A recent data breach exposed sensitive information including social security numbers for billions of people globally, potentially leading to a significant increase in identity theft and cybercrimes. Here's what you need to know, and what you should do about it.
Massive data break leaks billions of Social Security numbers
The USDoD hacking group breached National Public Data (NPD), a data broker offering personal information for background checks. This is not an ordinary data breach.
Over 2.7 billion records were stolen, with an unparalleled amount of information.
The breach compromised 2.7 billion records, including:
- Names
- Addresses
- Birth dates
- Social Security numbers
- Phone numbers
Teresa Murray, Consumer Watchdog Director for PIRG, finds this breach more concerning than prior incidents due to the data's volume and sensitivity.
"If this in fact is pretty much the whole dossier on all of us, it certainly is much more concerning [than prior breaches], Murray explained to the Los Angeles Times. "And if people weren't taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them."
Despite the severity of the breach, National Public Data has yet to issue formal notifications to affected individuals. The company has claimed to have purged the entire database of personal entries, opting to delete non-public personal information.
However, it's unclear if this action is sufficient to mitigate the risks the breach poses.
Risks and implications
The leaked information is a goldmine for cybercriminals, providing nearly all the data to commit identity theft. With Social Security numbers, birth dates, and addresses, criminals can create fraudulent accounts, apply for loans, and manipulate existing accounts.
Although the breach lacks email addresses and driver's license photos, the missing data can be supplemented with information from previous breaches.
The fallout from such a breach can be catastrophic. Identity theft can lead to significant financial loss, damage to credit scores, and a lengthy recovery process for victims.
Moreover, the ease with which this data can be weaponized highlights the pressing need for heightened security measures.
For example, a specific threat associated with the exposed data is the risk of a SIM swap attack. In a SIM swap attack, cybercriminals use stolen personal information to convince your mobile carrier to transfer your phone number to a new SIM card.
Once they have your number, they can intercept SMS-based two-factor authentication codes and gain access to your accounts. Given the detailed personal information leaked in this breach, the likelihood of such attacks increases significantly.
Urgent steps to protect yourself
Protecting yourself from SIM swap attacks involves setting up a PIN or passcode with your mobile carrier and being alert to unusual activity, like sudden loss of service.
Next, placing a credit freeze at the three major credit bureaus in the US prevents criminals from opening new accounts in your name. It's free and restricts access to your credit report.
A security key that works with iPhones
Monitoring your accounts is also crucial. Identity theft protection services can watch your accounts and scan the dark web for compromised personal information. While these services often cost money, companies that experience data breaches sometimes offer them to affected customers for free.
Strengthen your passwords with unique, strong ones. Consider using a password manager. Enable two-factor authentication (2FA) with codes from an authenticator app or a hardware security key. Such a code makes it nearly impossible for attackers to breach your iCloud account, even armed with your password and a faked SIM.
A security key is a physical device you insert into your computer or connect to your smartphone. Unlike codes sent via SMS or apps, security keys are immune to phishing attacks because they only work with registered websites.
What makes security keys particularly effective is their immunity to phishing attacks. Traditional two-factor authentication methods, like SMS codes, can be intercepted by attackers posing as legitimate services -- like in a SIM swap attack.
However, security keys are different. They are bound to the specific websites you register them with, meaning they won't work on fraudulent sites that try to mimic legitimate ones.
Even if a hacker manages to steal your password, they won't be able to access your account without the physical key.
By implementing measures like credit freezes, strong passwords, two-factor authentication, and using security keys, you can significantly reduce your risk of becoming a victim.
Stay vigilant, keep your security practices up to date, and remember that in the digital world, your best defense is always being one step ahead of potential attackers. Taking these precautions today can save you from potential headaches and financial losses in the future.