Posted on 08/14/24
| News Source: Engadget
Several months after a hacking group claimed to be selling nearly 3 billion records stolen from a prominent data broker, much of the information appears to have been leaked on a forum. According to Bleeping Computer, the data dump includes 2.7 billion records of personal info for people in the US, such as names, Social Security Numbers, potential aliases and all physical addresses they are known to have lived at.
The data, which is unencrypted, is believed to have been obtained from a broker called National Public Data. It's said that the business assembles profiles for individuals by scraping information from public sources and then sells the data for the likes of background checks and looking up criminal records. (A proposed class-action suit was filed against National Public Data over the breach earlier this month.)
In April, hacking collective USDoD attempted to sell 2.9 billion records it claimed was stolen from the company and included personal data on everyone in the US, UK and Canada. The group was looking for $3.5 million for the whole 4TB database, but since then chunks of the data have been leaked by various entities.
Previous leaks included phone numbers and email addresses, but those reportedly weren't included in the latest and most comprehensive dump. As such, you won't be able to check whether your information has been included in this particular leak by punching your email address into Have I Been Pwned?
The data includes multiple records for many people, with one for each address they are known to have lived at. The dump comprises two text files that amount to a total of 277GB. It's not really possible for any independent body to confirm that the data includes records for every person in the US, but as Bleeping Computer points out, the breach is likely to include information on anyone who is living in the country.
The publication states that several people confirmed the information that the dump has on them and their family members (including some dead relatives) is accurate, but in other cases some SSNs were associated with the wrong individuals. Bleeping Computer posits that the information may have been stolen from an old backup as it doesn't include the current home address for the people whose details its reporters checked against the data.
In any case, it's worth taking some steps to protect yourself against any negative repercussions from the leak, such as fraud and identity theft. Be extra vigilant against scammers and phishing attacks that look to obtain access to your online accounts.
Keep an eye on credit reports to see if there has been any fraudulent activity on your accounts and inform credit bureaus Experian, Equifax and TransUnion if so. You can ask the bureaus to put a freeze on your credit files to stop anyone else opening a bank account, taking out a loan or obtaining a credit card under your name.
You can sign up for services that offer identity fraud protection and remove your personal information from the public web to reduce the chances that you'll be negatively impacted. However, such services often charge a fee.
Be sure to use two-factor authentication wherever possible (preferably with you obtaining codes from an authenticator app rather than SMS). And, as always, we highly recommend having a password manager, never reusing the same login credentials for different services and regularly changing the password on your most sensitive accounts.