test
Wouch, Maloney - Accounting Firms for Small Businesses - Wednesday Wisdom Graphic

Social Security Numbers and Personal Data of Billions Breached in National Public Data Cyber Attack

Last week, we wrote about protecting your Personal Identifiable Information, and this week, we are focusing on a massive data breach that compromised the Social Security numbers and other data of millions of Americans and could now be in the hands of hackers.

The data is made up of 2.9 billion records including names, mailing addresses, e-mail addresses and Social Security numbers dating back at least three decades.

Class-Action Lawsuit

On August 1, 2024, the law firm Schubert, Jonckheer & Kolbe filed a class-action lawsuit against National Public Data, which aggregates data to offer background searches. The lawsuit alleges that the company did not adequately protect the information, allowing it to be stolen and offered for sale on the dark web.

According to the suit, cybercriminal group USDoD accessed the network of National Public Data and stole unencrypted personal information.  Around April 8, 2024, the group posted a database on the dark web, claiming it contained information on about 2.9 billion people and putting it up for sale at $3.5 million.

Steps to Prevent Fraud or Identity Theft

If you believe your information has been stolen or has appeared on the dark web, there are a few steps you can take to prevent fraud or identity theft:

  • Stronger Passwords: Make your passwords stronger by using unique, complex combinations of letters, numbers, and symbols. Also, consider using a reputable password manager to securely store these passwords.
  • Two-factor authentication: Always opt to use two-factor authentication, in which you answer a text, email or push notification to log into your account. They can add an extra layer of security to your accounts.
  • Check your statements and credit reports: It’s important to stay vigilant by regularly monitoring your credit reports, bank statements, and online accounts for any suspicious activity.
  • Be wary of scams. You may get more phony solicitations via email, phone and text – “phishing” attempts to get your information. If you notice an increase in unsolicited calls and emails asking for personal information, remember: Only respond if you have expressly requested to be contacted.
  • Freeze your Credit. If you are concerned about the integrity of your credit because your personal information may have been stolen, you can place a freeze on your credit reports as a way to protect against unauthorized borrowing.
  • Keep your security software updated on your computer and other devices. Make sure you download the latest security updates onto your apps and devices. 
  • Sign up for identity theft protection. With security breaches becoming commonplace, you may want to consider premium identity protection and account monitoring services.
  • Review the  Taxpayer Guide to Identity Theft.  The IRS has posted a helpful guide to recognize identity theft and steps to take if you are a victim. https://www.irs.gov/newsroom/taxpayer-guide-to-identity-theft.
  • Get an IRS Identity Protection PIN (IP PIN).  The IP PIN is a six digit PIN that offers additional protection for your social security number on your tax return. To obtain an IP PIN, use the Get an IP PIN tool on the IRS website to opt into the program. https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin

To read additional WM Cybersecurity articles, please click here.

As always, should you have questions on this or other matters affecting you or your business, please call or email us to speak with a CPA today.

DISCLAIMER: The WM Update, WM Wednesday Wisdom, WM Daily Update, and other related communications are intended to provide general information, as of the date of this communication, and may reference information from reputable sources. Although our firm has made every reasonable effort to ensure that the information provided is accurate, we make no warranties, expressed or implied, on the information provided. As legislative efforts are still ongoing, we expect that there may be additional guidance and clarification from regulators that may modify some of the provisions in this communication. Some of those modifications may be significant. As such, be aware that this is not a comprehensive analysis of the subject matter covered and is not intended to provide specific recommendations to you or your business with respect to the matters addressed.