Another day, another data breach. The AT&T incident we discussed last month is still in our rearview mirror, yet now we have an even more egregious incident to contend with – I’m referring to the National Public Data breach, revealed to have leaked nearly 3 billion personal records which include names, phone numbers, addresses, and worst of all social security numbers.
What happened?
National Public Data (NPD) is a background-checking service that gathers personal information from non-public sources (i.e. without that person’s knowledge or permission) and makes it available to entities such as law enforcement and private investigators. If you want a detailed breakdown of the “how” and “when” of their enormous data breach, this site does a great job of laying it all out. In a nutshell, NPD mistakenly published the credentials to their backend database online, which allowed a hacker to simply login and download the information completely unencrypted. The information in question contains everything a bad actor needs to open new credit lines or obtain loans while posing as someone else. It’s a perfect example of how our online security can be compromised completely outside of anything we can control, and all without any hacking or social engineering thanks to basic human error.
This all went down in December of 2023, but only recently gained traction in the news due to a class-action lawsuit being filed against NPD by some of the initial affected victims.
What can I do?
The first thing you should do is assume your information was included in the breach. There are sites available where you can actually confirm for sure whether your social security number was affected, but at this point it’s safer and more pragmatic to just take it as a given.
The next thing you need to do, if you haven’t already, is put a freeze on your credit reports. If you’ve never done this or have no idea what it means, here’s a very quick breakdown.
There are three major credit bureaus, each compiling credit reports for American citizens: Experian, Equifax, and TransUnion. Any time you apply for a credit card, a home loan, or anything else that affects your credit score, that information is reported to each bureau and added to your report. You can create an online account (for free) at each one of these bureaus and view a copy of your own credit report (for free) once a week. You can also, if you want, place a lock on your credit report, or “freeze” it, so that credit checks or applications have to go through an extra layer of security before they’re approved.
Anyone with your social security number trying to open a line of credit or apply for a loan in your name will be unable to do so if all three of your credit reports are frozen. In fact if you’re not anticipating any big purchases in the near future such as a house or a car, you should probably just leave the freezes in place indefinitely. Due in no small part to the insipant rise of data leaks and identity theft cases, requesting a credit freeze is now fast and easy, and your request legally must be processed within one day.
Here are the websites for the big three:
Note that it’s common for small differences to exist among the different bureaus’ reports, but if you notice an address or a phone number listed that doesn’t belong to you, or any recent credit checks or applications in other states, those can be big red flags that someone has already attempted to use your identity. In that case, you can also open a credit dispute online with each bureau (for free) so they can investigate.
As always, good online security habits such as using good passwords should never be forgotten, but setting up credit freezes is fast and easy, so why wait? No time like the present!
Steve Shannon has spent his entire professional career working in tech. He is the IT Director and Lead Developer at PromoCorner, where he joined in 2018. He is, at various times, a programmer, a game designer, a digital artist, and a musician. His monthly blog "Bits & Bytes" explores the ever-evolving realm of technology as it applies to both the promotional products industry and the world at large. You can contact him with questions at steve@getmooresolutions.com.