This data breach, which includes Social Security numbers and other highly sensitive information, could fuel a wave of identity theft, fraud, and other criminal activities. The notorious hacking group USDoD stated they stole the personal records of 2.7 billion people from National Public Data (NPD). NPD performs background checks for a variety of organization, including employers, private investigators, and staffing agencies. USDoD offered to sell the data for $3.5 million. The NPD records include individuals from the U.S., Canada, and the United Kingdom. The information gathered reportedly includes full name, address, date of birth, Social Security number, phone number, and alternate names and birth dates.

NPD has not commented on the situation, nor formally identified individuals about the breach. They have responded to requests for information stating they are aware of claims of the data breach and are investigating. Further, they state the full database has been purged, retaining only data that may be required for legal obligations.

Potential Issues

The data may provide the information required by banks and many service providers to create accounts or change passwords on existing accounts. Identity theft is a very real concern.

Email addresses, and driver’s license or passport photos are not reported included in this breach. However, previous leaks may have accessed and released the information. Most accounts require a name, Social Security number, date of birth, and mailing address to change a password on an existing online account. It is critical to take every precaution to protect yourself.

Protecting Yourself

Data breaches have become more common over the years. Some experts believe sensitive information is almost certainly available already in the dark corners of the internet. And with the right tools, many people can find it. To protect yourself, experts suggest freezing your credit files on all three reporting agencies.

Freezing your credit is free and easy. It can be done online or via phone. By freezing your credit, if prevents individuals from opening financial accounts, whether a loan, a credit card, or something else, in your name. Of course, you need to remember to unfreeze your credit temporarily when you are applying for something that requires a credit check.

Do not respond to unsolicited emails suggesting you freeze your credit. It is likely a scam. There are services that monitor your accounts and the dark web to guard against identify theft. These typically require a fee. If your data was included in a breach, the company that was breached will typically offer one year free of monitoring services.

There are some service providers, including Google and Experian, who scan the dark web for your information. Their scans are not directly related to this specific breach. A cybersecurity company, Pentester, offers a free tool to see if your data was included in the NPD files.

Existing accounts may be more at risk, especially those where you have not signed up for online access. It’s harder to change existing login credentials than to establish them from the start. Strong passwords that are different for every service and changed regularly helps. Of utmost importance is two-factor authentication. This adds another layer of protection on top of your individual login. The second verification source is typically a text message to your phone or perhaps an authenticator app.

However, scammers can also hijack your phone number. To protect yourself from that issue, some providers give you the option of creating a passcode restricting access to your account. Check with your phone service provider as to what options they may provide.

The Biggest Threat – You

As much as hacked data can cause issues, individuals who respond to scammers and reveal sensitive information is quite common. Individuals may pose as your bank, employer, or a service provider. They contact you via text or email. It’s critical to not respond to the message. If you have a question, contact the service provider directly, not through an email, text, or link of any kind. Individuals may get an official-looking email from NPD, offering to help with the leak. Do not respond.

A good rule of thumb is to never click on a link or call a number from an unsolicited text or email. Contact the organization they claim to be directly and let them know what you received. Many organizations have a fraud department, but you can contact the organization directly through their website, phone number listed on their site, or email provided on their page.

It is critical to monitor your online identity, as the information can also be used to falsify sponsorship of various immigration avenues. As always, ILBSG actively monitors ongoing news items, providing insight to events that may affect our clients. If you have questions about any U.S. immigration issue, contact us.