Social Security Number Breach: Everything You Need to Know News ad

A major data breach that reportedly includes Social Security numbers has put many people on edge about identity theft and the possibility that their personal information has been exposed online.

National Public Data, a background check and public records company, is facing a flurry of class action lawsuits about the breach. The suits were filed this month in the the Federal District Court for the Southern District of Florida and allege that the personal information of millions of people was accessed by cybercriminals in April.

Some of the stolen data is apparently already popping on the dark web: The plaintiffs suing National Public Data say they’ve been alerted of exposures by credit monitoring and identity theft protection services. Here’s everything we know about the breach, including what to do if you’re affected.

Ads by Money. We may be compensated if you click this ad.AdAds by Money disclaimer

What is the National Public Data breach?

According to the lawsuits, the data accessed by cybercriminals includes full names, addresses, family history, Social Security numbers and other sensitive information. National Public Data aggregates data from public sources, but the company also had access to nonpublic personal information.

National Public Data “was targeted for a cyber-attack due to its status as a data company that collects and maintains highly valuable PII on its systems,” according to one of the lawsuits. (PII stands for personal identifiable information.) The plaintiffs allege that the company was “reckless” with the data, putting their information at risk.

According to the LA Times, the company first responded to customer service complaints with a message that says, “we are aware of certain third-party claims about consumer data and are investigating these issues.”

Later, National Public Data added an update on its website that reads, “There appears to have been a data security incident that may have involved some of your personal information… The information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es).”

The update went on to explain there was an initial hack (or hack attempt) in December 2023. The company confirmed “potential leaks of certain data in April 2024 and summer 2024.”

Ads by Money. We may be compensated if you click this ad.AdAds by Money disclaimer

How many people are actually affected?

There are key questions that the company hasn’t explained, like why did it have access to Social Security numbers to begin with and how many were accessed by cybercriminals.

One of the lawsuits alleges that National Public Data was promoting services on its website including an “SSN trace” and a people finder tool that had an option to search by Social Security number. The suit cites this web archive.

The incident is now drawing the attention of members of Congress. In a statement Wednesday, Sen. Rick Scott, R-Fla., said he’s “demanding action and accountability” after reports that cybercriminals have “potentially stolen the Social Security numbers and other sensitive information of every American citizen.”

That extreme claim — that everyone’s Social Security number was exposed — has not been confirmed. Government officials have yet to describe the scope of the attack, and National Public Data could not be reached for comment by Money or other outlets.

You may have also seen reports that billions of records were stolen. It’s important to keep in mind that, even if true, that does not mean billions of people had their records stolen, as the figures that are going around refer to rows of data. Plus, it’s unclear how much of the data may be from public sources, or simply inaccurate.

In a blog post, Troy Hunt, an internet security expert and operator of Have I Been Pwned, pumped the brakes on the panic about the breach: He said the criminals who purportedly obtained the data tried to sell it for $3.5 million, and advertised it with exaggerated claims about what the download includes.

“Clearly, there is a financial motive involved here,” he wrote. It’s also unknown, at this point, how much of the data leaking out is real and how much is fake — Hunt was able to find examples of clearly invalid information in the leaks. He ended his blog post, “Treat this as informational only, an intriguing story that doesn’t require any further action.”

How to protect yourself

While we wait for more information about the true scope and severity of the data breach, it’s a smart idea to brush up the steps you can take to protect yourself from identity theft.

To start, keep a close watch on your financial accounts so you can catch suspicious activity quickly. You can even set up account alerts to get texts every time a new transaction is posted.

Experts say you should strongly consider a credit freeze any time your identity may have been exposed. When you freeze your credit, it stops scammers from being able to fraudulently get a loan using your data. You can do this for free by contacting the credit bureaus: Experian, Equifax and Transunion. You can also get free copies of your credit report at AnnualCreditReport.com.

Identity theft protection and credit monitoring services can also help you get alerted if your personal information ends up in a breach. (Some of the plaintiffs in the lawsuits against National Public Data say this is how they found out about exposures.) These are typically paid services that offer convenience in exchange for a monthly fee.

Ads by Money. We may be compensated if you click this ad.AdAds by Money disclaimer

More from Money:

8 Best Identity Theft Protection Services of August 2024

Dollar Scholar Asks: When and Why Should I Freeze My Credit?

Job Scams Are Rising — Here’s How You Can Protect Yourself From Employment Fraud

Leave a Comment