Earlier this year, hackers stole nearly three billion records from the National Public Data (NPD) and posted the stolen details on the dark web for everyone to see in August 2024. The stolen info includes full name, date of birth, addresses, cell numbers, and social security numbers (SSN). Multiple media outlets have claimed that the database likely contains the social security number of almost every American. It appears that hundreds of millions of American citizens have been affected by the breach.Â
Tool created to check for compromised data
A small company from Florida has created a tool called Pentester that allows people to check if their details are among the stolen records. The tool prompts people to input their first name, last name, state, and year of birth. Then performs a check rapidly by going through the billions of records.
The tool is free of charge, and users can perform unlimited checks.
Data quality issues
The tool works, but it also shows that the leaked data is, luckily, far from perfect. Often, users report wrong numbers attached to their names. Others say that even though they are American citizens, details appear not to be compromised and are luckily not included in the leak.
Internet users took to social media to also report that SSNs of deceased individuals are included in the list, and the info appears to be out of date. For example, SSN matches but includes old addresses and phone numbers. There are a lot of duplicates, too.Â
Dangers of the data breach
This is not the first time SSNs have been stolen in mass. In 2017, Chinese hackers penetrated Equifax’s systems. They stole millions of social security numbers from one of the three major credit bureaus.
What makes the NPD data breach notably worse than the Equifax breach is that the stolen social security numbers from the leak in 2017 never really resurfaced on the dark web. Still, the NPD records appear to be up for grabs for anyone interested and capable of accessing the dark web. Which could mean a lot of trouble to anyone who does not take measures to prevent bad actors from utilizing the leaked details.
Protecting yourself
It is crucial for everyone involved in the data breach to consider freezing their credit with all major bureaus. Equifax, Experian, and TransUnion.
A credit freeze would prevent bad actors from opening a fraudulent line of credit and performing other malicious types of identity theft. Having top-notch antivirus software on all connected devices is also a must.Â
Read also: North Korean Hackers Target USA Critical Infrastructure and Military Bases
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
2 comments
I have already been informed that my SSN has been detected on the dark web. To be honest, I’m surprised it took this long. You see, we didn’t always protect or SSNs the way we do now. My state used the SSN as your driver license number for over 20 years. You could not cash a check without providing your SSN and most people had it printed on their checks. So mine has been out there for decades. Now NPD offered one free year of credit monitoring ( $29/mo after that). So this data breech will drum up a lot of business for credit monitoring agencies. So I’m a tad cynical about the true origins of this breech; it was too easy for the hackers to get information that should have been almost impossible to access. I retired as an IT security specialist and I know that NPD was careless at best.
But I have long ago taken the steps needed to protect my credit. My credit reports are locked and cannot be accessed. Further, AMEX monitors Gold Card members credit as one of the included services. More, they will notify a member of any unusual activity detected by their anti-fraud monitor.
I’ve tried untested 5 times. No answer. Info read was blurred/blocked