Skip to main content

Payroll

6 Things to Know About the Social Security Number Data Breach

The hacking group, called USD0D, claims to have stolen the personal records of 2.9 billion Americans and is for sale on the dark web.

By Emily Bloch
The Philadelphia Inquirer
(TNS)

Aug. 15—Social Security numbers and other personal information could be compromised following a massive data breach. The leaked data landed in the hands of a nefarious hacking group and is now for sale on the dark web, according to court documents.

The hacking group, called USDoD, claims to have stolen the personal records of 2.9 billion people from a data company that specializes in background checks. The Los Angeles Times reports the theft may include Social Security numbers for every American.

Here’s what we know—and how experts say you can protect yourself.

What information was included in the data breach?

According to the law firm Schubert, Jonckheer & Kolbe, which is handling a class-action lawsuit surrounding the data breach, stolen data included the following information for 2.9 billion people, including U.S., United Kingdom and Canadian citizens:

  • Full names
  • Addresses
  • Birthdays
  • Phone numbers
  • Family history, including relatives
  • Social Security numbers, for American citizens

A cybersecurity expert said on X that the hackers were selling the database for $3.5 million since April. The LA Times reported that a purported member of the hacker group had released all of the files on a forum for free this month.

Where did the compromised information come from?

The data USDoD took came from National Public Data—a Florida-based background check company, according to court documents.

The company hasn’t publicly commented on a data breach. In a statement to the LA Times, a spokesperson said it was “aware of certain third-party claims about consumer data and are investigating these issues.”

How do I know if my personal information has been compromised?

While there’s no official way to tell if your Social Security number or other personal information was stolen from the National Public Data breach, some groups are trying to help.

The LA Times reports that cybersecurity company Pentester is offering a free tool to see if your information was part of the National Public Data breached files.

More broadly, service providers like Experian can scan dark web audits to see if your personal information has been compromised.

How can I protect myself?

To find out if your personal information has been compromised, you can solicit a credit report to get a baseline.

“It’s always a good idea to check your credit reports anyway, but now is a great reminder to do so,” said personal finance expert Howard Dvorkin, CPA, and chairman of Debt.com. “It’s free, and the federal government estimates 1 in 10 reports have errors that can drag your credit score. So even if you pleasantly discover you haven’t been scammed, you might still find the review worth your time.”

You can get a free credit report from each of the three major credit bureaus (Equifax, Experian, and TransUnion) once a week. There are also paid credit monitoring services to consider if you’re extra concerned.

How do I freeze my credit?

Dvorkin says the “only foolproof defense” consumers have against scammers is a credit freeze.

“A credit freeze is crucial in hacks like this one, because scammers can’t get their payday with just your Social Security number,” he said. “They need to pair it with other personal details before they can cash in.”

Credit freezes—also known as security freezes—block lenders (or anyone else) from accessing your credit reports, a necessary step when applying for a credit card, auto loan, mortgage, or any other form of credit.

Still, Dvorkin warns, nothing is foolproof.

“The problem is, the just-announced hack reportedly happened back in April,” he said. “So if scammers already used your Social Security number and opened a fraudulent account before you froze your accounts, a credit freeze today won’t help you. That horse is already out of the barn.”

Other personal finance safety tips and tricks

The LA Times notes that bad actors and scammers rely on consumers’ vulnerability to pounce on sensitive information. A common tactic they’ll use is posing as a bank or employer to entice you to click a dangerous phishing link or give up personal details.

Banks will never ask for account information by phone. Still, scammers have convinced victims into sharing key details like account numbers and passwords.

To ensure extra safety, remember to:

  • Be leery of unsolicited calls, texts, or emails.
  • Use two-factor authentication whenever possible.
  • Vary your passwords and update them often—you can manage passwords with a password manager.
  • When in doubt, call the number on the back of your credit or debit cards and ask for guidance.

(c)2024 The Philadelphia Inquirer. Visit The Philadelphia Inquirer at www.inquirer.com. Distributed by Tribune Content Agency LLC.