbers and physical addresses.
The breach, which includes Social Security numbers and other sensitive data, could power a raft of identity theft, fraud and other crimes, said Teresa Murray, consumer watchdog director for the U.S. Public Information Research Group.
“If this in fact is pretty much the whole dossier on all of us, it certainly is much more concerning” than prior breaches, Murray said in an interview. “And if people weren’t taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them.”
According to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Fla., the hacking group USDoD claimed in April to have stolen personal records of 2.9 billion people from National Public Data, which offers personal information to employers, private investigators, staffing agencies and others doing background checks.
The group offered in a forum for hackers to sell the data, which included records from the United States, Canada and the United Kingdom, for $3.5 million, a cybersecurity expert said in a post on X.
It appears the breach occurred sometime this spring.
According to a class action lawsuit, NPD obtained the data without consent, and the breach occurred sometime in April 2024.
The lawsuit alleges that “upon information and belief” USDoD was “able to exfiltrate the unencrypted PII of billions of individuals” and that the personal information was “published, offered for sale and sold on the Dark Web by cybercriminals.”
In terms of the lawsuit, the issue is that the data the firm collected was scraped from other websites and “non-public sources” without the knowledge of the people whose data was being gathered.
The lead plaintiff in the lawsuit, a California man, was only made aware his data had been compromised when he was contacted by his identity-theft protection agency on 24 July, months after the data had been offered for sale on a popular clear web hacking forum.
While the initial post is no longer live – the forum in question had been seized by the FBI in the interim – the details of USDoD’s claims are still recorded by threat-tracking service Falcon Feeds.
“Hello… I’m proud to say that I got access to the biggest database ever,” USDoD said in a 7 April post.
“This is the entire population of the USA.”
The data for sale, according to USDoD, was collected between 2019 and 2024, and while we do now know the full extent of the breach, at the time, the threat actor only said that the data consisted of “300+ million rows”.
“I’m selling the whole database,” USDoD said. “We will use official middleman from forum.”
Security professionals offer suggestions on how Americans can protect themselves from identity theft.
People should monitor their credit reports for possible fraudulent activity on their accounts and notify credit bureaus Experian, Equifax, and TransUnion if something looks suspicious.
Consumers can ask the credit bureaus to place a freeze on their credit accounts by phone or email to prevent anyone from opening a bank account and taking out a loan or obtaining a credit card under your name.
There is also a service that monitors your accounts and the dark web to protect you from identity theft, the Los Angeles Times noted.
It is also good to manage your passwords and to use two-factor authentication for the passwords. You should avoid using the same login information for different services and make sure to routinely change your password on your accounts.
2024 keeps on getting more and more disturbing.
DONATE
Donations tax deductible
to the full extent allowed by law.
Comments
Gee, those shape-shifters have done it again…first, it was the Russians colluding with Trump, then it was Trump colluding with Russia.
Now the Iranians get the blame for hacking and yet another plausible deniability cloak for the CIA.
This is not may, it was hacked and contains virtually all of everyone’s information. I think they may have to issue everyone’s SS, they will have to stop using personal question, like birth, all of it will have to be thrown out.
I have been using 16 digit random passwords for some time in lieu of those things for years. I also assign a unique email address to most orgs, then if I get anything coming in on that account not from the intended contact, I know it is either hacked or the pricks sold it.
Over the past 20 years i have been informed once or twice a year that my personal information has been hacked and that I have to be AFRAID!. But nothing bad ever happened.
Well, when you’re a homeless
Bum living under a bridge with no resources, I guess you don’t have anything to be worried about, amirite?
Time to go live in the woods or on a mountaintop somewhere.
Maybe find one of those islands in the Pacific where a Japanese soldier’s been living for the past 70 years because he hasn’t heard that they surrendered in 1945.
But still I bet democrat vote counters approved that Japanese soldier’s absentee ballet for Biden in 2020. Return address: Island somewhere. .
Don’t worry — if you’re under age fifty, there won’t be any money left for you to collect from this generational theft scheme, by the time you reach withdrawal age, anyway.
Save and invest on your own — do not rely on the State to provide for you, in retirement.
Don’t remind us, it’s very depressing
There will be a haircut of about 25% upcoming in about a decade +/- if no changes are made. Frankly I’m over it. I tried to raise awareness and push for reform to Social Security as part of getting to a balanced budget but 95% of the folks ain’t interested or are adamantly opposed. I got called every name in the book for pointing out the looming cuts due to a shortfall caused by underfunding and automatic COLA increases. The would not hear it so they can flipping deal with it when their payment is cut by 25% or more. Sure as heck gen X and the younger generations ain’t gonna cough up more $ in taxes to prop up those who wouldn’t voluntarily help shore up the system by sharing the burden when it would have been
far, far less painful. Not when we’ve been paying current SSI/Medicare tax rates on wages from our first check.
Instituting substantive and meaningful reform to SS and Medicare have been made impossible, thanks to the Dhimmi-crats’ longstanding and histrionic demagoguery on the issue, which admittedly has been politically potent and reaped dividends for them, at the ballot box.
True but lets not forget the very loud and extremely vocal assistance of groups like AARP. shouting about ‘throwing Grandma off a cliff’. There are still people who believe that their own contributions fully pay for their SSI benefits which has never been true. In reality those retiring today get every cent back within 5 years on average. Current SSI/Medicare taxes were set in ’86 and boomers didn’t pay full freight for a substantial portion of their working life. Then there’s the surprisingly large number of pre reform local gov’t jobs whose employer didn’t participate in the SSI system.
I built my own financial plan to accommodate zero SSI so anything I get from it is gravy. Eff it is basically my position at present. I suspect when we get a little closer to the day of reckoning the boomers gonna squeal to raise SSI taxes or transfer funds from general revenue to keep their checks flowing. Gonna be real interesting for some folks especially those with a public pension from say Illinois or another vastly underfunded pension source. All these trains gonna be colliding very close together and I don’t believe most of those who will be impacted really understand how bad their situation may become. Lead a horse to water but…
Doesn’t matter how you built your retirement. SSI makes up a small part of my retirement, too, but when the crap hits the fan, it’s going to take everything else with it, including all of your and my private accounts (although I plan on being safely dead by then).
The people of and near retirement age at the time of FDR’s sweeping ponzi scheme got the best deal and passed the debt on to everyone else at inception.
Let’s not forget that part of it, too.
Also, saying you get back what you put in 5 years in is disingenuous. It completely ignores that dollar for dollar doesn’t work in terms of value over 50 years and it completely ignores investment potential.
Agree with tx that this could have huge ripple effects the likes of which we haven’t seen since the Great Depression.
It won’t be quite as big, but it will be significantly greater than a recession. Think about the fact that we are edging closer to an upside down population distribution similar to Japan WITHOUT their physical health profiles.
Guys,
SSI shortfall of 25% ain’t gonna blow up the financial/economic system by itself. That’s gonna come from a combo of many other factors. As for SSI payout and returns…sure it doesn’t consider opportunity cost but that’s not the argument I made. Then consider that most average folks ain’t exactly Warren Buffet, the retail investors are referred to as ‘dumb money’ for a reason so I don’t think its fair to assume everyone would have made prudent investments or remained disciplined enough to avoid making emotional decisions out of fear.
Then consider average life expectancy for men at age 65 is 82, women is 85 so they gonna draw way more than 5 years. It’s 17 years for men and 20 years for women. Then add in the spousal claim options and the absurdly low period of contributions to qualify, ten years. If I had my way SSI would have allowed voluntary redirection of the taxes into individual accounts for the past 3+ decades… but the public listened to the pied piper (AARP) instead.
Best advice is own your home outright, no debts, have a garden, make friends with neighbors. Get some PM, use an annuity to transfer some risk. Keep multiple accounts to lower the balance in each account to potentially stay under some threshold above which a future gov’t decides is eligible for seizure via a ‘buy in’. For sure don’t sit back and refuse to plan for an extended economic/financial period of crisis/hard times b/c its easier to blame the gov’t.
After this and countless other hacks, I suspect I’ve been bought and sold a half dozen times or more. I wonder how much I go for?
Just in time to get those ID cards requested and processed for the upcoming election. I wonder what percentage of the voters will find that someone else cast a vote in there name this time.
I just put a freeze on new creditors asking for credit scores from any of the three credit score companies in the US: Experian, Equifax, and TransUnion. Other than that, I tend to think it’s the creditor’s problem. They are far too free with their services.
I agree, creditors and service providers are far too free with their accounts.
True story: I got contacted by a collections company because someone in another state had opened an AT&T/U-verse account in my name and then didn’t pay the bill. So I had to file all the paperwork affidavits and police reports and provide utility bills for my actual residence during the time the account was created, to show that it wasn’t me.
Here’s the kicker, though: I’ve been an AT&T customer for going on 20 years. They have my SSN, they know where I live, they have my phone number (which they provided), and my account requires that I personally approve any new services.
So when someone went in, in another state, with my name and SSN, and tried to open an account, how the #@$% did it not come up on their screen that I’m an existing customer who needed to be called about this new service?
But nope. For lack of that phone call, they’re out whatever the misreant “bought”, and I’m out the time, energy, and expense of gathering all the required documentation to sufficiently prove identity theft.
Funny thing about the SSN. If you’re wrongly declared dead, it’s of no use to prove your identity to demonstrate proof-of-life. But anyone else can steal your SSN and every entity it’s presented to will immediately accept it as proof that the malefactor is who he says he is (you). Why is that?
Every social security number has been compromised from the beginning. The form 1040s used to arrive with the SS number printed on the address label for anybody to see. The SS card had the legend “Not for identification.” It was useless except for filing tax returns.
Anonymous banking changed that – they needed a unique number to file your data under and picked the SS number, and opened the SS number to fraud as a result. There’s been a slight change in that by asking for cell phone number instead now. Any unique number will do.
When Social Security was first debated [in 1935] in the [Franklin D.] Roosevelt Administration, the president himself assured American citizens that a Social Security number would never be used for identification purposes.
–VIN SUPRYNOWICZ
FOR SOCIAL SECURITY PURPOSES ONLY — NOT FOR IDENTIFICATION.
–THE SOCIAL SECURITY CARD (1936-1972)
Hereafter any Federal department, establishment, or agency shall, whenever the head thereof finds it advisable to establish a new system of permanent account numbers pertaining to individual persons, utilize exclusively the Social Security Act account numbers…
–EXECUTIVE ORDER 9397, FRANKLIN D. ROOSEVELT (1943)
We have to accept that the Social Security number is the de facto national identifier and its use by government agencies at all levels and the private sector is too embedded to change.
–JAMES G. HUSE JR, INSPECTOR GENERAL, SOCIAL SECURITY ADMINISTRATION (2001)
(Democrats): If you like your identity, you can keep it. We Promise™!
Everyone should handle their financial affairs under the assumption that all of their ‘NPI’ has been compromised. You can certainly do so without getting ripped off, with a bit of effort and diligence.
Not to worry folks, the company will offer 2 years of free credit bureau checking.
No money or anything like that, just 2 years of free credit bureau.
Just got that notice from my health company, they’re hacked but they’re offering the 2 years AND telling us how to protect our information.
Maybe they should learn how to protect our information instead?
gop allowed the fdr system of equity to flourish
it is wreaking its havoc upon us
Does anyone know how National Public Data was able to gather all that information? I’ve seen two reports on the hacking *one in Breitbart and one here) but neither has provided information on how NPD acquired all that information.
Yes, that is the important question, isn’t it? And no one seems to be talking about it.
And why isn’t anyone talking about it? What is NPD?
Leave a Comment