[MD-Sligo] FW: [Tech-VI] Is Your SSN in the National Public Data Breach? Here's How to Find Out

terrypowers59 at gmail.com terrypowers59 at gmail.com
Tue Aug 20 14:59:07 UTC 2024 

 

 

 

From: tech-vi at groups.io <tech-vi at groups.io> On Behalf Of David Goldfield via groups.io
Sent: Monday, August 19, 2024 8:54 PM
To: List <tech-vi at groups.io>
Subject: [Tech-VI] Is Your SSN in the National Public Data Breach? Here's How to Find Out

 

PCMag.com - Technology Product Reviews, News, Prices & Tips - Monday, August 19, 2024 at 1:52 PM


Is Your SSN in the National Public Data Breach? Here's How to Find Out


A massive data breach <https://www.pcmag.com/news/hackers-allegedly-steal-billions-of-personal-records-from-fla-security>  has Americans worried about their private info getting into the wrong hands, but a pair of newly released websites could make it easier to find out if you’re affected. 

The breach concerns a little-known company called National Public Data, which performs background checks on US residents. Last week, the company finally confirmed <https://www.pcmag.com/news/hackers-steal-billions-of-social-security-numbers-how-to-protect-yourself>  that hackers stole a large database containing records on people’s names, addresses, and Social Security numbers. Making matters worse is that the database has been freely circulating on an internet forum for cybercriminals and fraudsters to download. 


The First Site: Atlas Privacy


Initially, it wasn’t easy to see if your personal information was ensnared in the breach since the stolen database is 277GB. But New Jersey-based Atlas Privacy Data Corporation has created npdbreach.com <http://npdbreach.com> , which can flag if your Social Security, phone number, or full name and ZIP code are in the archive. The site also doesn’t store any user searches. 



(Credit: Atlas Privacy) 

Atlas <https://www.atlas.net/> , which helps people remove their personal data from the internet, has also been analyzing the leak and found it contains 272 million unique Social Security numbers from US residents, along with 600 million phone numbers. “This is very similar to the Equifax breach <https://www.pcmag.com/news/equifax-breach-potentially-impacts-143m-us-consumers>  of 2017, but it’s twice as big,” says Arnaud de Saint Méloir, a software engineer and researcher at Atlas. 

“Most of the time, when Social Security numbers are sold on the dark web, they are sold to a single customer,” he added. “Now 272 million leaked. This will definitely be used for identity theft and spammers.” 

In addition, about 20% of the records in the database appear to be legitimate, according to Atlas, which has been cross-referencing the details in the leak with records found in other breaches. 

That said, the information from the National Public Data leak likely impacts older Americans more than younger adults since the average age of the people contained in the database is 70. Another 2 million people in the database are also over 120 years old, an indicator that some of the information belongs to the deceased. Meanwhile, all the records appear to belong to people born before Jan. 1, 2002, added Atlas Privacy’s Chief Strategy Officer Zack Ganot.

Not all the information in the database is accurate either. Ganot noted the archive didn’t have the correct details on himself. Still, others might be shocked to see highly accurate records in the database, including their correct date of birth, Social Security number, and historic mailing addresses going back to at least the 1990s. 

“We can’t really pretend anymore that Social Security numbers are private anymore,” Ganot said. “This is just another nail in the coffin. There have been so many breaches out there, every Social Security number is likely out there.”



(Credit: Douglas Sacha via Getty Images) 

It’s not entirely clear how National Public Data collected so many Social Security numbers. But the company’s website <https://web.archive.org/web/20211023081207/http:/www.nationalpublicdata.com/databases.html>  previously said it tapped over 20 different sources, including voter registration data, criminal records, marriage and divorce records, along with “White Pages/Yellow Pages” to build its database. Ganot also speculates National Public Data had been retrieving credit files on US consumers to help uncover people’s Social Security numbers. 

“Many times you can pull a credit header <https://www.equifax.com/business/blog/-/insight/article/what-is-header-data/> ,” he said. “It will either have a full Social Security number, or it’ll have a partial Social Security number. But the way it works, if you pull two or three of them, the first [report] will block out the first four digits, the next one will block out the last four digits. And we know companies harvest this stuff to just put it all together.” 


The Second Site: Pentester


A second cybersecurity company called Pentester also created a website at npd.pentester.com <http://npd.pentester.com>  to help users see if they’re impacted. For better or worse, though, the site will reveal a user’s redacted Social Security number and date of birth, along with the full address and phone number record. On the plus side, this makes the site more helpful in discovering whether your friends or family members were ensnared in the hack. But on the downside, the site can easily expose phone numbers and address data for random users.  



(Credit: Pentester.com) 

Pentester took this approach “to give individuals enough context to verify if the data belongs to them without exposing the full sensitive information.” 


Recommended by Our Editors


“There are many duplicates as you can imagine,” Pentester told PCMag. “We understand the delicate balance between providing useful information and protecting privacy. The data shown is carefully limited to ensure users can identify their own information while minimizing the risk of further exposure. The only other option would be for people to enter their full SSN, which most are not comfortable inputting on a website. There are also many instances where the SSN is incorrect, but other information is accurate.”

In the meantime, Atlas says the breach at National Public Data underscores the need for the US to rein in the data broker industry, which has long been monetizing people’s personal data at the expense of security.

“The long-term effect of this will be devastating,” Ganot said. That’s because Social Security numbers are often used in conjunction with a date of birth to apply for loans and credit cards. Now fraudsters have a source to commit identity theft on millions of Americans. 

"We're going to continue to see things like this until regulators take this stuff more seriously," he added. 

To protect yourself, you should consider placing a no-cost credit freeze <https://www.usa.gov/credit-freeze>  and fraud alert <https://consumer.ftc.gov/articles/what-know-about-credit-freezes-and-fraud-alerts>  at the three major credit bureaus, Equifax, Experian and TransUnion. Doing so can prevent criminals from opening a new financial account or loan in your name. Users can also consider registering for anti-identity theft software <https://www.pcmag.com/picks/best-identity-theft-protection-software> . 

National Public Data hasn’t explained how the company was breached. But this past weekend, the company notified Maine’s Attorney General about the incident. Surprisingly though, the company says <https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/25289ca5-a211-4abc-9e29-cbe8d9d5b0e6.html>  only 1.3 million users had their data leaked through the breach.


Like What You're Reading?


Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use <http://www.ziffdavis.com/terms-of-use>  and Privacy Policy <https://www.ziffdavis.com/ztg-privacy-policy> . You may unsubscribe from the newsletters at any time.


About Michael Kan


Senior Reporter




I've been with PCMag since October 2017, covering a wide range of topics, including consumer electronics, cybersecurity, social media, networking, and gaming. Prior to working at PCMag, I was a foreign correspondent in Beijing for over five years, covering the tech scene in Asia.

Read Michael's full bio <https://www.pcmag.com/authors/michael-kan> 


Read the latest from Michael Kan


https://www.pcmag.com/news/is-your-ssn-in-the-national-public-data-breach-heres-how-to-find-out

 

 

 

David Goldfield,

Blindness Assistive Technology Specialist

 

If you need help using your assistive technology learn about my training services by visiting

WWW.ScreenReaderTraining.com <http://www.screenreadertraining.com/> 

 

Am Yisrael Chai

The Nation of Israel Lives!

 

JAWS Certified, 2022 <https://www.freedomscientific.com/Training/Certification/> 

NVDA Certified Expert <https://certification.nvaccess.org/> 

 

Subscribe to the Tech-VI announcement list to receive news, events and information regarding the blindness assistive technology field.

Email: tech-vi+subscribe at groups.io <mailto:tech-vi+subscribe at groups.io> 

www.DavidGoldfield.com <http://www.davidgoldfield.com/> 

 

 

 

 

_._,_._,_

  _____  

Groups.io Links:

You receive all messages sent to this group. 

View/Reply Online (#7605) <https://groups.io/g/tech-vi/message/7605>  | Reply To Group <mailto:tech-vi at groups.io?subject=Re:%20%5BTech-VI%5D%20Is%20Your%20SSN%20in%20the%20National%20Public%20Data%20Breach%3F%20Here%27s%20How%20to%20Find%20Out>  | Reply To Sender <mailto:david.goldfield at outlook.com?subject=Private:%20Re:%20%5BTech-VI%5D%20Is%20Your%20SSN%20in%20the%20National%20Public%20Data%20Breach%3F%20Here%27s%20How%20to%20Find%20Out>  | Mute This Topic <https://groups.io/mt/107992961/17455>  
Your Subscription <https://groups.io/g/tech-vi/editsub/17455>  | Contact Group Owner <mailto:tech-vi+owner at groups.io>  | Unsubscribe <https://groups.io/g/tech-vi/leave/8954496/17455/1106850279/xyzzy>  [terrypowers59 at gmail.com]

_._,_._,_

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nfbnet.org/pipermail/md-sligo_nfbnet.org/attachments/20240820/c21d7eb9/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD0000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: not available
URL: <http://nfbnet.org/pipermail/md-sligo_nfbnet.org/attachments/20240820/c21d7eb9/attachment.jpg>

More information about the MD-Sligo mailing list