FLORIDA—On the 89th anniversary of the Social Security program on Wednesday, August 14, it was reported that 2.9 billion records were compromised, including Social Security numbers, in a breach of National Public Data, a background check company, that occurred four months earlier in April.
“It is disturbing and unacceptable that Americans are just now learning of this massive hack, which allowed criminal hackers to gain access to and now offer for sale approximately 2.9 billion records, which the Los Angeles Times reports include, ‘the full names, addresses, dates of birth, Social Security numbers and phone numbers, along with alternate names and birth dates,’ of American citizens,” Senator Rick Scott (R-FL) released in a statement.
Hackers, under the name USDoD, claimed to have stolen the data and attempted to extort $3.5 million from National Public Data before leaking the data for free on the dark web when their demands were not met.
A class action lawsuit demanding accountability and restitution for the massive data breach was filed by a California resident.
National Public Data has responded by claiming to have purged databases, essentially opting everyone out by deleting non-public personal information.
A statement by the company reads: “We cooperated with law enforcement and governmental investigators and conducted a review of the potentially affected records and will try to notify you if there are further significant developments applicable to you. We have also implemented additional security measures in efforts to prevent the reoccurrence of such a breach and to protect our systems.”
National Public Data recommends to closely monitor financial accounts for fraud and report any unauthorized activity to “your financial institution.” Residents should also contact the three U.S. credit reporting agencies (Equifax, Experian, and TransUnion) to obtain a free credit report from each by calling 1-877-322.8228 or by logging onto www.annualcreditreport.com.
The data breach involving National Public Data is among the largest in history in terms of the scope and scale of personal information exposed.
Data breaches can lead to identity theft and financial losses of victims. Below are some of the largest data breaches recorded:
- LinkedIn (2012): This breach affected 165 million accounts and exposed user emails and passwords.
- Yahoo (2013-2014): This breach affected all 3 billion Yahoo user accounts. It was the largest data breach in history in terms of the number of accounts compromised. The data included names, email addresses, phone numbers, and security questions and answers.
- Marriott International (2018): This breach affected approximately 500 million guests who made reservations at Marriott’s Starwood properties. The compromised data included passport numbers, payment information, and other personal details.
- Aadhaar (2018): Aadhaar, India’s national ID database, experienced a breach that exposed the personal information of over 1.1 billion Indian citizens. The data included names, addresses, and Aadhaar numbers, which are linked to biometric and bank information.
- Equifax (2017): One of the most significant breaches in terms of impact, this breach exposed the personal data of 147 million Americans, including Social Security numbers, birth dates, addresses, and, in some cases, driver’s license numbers.
- Adult Friend Finder (2016): This breach exposed over 412 million accounts across various websites operated by Friend Finder Networks. The data included email addresses, passwords, and other personal details.
- Target (2013): Target’s breach affected 40 million credit and debit card accounts, and the personal information of an additional 70 million customers, making it one of the largest retail breaches ever.
- Anthem (2015): The second-largest health insurer in the U.S. suffered a breach that exposed the personal data of 78.8 million people, including names, Social Security numbers, and addresses.
- Facebook (2019): The data of 533 million users was exposed, including phone numbers and personal details.
- MySpace (2013): Over 360 million accounts were compromised in this breach, which exposed usernames, email addresses, and passwords.