Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

What you can do about the massive data breach that probably exposed all of your personal info

Massive data break leaks billions of Social Security numbers

A recent data breach exposed sensitive information including social security numbers for billions of people globally, potentially leading to a significant increase in identity theft and cybercrimes. Here's what you need to know, and what you should do about it.

The USDoD hacking group breached National Public Data (NPD), a data broker offering personal information for background checks. This is not an ordinary data breach.

Over 2.7 billion records were stolen, with an unparalleled amount of information.

The breach compromised 2.7 billion records, including:

  • Names
  • Addresses
  • Birth dates
  • Social Security numbers
  • Phone numbers

Teresa Murray, Consumer Watchdog Director for PIRG, finds this breach more concerning than prior incidents due to the data's volume and sensitivity.

"If this in fact is pretty much the whole dossier on all of us, it certainly is much more concerning [than prior breaches], Murray explained to the Los Angeles Times. "And if people weren't taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them."

Despite the severity of the breach, National Public Data has yet to issue formal notifications to affected individuals. The company has claimed to have purged the entire database of personal entries, opting to delete non-public personal information.

However, it's unclear if this action is sufficient to mitigate the risks the breach poses.

Risks and implications

The leaked information is a goldmine for cybercriminals, providing nearly all the data to commit identity theft. With Social Security numbers, birth dates, and addresses, criminals can create fraudulent accounts, apply for loans, and manipulate existing accounts.

Although the breach lacks email addresses and driver's license photos, the missing data can be supplemented with information from previous breaches.

The fallout from such a breach can be catastrophic. Identity theft can lead to significant financial loss, damage to credit scores, and a lengthy recovery process for victims.

Moreover, the ease with which this data can be weaponized highlights the pressing need for heightened security measures.

For example, a specific threat associated with the exposed data is the risk of a SIM swap attack. In a SIM swap attack, cybercriminals use stolen personal information to convince your mobile carrier to transfer your phone number to a new SIM card.

Once they have your number, they can intercept SMS-based two-factor authentication codes and gain access to your accounts. Given the detailed personal information leaked in this breach, the likelihood of such attacks increases significantly.

Urgent steps to protect yourself

Protecting yourself from SIM swap attacks involves setting up a PIN or passcode with your mobile carrier and being alert to unusual activity, like sudden loss of service.

Next, placing a credit freeze at the three major credit bureaus in the US prevents criminals from opening new accounts in your name. It's free and restricts access to your credit report.

iPhone screen displaying security keys information, with a hardware security key placed on the screen. The text explains the importance of using security keys for account protection. A security key that works with iPhones

Monitoring your accounts is also crucial. Identity theft protection services can watch your accounts and scan the dark web for compromised personal information. While these services often cost money, companies that experience data breaches sometimes offer them to affected customers for free.

Strengthen your passwords with unique, strong ones. Consider using a password manager. Enable two-factor authentication (2FA) with codes from an authenticator app or a hardware security key. Such a code makes it nearly impossible for attackers to breach your iCloud account, even armed with your password and a faked SIM.

A security key is a physical device you insert into your computer or connect to your smartphone. Unlike codes sent via SMS or apps, security keys are immune to phishing attacks because they only work with registered websites.

What makes security keys particularly effective is their immunity to phishing attacks. Traditional two-factor authentication methods, like SMS codes, can be intercepted by attackers posing as legitimate services — like in a SIM swap attack.

However, security keys are different. They are bound to the specific websites you register them with, meaning they won't work on fraudulent sites that try to mimic legitimate ones.

Even if a hacker manages to steal your password, they won't be able to access your account without the physical key.

By implementing measures like credit freezes, strong passwords, two-factor authentication, and using security keys, you can significantly reduce your risk of becoming a victim.

Stay vigilant, keep your security practices up to date, and remember that in the digital world, your best defense is always being one step ahead of potential attackers. Taking these precautions today can save you from potential headaches and financial losses in the future.



7 Comments

prof 12 Years · 95 comments

A recent data breach exposed sensitive information including social security numbers for billions of people globallySure, leaked social security numbers for billions of people globally... for a concept that is very much unique to the US (and of course it's billions of citizens).

gatorguy 13 Years · 24639 comments

prof said:
A recent data breach exposed sensitive information including social security numbers for billions of people globally
Sure, leaked social security numbers for billions of people globally... for a concept that is very much unique to the US (and of course it's billions of citizens).

The affected are residents of the US, Canada, and the UK. When the Social Security numbers are mentioned, they are included if pertinent and not "only if you have one". 
It's also billions of records, and not billions of unique people. 

gunverth New User · 4 comments

Name, Address, Birth date, Social Security number, Phone numbers…
More or less in the public domain in many countries. Why is this Social Security Number so sensitive to reveal? Isn’t that just a unique number for an individual?

hexclock 10 Years · 1317 comments

gunverth said:
Name, Address, Birth date, Social Security number, Phone numbers…
More or less in the public domain in many countries. Why is this Social Security Number so sensitive to reveal? Isn’t that just a unique number for an individual?

Type your social sec number into this forum and wait and see. 

longpath 20 Years · 401 comments

gunverth said:
Name, Address, Birth date, Social Security number, Phone numbers…
More or less in the public domain in many countries. Why is this Social Security Number so sensitive to reveal? Isn’t that just a unique number for an individual?

The reason is that multiple institutions use this number as a unique identifier, even though it’s technically not supposed to be used for anything other than SS benefits. Blame the IRS or the Federal Reserve, if you prefer. Congress has allowed the SS number to become the de facto unique identifier but done nothing to secure it in any way.