You may have heard about a lawsuit filed regarding a data breach concerning social security numbers. I encourage you to read at least the first few pages of the linked class action complaint to see how massive a violation of privacy this is.
The data breach concerns National Public Data, a company which offers background checks. They collect personally identifiable information (PII) as a part of their business. The defendant claims that NPD scraped PII from non-public sources (¶11). NPD then stored the data in an insecure manner and did not adequately protect this personal information (¶25). Consequently, a hacking group by the name of “USDoD” stole records of 2.9 billion individuals from NPD. According to the document, the data was independently reviewed by VX-underground, the cybersecurity company. They confirmed the breach included full names, address and address history, and social security numbers. They were also able to identify familial connections, both living and deceased (¶ 22-24).
Based on this class action complaint, NPD’s conduct was grossly negligent, leading to potential identity theft for almost anyone in the United States. It was also a massive privacy violation by scraping data from non-public sources. Even after they took millions of Americans personal information, they failed to secure the data from hackers.
Criminals can ruin your life if they target you with this information. They can open lines of credit without you knowing. You might only find out until creditors call you, demanding that you pay them back (¶60).
So, yeah. I am very concerned. I’ll have to figure out how to defend against this identity theft. Overall, I’m new to the privacy community, but I’m feeling like “privacy” in the United States is an absolute mess. If your data wasn’t somewhere on the dark web, it might be now. Protect your data. Stay safe.
The news is kind blowing this up bigger than it really is. But I find this as a good thing because I’ve noticed a few people FINALLY taking the advice I’ve been giving for years now, and that’s to freeze your credit at the big bureaus and some, if not all, of the smaller ones.
That being said, I checked this data dump for my own data as well as a bunch of friends and family. Not a single person I checked was in it… Which is why I’m not finding this breach to be that frightening personally. The ATT breach was way worse. Also Krebs posted on this today… A good read for anyone interested. Main thing I took from it was a large number of these entries belong to people who have passed away already.
I wonder if you and your social circle skew younger.
While I wasn’t able to find myself, my spouse, or my younger siblings, I was able to find both my parents, their friends, and older family.
How would one check to see if they’re included?
Not sure it’s against the rules to go into specifics, so I’ll just say… It’s 100% free and open on the dark web for anyone to download. The site hosting the content is mentioned on many articles. Just be sure you have at least 300gb of space to store it while you check for yourself when you do find it.
I know that may be a little vague, but don’t want to break any rules and also don’t want to make it sound like I’m promoting going to these sites, as I literally only go to them to verify (open) data breaches that I know I or my family could potentially be in.
If a mod feels even this message is going too far, feel free to delete it.
It is on Breach forms for anyone curious
and some nut on HN posted a base64’d infohash of the torrent including the 7z password
Download the 300Gib CSV and then find a way to parse it. (It is on Tor)
Sample size of 1 is not indicative of anything though… several entire families I know were in it when I checked, even people that have been dead for decades, still had their name, address history, DOB, SSN and phone number.
Personally I consider this way bigger than previous ones because of how accessible the data is. I could never find the previous Experian one, but there’s several sources for this one now, and seems to have a lot more information in it.