A new lawsuit is claiming hackers have gained access to the personal information of “billions of individuals,” including their Social Security numbers, current and past addresses and the names of siblings and parents — personal data that could allow fraudsters to infiltrate financial accounts or take out loans in their names.
The allegation arose in a lawsuit filed earlier this month by Christopher Hofmann, a California resident who claims his identity theft protection service alerted him that his personal information had been leaked to the dark web by the “nationalpublicdata.com” breach. The lawsuit was earlier reported by Bloomberg Law.
The breach allegedly occurred around April 2024, with a hacker group called USDoD exfiltrating the unencrypted personal information of billions of individuals from a company called National Public Data (NPD), a background check company, according to the lawsuit. Earlier this month, a hacker leaked a version of the stolen NPD data for free on a hacking forum, tech site Bleeping Computer reported.
It’s a massive pain in the ass, but every American should freeze their credit with the 3 agencies. Their websites are shit, they will sign you up for credit card ads no matter what you click, and every bit of the process will make you seethe with rage at how fucked and incompetent the whole system is. But go do it anyway.
I did it last year after the state DMV was hacked and lost every personal detail for basically everyone in the state who drives. It was real nice not having a loan taken out in my name a few months later when Experien called me out of the blue to ask if I really wanted to unfreeze.
I also did have to legit take out a loan later and it was easy. Just call one of the agencies and do a temporary unfreeze for 24 hours. Amazingly, they let you unfreeze to take out more loans very simply. Wonder why it’s so hard to freeze in the first place? Almost like they don’t give a shit who’s creating the debts as long as some poor somewhere can be held to account for it.
100% this.
Freeze credit on the big 3 websites. I unfreeze when needed like when I financed my car, then lock them up again.
It is a pain, and be sure not to lose the passwords. Turn on MFA where ever possible. Do not use correct answers for secret questions, use made up answers and keep track with a pw manager.
Check your credit every year for mistakes or oddities.
If you live in California, contact data brokers like Lexus Nexus or Red Violet and have them delete your profile.
God I hate modern society.
It’s considerably easier using the websites vs. their apps. Don’t forget to enable 2FA!
It’s not that big of a pain. It took me just a few minutes to make the accounts and then freeze everything. I already get credit card ads in the mail, so what else is new, and everything in my email goes to the spam folder.
I’ve had three security breaches in the last year or so. I think of you have any sort of accounts anywhere at this point part, or all, of your identity is out there.
Where’s my check
The recommendation in the article was to freeze my credit reports. Fucking awesome. Equifax locked me out for 24 hours trying to access my account and Experian won’t even let me access my account because their website is apparently unable to text me a four-digit code. Now I have to call and deal with customer service for both of them. At least TransUnion let me do it almost immediately.
Having to deal with this inevitable shitshow is the only reason I haven’t done this yet. Every interaction I’ve ever had with these two companies has been a dumpster fire.
It was easy for me. I was able to do all three online with no issues. Just offering some anecdotal evidence to offset one other persons story.
Trying now. So far,
Equifax website logged in fine but I got sidetracked by something else so it timed me out. Try to login again and it gives me a blank page. Disabled ad blockers, cleared cookies, closed browser etc… Same thing.
Experian website says my email doesn’t exist (an email I previously setup specifically for Experian). Ok submit lost password form using phone number and social… It says to enter the code texted to the same number which they’re showing as existing… Never get the code. Resent code. Never get the code. Click “sign in another way”, taken back to original login page.
TransUnion absolutely flawless.
Now I have to go slide my cock back into the blender which is Equifax and Experian in hopes I can access my own information before a hacker does. I’d say it’s 50:50 odds on that.
Edit:
Tried Experian “forgot username” option. It asks for date of birth and full social. Says the shit doesn’t match! How in the actual fuck?
[deleted]
I froze my credit once and I’ll never do it again. Almost stopped the purchase of my house because it took so long to unfreeze. Screw that.
But if you don’t, someone could use your now stolen SSN to do things like take out loans in your name. I don’t think it would be too hard to unfreeze it before you started house shopping.
You don’t think but I know.
You said you were about to buy it. I’m saying before you even start looking for a house.
That’s fair, but I forgot since it was frozen for years. Doesn’t really matter. The point is that it takes a lot longer than people think.
In the sense of “Simpsons did it!”:
Equifax did it first.
Sure wish the massive corporate incompetence and malfeasance causing huge data leaks multiple times over the years would get mentioned every time one of these stories comes up.
Hackers did blah, this WOULD ALMOST matter, but!
We need to start redirecting some of those board bonuses and CEO dollars back into infrastructure to actually secure this shit as a required responsibility and stop places from being allowed to request personal information they shouldn’t have.
These companies should be paying fines in the BILLIONS of dollars for their malfeasance. I got a notice from work this morning, this is horrifying.
The past addresses thing is kind of spooky. I once got a bequest of stock options from the company I worked for and they were claimable online. One of the ways in which they verified my identity was to have me pick out actual addresses I’d lived at in the past (one of them more than 15 years prior) from a list containing other addresses. Somebody with access to a list of my past addresses might have been able to claim my fifty grand worth of options before I did.
I hate those verifications. I view it like drm in software - it’s more of a hindrence for the user than it is for the bad actor.
All your shit was already out there. Might as well fuck up your credit before somebody else does.
Can we just pass a law or act that allows a person to discharge any debt they deem fraudulent? Like if it is known the person had their data leaked and they are signed up for something sketchy we should be able to legally and for free dispute that account/charge/service and have it stricken from our life. To prevent someone from just taking advantage of it though it should also automatically change your SSN or other personal ID number and freeze other accounts that are legit until they are paid in full. Most people would need to use this service at most once in their lifetime.
This is already the case, it’s not a law, but contracts. You’re not in fact a party to the agreement, so you’re not beholden to the terms.
We already have that, it’s called debt verification. If they can’t prove the debt is really yours, you’re off the hook.
Looks like I’m not alone this year.
Why have this insecure system if security is right in the name! /j
Bleeping Computer - News Source Context (Click to view Full Report)
Information for Bleeping Computer:
MBFC: Least Biased - Credibility: High - Factual Reporting: High - United States of America
Wikipedia about this sourceCBS News - News Source Context (Click to view Full Report)
Information for CBS News:
MBFC: Left-Center - Credibility: High - Factual Reporting: High - United States of America
Wikipedia about this source
