Hackers may have stolen the Social Security numbers of every American. Here's what to know

Thursday, August 15, 2024
It could be the worst data breach ever -- one that reportedly resulted in the theft of the social security numbers of every American.

According to a federal class-action lawsuit, the hacking group claims to have stolen personal information of nearly 3 billion people from National Public Data, a background check company.

The stolen information also includes names, addresses, birth dates, and phone numbers.

The hackers have reportedly released most of the data for free on an online marketplace.

What to do if your personal info has been exposed in a data breach


As more of our lives move online, our personal data like email addresses, phone numbers, birthdates and even passcodes are becoming ever more vulnerable to theft or being mistakenly exposed.

In malicious breaches, cybercriminals can use stolen data to target people with phishing messages, or by taking out loans or credit cards in their name, a common and harmful type of identity theft.



Here are some tips to protect yourself.

Be aware


In the United States, there's no federal law compelling companies or organizations to notify individuals of data breaches, but it's standard practice for them to inform affected customers and often provide identity protection services, said Oren Arar, vice president of consumer privacy at cybersecurity company Malwarebytes.

The situation is better in the European Union, where the 27-nation bloc's privacy regulations require disclosure of certain types of breaches.

Hackers hit Roku, gaining access to data from hundreds of thousands of accounts
Hackers hit Roku, gaining access to data from hundreds of thousands of accounts


Even after a breach has been made public, cybersecurity experts say people need to remain vigilant. Be on guard for phishing and other social engineering attempts, in the form of emails or phone calls purporting to be from the hacked organization or someone offering help. Contact the company or organization involved to see if they can confirm it. But use their official website, smartphone app or social media channels - don't use links or contact details in any messages you've been sent.

Keep monitoring


Data breaches are rampant and it can be hard to keep track of them through individual notifications. There are online services that you can check, like Have I Been Pwned, a free website that shows if your email has been involved in a data breach.

Malwarebytes' Digital Footprint Portal does a similar job but it can also check whether your info has been posted on the dark web.



"When public data breaches occur, cybercriminals gather as much data as possible so they can sell it on the dark web," said Darren Guccione, CEO of Keeper Security, which makes password protection software and offers a tool, BreachWatch, that scans the dark web to see if your personal information shows up there.

The Associated Press contributed to this report.

Copyright © 2024 KABC Television, LLC. All rights reserved.