“How to React to a Data-Breach”

It was announced by the Los Angeles Times on August 13, 2024, that a list of over 2.7 billion records were stolen and sold on the black market from National Public Data (NPD). If you are not familiar with this company, they are the leading company providing background checks for private industry.

By Scott Hamilton

I never know how to take it when I read in the national news about security breaches. However, what I do know for sure is that the network security, anti-virus and identity theft protection companies appear out of nowhere to help us in our time of need. I have always only done what is free to protect my personal information and identity and will share some of my tips this week. But first, in-case you have not heard it on the news yet, I will tell the latest story of the data breach.

It was announced by the Los Angeles Times on August 13, 2024, that a list of over 2.7 billion records were stolen and sold on the black market from National Public Data (NPD). If you are not familiar with this company, they are the leading company providing background checks for private industry. The hacking group USDoD put the data up for sale on hacker forums, including records from the United States, Canada and the United Kingdom, and successfully sold the dataset for $3.5 million. The offer was for the full NPD database, which includes everyone’s full name, address, date of birth, Social Security number, phone number, alternative names and address history.

Upon notification of the breach, NPD drafted a standard email response for those who reach out to them concerned for the security breach. In that email, the company also said that it had “purged the entire database, as a whole, of any and all entries, essentially opting everyone out.” As a result, it said, it has deleted any “non-public personal information” about people, although it added, “We may be required to retain certain records to comply with legal obligations.” NPD is now facing a class action lawsuit in the state of Florida asking for a settlement for all involved persons.

So the next question that arises is what we should do now, as individuals, to protect ourselves in light of the known releases of such a massive amount of personal information to hacking groups. The largest risk is identity theft, and the most dangerous form of such theft is that of using your identity to obtain lines of credit, or even make false claims of unemployment, food stamp benefits, and voter registrations, all of which can find you facing federal fraud charges.

So how can you protect yourself, knowing that it is highly likely your information is in the list? The very first thing we should all do is place a freeze on your credit files at all three major credit bureaus. It is free to place a freeze, but the catch is that you have to remember to lift the freeze before applying for anything that requires a credit check, or you will get immediately rejected. The best way to place the freeze is to contact the bureaus, which can be done on their websites or via telephone. You can find Experian at https://www.experian.com/freeze/center.html, Equifax at https://www.equifax.com/personal/credit-report-services/credit-freeze/ and TransUnion at https://www.transunion.com/credit-freeze.

The most important thing to remember is to only place this freeze directly with the corresponding agency and only by going directly through their official website. Since the release of this information, scammers have been sending “marketing” emails offering services for a fee to freeze your credit files. Many of these are scams, not only taking your money, but getting your personal information on a website while claiming to freeze your files, which never actually happens. So definitely do this on your own and don’t pay someone to do it for you. There are reputable companies that offer these services, but most do not advertise via email or text message and you should always check for them at the better business bureau https://www.bbb.org before taking any action.

If you really want to know if your information is on the dark web, meaning that it has been either stolen or sold, there is a service for a fee from Experian (https://usa.experian.com/mfe/protection/protection-center) that monitors the known areas of the dark web for your personal information. You can also search the breached data list on Pentester’s website for free, https://npd.pentester.com/.

The second step that you must take immediately in order to protect yourself is to make sure all your existing accounts are secure. This means making sure you have configured any online banking systems for all your accounts. Even if you don’t use online banking, you either want to make sure you created and control the access, or that the bank disables online access for your accounts. It is fairly easy with the information released to set up an online banking account for an account you do not own and transfer funds. Most banks only require the information in this breach to configure online banking. Part of making sure your existing accounts are secure is to set up secure passwords and enable multi-factor authentication on the accounts. Most banks are more than happy to help you secure your accounts at no cost.

The third thing I would highly recommend is getting your free credit report from all three bureaus I listed above and make sure you do not see any accounts that are not familiar to you, even if they are showing as paid in full or closed. This is important as it will show you very quickly if your identity has been stolen. Until next week, stay safe and learn something new.

Scott Hamilton is an Expert in Emerging Technologies at ATOS and can be reached with questions and comments via email to sh*******@te**********.org or through his website at https://www.techshepherd.org.

If you enjoyed the article support my efforts by shopping my Amazon store: Related products this week.

Trodat ID Protector Ink Roller – Identity Theft Protection Roller Stamp

18 RFID Blocking Sleeves Set

Share via
Copy link
Powered by Social Snap