In the most epic data breach so far, hackers stole a treasure trove of personal information – and then released it on the dark web. Just about everyone is now at risk of massive financial fraud…
From Birch Gold Group
And if people weren’t taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them.
Teresa Murray, U.S. Public Information Research Group
A notorious hacking group known as “USDoD” has stolen an astonishing amount of sensitive personal information, including Social Security numbers. The criminals retrieved about 2.7 billion records of Americans’ personally-identifiable information (PII), including:
- Full name
- Address
- Date of birth
- Social Security number
- Phone numbers including personal and office lines
- Any alternate names on file (maiden name for example)
- Information about parents, siblings and other relatives (including the deceased)
- Names of coworkers and friends
You’ll probably note this is MORE than enough to complete a credit card application. Criminals with this information can apply for a driver’s license, a tax refund – even a bank account using your name.
Teresa Murray, consumer watchdog director for the U.S. Public Information Research Group, warns that this breach will inevitably create a tidal wave of identity theft, financial fraud and other crimes.
“If this in fact is pretty much the whole dossier on all of us, it certainly is much more concerning” than prior breaches, Murray said in an interview. “And if people weren’t taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them.”
Today we’ll discuss what happened and exactly what you should do right now to make yourself a more challenging target for this sort of fraud.
The breach – what happened?
Four months ago, the hacking group USDoD announced a massive theft from National Public Data.
National Public Data is a data aggregator and broker that primarily offers background checks to employers, private investigators, licensing agencies, financial services companies and others. Essentially, they’re in the business of knowing everything about you and are happy to sell that information (one of the agencies Wired called “a threat to democracy”).
Unfortunately, Americans affected by this data breach weren’t informed by National Public Data. According to the class action lawsuit filed in July, the plaintiff of record only found out about the theft when his identity theft protection service notified him that his information security had been compromised. Furthermore, he’d never provided any information to National Public Data.
We can’t ensure our own identity isn’t at risk. National Public Data probably scrapes billions of fragments of information from non-public sources to create their profiles. This means that those whose information is now compromised may not have knowingly provided their data..
To make matters worse, a hacker called “Fenice” released the entire 277 GB database on the dark web. All that information is freely available to those who know how to use it.
National Public Data hasn’t officially responded to any requests for comment or clarification. Some concerned citizens who contacted them directly were told, via email, “we are aware of certain third-party claims about consumer data and are investigating these issues.”
In that email, the company also said that it had “purged the entire database, as a whole, of any and all entries, essentially opting everyone out.” As a result, it said, it has deleted “non-public personal information.” With a caveat: “We may be required to retain certain records to comply with legal obligations.”
This is possibly the finest example of too little, too late I’ve ever seen. National Public Data tried to close the barn door after the horse escaped, set the barn on fire and stole the tractor for a speedy getaway.
Clearly National Public Data can’t help us.
Take these immediate steps to protect yourself
Given the overwhelming magnitude of this data breach, it’s essential to be proactive. You must take the steps necessary to safeguard your identity, your credit score and your finances. Here are steps we recommend:
1. Freeze your credit
To prevent criminals from opening new accounts in your name, place a freeze on your credit files at the three major credit bureaus: Experian, Equifax, and TransUnion. This can be done for free, either online (at the links) or by phone.
You will need to remember to temporarily lift the freeze if you need to apply for credit. It’s a bit of a hassle, but well worth it!
2. Monitor your information
Sign up for services that monitor your personal information for signs of identity theft. There are a number of identity theft alert services available. This step isn’t free, though. It’s inexpensive ($9 – $30/month) and, again, well worth it for the peace of mind alone.
If your data is exposed in a breach, as a sort of consolation prize the affected company may offer these services for free for a year or more. It’s probably a better idea not to wait for that, though…
3. Use strong passwords
Never, ever reuse passwords!
Make sure your passwords are strong, unique for each account, and changed periodically. Yes, this is an enormous inconvenience… So consider using a password manager tool to keep track of them securely. These apps store your passwords in the cloud, allowing you to remember just one master password.
We’ve found that a secure password management tool like BitWarden (free) or 1Password ($3/month) makes managing unique, complicated passwords a breeze.
4. Enable two-factor authentication
Add an extra layer of security by enabling two-factor authentication (2FA) on your accounts. This method typically involves a second verification step linked to your phone, such as a text message or an authenticator app.
There are a number of these services available; currently, Authy and Microsoft Authenticator are both top-rated and free as well.
5. Watch out for phishing attempts
Scammers often use phishing tactics to extract personal information. Avoid clicking on links or calling phone numbers provided in unsolicited texts or emails. If you receive a suspicious message claiming to be from your bank or another service provider, independently verify their contact details and call them directly.
6. Secure your phone number
Protect against phone-cloning fraud by setting up additional security measures with your mobile carrier. AT&T allows you to create a passcode for account access, T-Mobile offers optional protection for phone number switches, and Verizon blocks SIM swaps until verified by the account holder. Contact your cellular provider to find out more.
7. Review your financial statements regularly
Check your bank and credit card statements frequently for unrecognized or unauthorized transactions. Even small ones! Report any suspicious activity to your financial institution immediately.
An ounce of prevention
Should you really take all these steps if you’re not even sure whether your personal information has been compromised? YES.
The National Public Data incident is unusual only in its size. The very nature of our information-rich, always-on, highly-interconnected modern world means that data breaches like this will keep happening.
Worse, you may not even know about it beforehand. The first sign might be a bill from a company you never heard of, demanding payment for something you didn’t buy. (In the writer’s case, the first sign was an Insufficient Funds warning from an ATM, even though it was payday…)
The more you have, the more you have to lose. The hardest-working, most successful Americans are also the prime targets for criminals. Take these steps so you can better armor yourself from identity theft and financial scams. Stay vigilant, secure your information, and remain informed about potential threats.
And if you don’t do it for yourself, please do it for your family. Knowing what to look out for is key to defending against most scams. To help you detect and avoid financial scams, Birch Gold Group has pulled together an extensive resource guide that is now available on our website. The Birch Gold Group Scam Protection Resource Guide helps you identify warning signs and provides you with tips on how to avoid fraud.