A notorious hacking group claims to have stolen a large amount of sensitive personal information from a large data broker! When the news came out, the public was shocked! To make matters worse, much of the stolen information was posted for free on an online marketplace for stolen personal data.
Sensitive data
The head of the US Public Information Research Group, a consumer watchdog, said it was safe to assume that the entire file of all Americans could have been stolen, which is certainly more worrying than previous hacking attacks that resulted in personal information leaks.
The breach, which includes Social Security numbers and other sensitive data, including information about relatives who have been dead for nearly two decades, could trigger a cascade of identity theft, fraud and other crimes that could reach beyond expectations.
According to the class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Florida, the hackers stole 2.9 billion personal records from National Public Data Corporation, which provides personal information to employers, private investigators, personnel agencies and other agencies that conduct background checks. A cyber security expert posted on X that the group offered to sell the data for $3.5 million on a forum, and that the information came from individuals in the United States, Europe and other countries.
Department of Defense personnel are currently working to identify the stolen data, and it is preliminary to determine that each of the 2.7 billion stolen records includes an individual’s full name, address, date of birth, Social Security number and phone number, as well as aliases and dates of birth.
Face a threat
The leaked data includes two text files totaling 277GB and containing nearly 2.7 billion plain text records, instead of the 2.9 billion records originally shared by the U.S. Department of Defense. If confirmed, the breach could be one of the largest ever in terms of the number of people affected. In 2013, Yahoo compromised an estimated 3 billion people.
Several key pieces of information appear to have been missing from the hackers’ stolen data. One is the email address that many people use to log into the service. Another is a driver’s license or passport photo, which some government agencies rely on to verify identity.
But even so, bad actors can still use the leaked information to do “all sorts of things,” the most worrying of which may be trying to take over someone’s accounts – including those related to banking, investments, insurance policies and emails. Meanwhile, using stolen names, social Security numbers, dates of birth, and mailing addresses, fraudsters may create fake accounts in the stolen person’s own name or try to convince someone to reset the password for an existing account.
Security experts said that for people who are accustomed to using personal information fraud, with these stolen information, you can create all kinds of chaos, commit all kinds of crimes, steal all kinds of money, the possibilities are really endless.
countermeasures
In June, the Los Angeles public health agency was also hit by a phishing attack that compromised the personal information of more than 200,000 residents.
VPNRanks, a website that rates virtual private network services, estimates that 5 million people visit The dark Web every day through the anonymous TOR (The Onion Router) browser, and there’s no doubt that a percentage of them do bad things. In contrast, people’s sensitive information is almost certainly hidden in the dark corners of the Internet, and there are plenty of people who can find it.
Experts suggest freezing Experian, Equifax and TransUnion credit files if individuals suspect their Social Security numbers or other important identifying information has been compromised. The operation will be free and will effectively prevent criminals from taking out loans, applying for credit cards and opening financial accounts in their own name. It is important to note that if you are obtaining or applying for something that requires a credit check, you need to temporarily lift the freeze. Any unsolicited email or text message claiming to be from a credit agency is a scammer trying to trick you into giving away sensitive personal information.
To prevent identity theft, it is also possible to sign up for a service that monitors the exposure of an individual’s account and personal information on the dark web. If an individual’s data is exposed in a hack, the company of the compromised network will often offer one of these services for free, for a year or more, with the only downside being that these programs come with a fee.
It is also useful to have a different strong password for each financial service and change it regularly. The password manager application provides an easy way to create and track passwords by storing them in the cloud, and all users need to do is remember one master password instead of dozens of lengthy passwords. Similar services can be used either for free (such as Apple’s iCloud Keychain) or for a fee.
In addition to this, it is important to register for two-factor authentication, which adds another layer of security on top of the login name and password. You should also properly handle things that are sent or linked to your phone, such as text messages; A more secure approach is to use an authenticator app that keeps information secure even if a phone number is hijacked by a scammer.
Never like this
Intercepting an individual’s phone number through SIM card exchange and port transfer fraud is also a common tactic used by scammers, and identity thieves can suffer even more serious losses.
To this end, AT&T allows individuals to create passwords to restrict access to their accounts; T-Mobile offers optional protection to prevent an individual’s phone number from being switched to a new device, while Verizon automatically blocks SIM card exchanges by turning off new and existing devices until the account holder uses the existing device to weigh whether a SIM card replacement is really needed.
The active disclosure of sensitive information by individuals is also the main cause of personal data theft. A common trick is to impersonate banks, employers, phone companies or other service providers with whom you do business, and to lure them by text message or email. Typically, banks tell customers that they will never ask for personal account information, but scammers do the opposite, impersonating bank staff and tricking victims into providing their account numbers, login names and passwords.
Cybersecurity experts say people may even receive an official email from what appears to be a national public data corporation offering to help them deal with a reported theft of personal information. But this is by no means an official act, and most likely someone with bad intentions is trying to steal personal information.
A good rule of thumb that has been proven over and over again is to never click on an unknown link or take an unknown call. If the message warns of fraudulent accounts and you want to verify the authenticity of the person’s information or call for security reasons, look for the phone number for the company’s fraud department (on the back of debit and credit cards) and call for guidance.
“That’s what these bad guys do for a living,” security experts say, adding that scammers may send out tens of thousands of queries but receive only one response, and get $10,000 for one successful fraud – a pretty good return on investment, which is also their motivation.
