A recent alleged breach at a background check firm has raised alarms, with the potential exposure of billions of social security numbers. However, cybersecurity experts advise against panic, noting that such incidents are becoming commonplace as companies gather extensive consumer data. Reports indicate that the compromised data appeared on hacker forums in April, containing millions of entries, including genuine names and social security numbers. Researchers have cautioned that while some data has been verified, the scale of the breach may have been exaggerated, and it’s uncertain how much of the information is authentic or whether it was obtained through hacking or by scraping publicly accessible sources.
Individuals on hacking forums have claimed responsibility for the breach, purporting to sell or share the data, which they allege originates from billions of individuals in the United States, the United Kingdom, and Canada. Although some verifications have confirmed the authenticity of certain data, the vastness of the dataset suggests there could be inaccurate or duplicated information involved. A class-action lawsuit filed in August against National Public Data has accused the company of failing to protect personal information, including names, addresses, and social security numbers.
Both National Public Data and the Social Security Administration have yet to respond to requests for comment regarding the situation.
Experts like Rob Shavell, CEO of DeleteMe, mentioned they haven’t noticed a surge in stolen data being sold in online markets. James E. Lee, COO of the Identity Theft Resource Center, emphasized that this type of data breach is not novel and that social security numbers have long been circulating on the internet. He advised that individuals should have already been proactive about protecting their information for years.
To safeguard against fraud and identity theft, experts recommend several measures:
1. **Freeze Your Credit**: A credit freeze can prevent new accounts from being opened in your name. You can initiate this through the websites of the major credit reporting agencies without affecting your credit score.
2. **Enable Two-Factor Authentication**: Activating two-factor authentication adds an additional layer of security by requiring verification through multiple methods, such as a text message or an email.
3. **Consider Dark Web Monitoring**: Services that monitor the dark web can help alert you if your personal information appears in a database, allowing for timely removal.
4. **Improve Password Hygiene**: Each account should have a unique password composed of a mix of characters. Password managers such as DashLane or 1Password can help maintain strong password security.
5. **Enhance Account Visibility**: Make your social media accounts private to limit the amount of personal information available to potential criminals.
6. **Delete Unused Accounts**: Closing down accounts that you no longer use helps minimize your online footprint and reduces the amount of personal information at risk.
Experts encourage individuals to take these steps to better protect themselves against potential identity fraud and maintain the security of their sensitive information.