LOS ANGELES — About 4 months after a notorious hacking group claimed to have stolen a unprecedented amount of sensitive personal information from a significant data broker, a member of the group reportedly released most of it free of charge on a web-based marketplace for stolen personal information.
The data theft, which involved Social Security numbers and other sensitive data, could trigger a flood of identity theft, fraud and other crimes, said Teresa Murray, director of consumer advocacy on the U.S. Public Information Research Group.
“If this is indeed pretty much the entire dossier on all of us, it is certainly much more concerning” than previous breaches, Murray said in an interview. “And if people have not taken precautions in the past, which they should have, this should be a five-alarm wake-up call for them.”
According to a Class motion lawsuit The hacking group USDoD claimed in April that it had stolen personal data on 2.9 billion people from National Public Data, an organization that gives personal information to employers, private investigators, recruitment agencies and others who conduct background checks. The group offered to sell the information, including records from the United States, Canada and the United Kingdom, to hackers on a forum for $100,000. 3.5 million US dollarssaid a cybersecurity expert in a post on X.
The lawsuit was reported Bloomberg Law.
Last week, an alleged member of the US Department of Defense, identified only as Felice, told the hacker forum that she “the complete NPD database” in line with a screenshot from BleepingComputer. The information consists of about 2.7 billion records, each of which incorporates an individual’s full name, address, date of birth, Social Security number and phone number, in addition to alternate names and dates of birth, Felice claimed.
National Public Data didn’t reply to a request for comment, nor did it officially notify people concerning the alleged breach. However, it did tell individuals who contacted it via email that “we are aware of certain third-party claims regarding consumer data and are investigating these issues.”
In that email, the corporate also said it had “purged the entire database of all entries and deregistered virtually everyone.” As a result, all “nonpublic personal information” about individuals had been deleted, even though it added, “We may need to retain certain records to comply with legal obligations.”
Several cybersecurity-focused news outlets have checked out portions of the information provided by Felice and said it appears to be real information from people. If the leaked material is what it claims to be, listed below are a number of the risks and the steps you’ll be able to take to guard yourself.
The danger of identity theft
The leak is alleged to offer much of the knowledge that banks, insurance firms and repair providers search for when opening accounts – and when granting a request to vary the password of an existing account.
Some vital pieces of knowledge gave the impression to be missing from the hackers' loot, including email addresses, which many individuals use to enroll in services, and driver's license or passport photos, which some government agencies depend on to confirm identities.
But PIRG's Murray said scammers could do “all sorts of things” with the leaked information. Perhaps most concerning is attempting to take over someone's accounts – including accounts linked to the bank, investments, insurance policies and emails. With your name, Social Security number, date of birth and mailing address, a scammer could create fake accounts in your name or try to steer someone to reset the password on one among your existing accounts.
“For someone who really masters it,” Murray said, “the possibilities are truly endless.”
It's also possible that criminals could use information from previous data breaches so as to add email addresses to the information from the reported National Public Data leak. With all of those tools, Murray said, “you can cause all kinds of chaos, commit all kinds of crimes, and steal all kinds of money.”
How to guard yourself
Data breaches have turn out to be so common over time that some security experts say sensitive details about you is nearly actually available at midnight corners of the web. And there are many people who find themselves in a position to find it; VPNRanks, an internet site that rates virtual private network services, estimates that 5 million people access the dark web daily using the anonymizing TOR browser, though only a portion of those are as much as no good.
If you observed that your Social Security number or other vital identifying details about you has been leaked, experts say you need to have your credit files frozen with the three major credit bureaus. Experian, Equifax And TransUnion. This is free and prevents criminals from taking out loans, applying for bank cards or opening bank accounts in your name. The catch is that you may have to recollect to temporarily lift the freeze in the event you receive or apply for something that requires a credit check.
A freeze could be done online or by phone, working with each credit bureau individually. PIRG warns against doing this in response to an unsolicited email or text message claiming to be from one among the credit bureaus – such a message is probably going the work of a scammer attempting to get you to disclose sensitive personal information.
For more details, see PIRGs Step-by-step guide to freezing loans.
You can even register for a service that monitors your accounts and the dark web to guard against identity theft, normally for a fee. If your information is exposed in a knowledge breach, the corporate whose network was hacked will often provide one among these services freed from charge for a yr or more.
As vital as these steps are to forestall people from opening latest accounts in your name, they do little to guard your existing accounts. Oddly enough, these accounts are especially vulnerable to identity thieves in the event you haven't signed as much as access them online, Murray says. That's since it's easier for thieves to create a username and password in your name than it’s to crack your existing username and password.
Of course, it helps to have strong passwords which are different for every service and adjusted repeatedly. Password manager apps provide a straightforward technique to create and manage passwords by storing them within the cloud. Essentially, you may have one master password to recollect as an alternative of dozens of long and unpronounceable passwords. These can be found each free of charge (e.g. Apple's iCloud Keychain) and for a fee.
Yes, scammers can steal your phone number using techniques called SIM swap And Port-Out Fraudresulting in much more nightmares about identity theft. To protect you on this front, AT&T offers Create a passcode Restricting access to your account; T-Mobile offers optional protection against transferring your phone number to a brand new device and Verizon automatically blocks SIM swap by turning off each the brand new and existing device until the account holder restores the present device.
Your worst enemy could possibly be yourself
In addition to hacked data, scammers are after people to disclose sensitive details about themselves. A typical tactic is to impersonate your bank, employer, phone company, or other service provider you've done business with, after which attempt to lure you into the trap with a text message or email.
Banks, for instance, repeatedly tell their customers that they are going to not ask them for his or her account information over the phone. Yet fraudsters have tricked their victims into revealing their account numbers, logins and passwords by posing as bank security officers with a purpose to prevent an unauthorized withdrawal or other supposedly urgent threat.
People might even receive an official-looking email claiming to be from National Public Data offering them assist in resolving the reported leak, Murray said. “It won't be NPD trying to help. It will be some bad guy overseas” attempting to get them to offer up confidential information, she said.
A great rule of thumb is to never click on a link in an unsolicited text message or email or call a phone number. If the message warns of fraud in your account and also you don't want to simply ignore it, find the phone variety of the corporate's anti-fraud department (it's on the back of your debit and bank cards) and call for help.
“That's what these bad guys do for a living,” Murray said. They may send out tens of hundreds of requests and only get one response, but that response can earn them $10,000 from an unsuspecting victim. “Ten thousand dollars in one day for one hit on one victim, that's a pretty good return on investment,” she said. “That's their motivation.”
___
©2024 Los Angeles Times. Visit www.latimes.com. Distributed by Tribune Content Agency, LLC.
Originally published:
image credit : www.mercurynews.com