A new lawsuit is claiming hackers have gained access to the personal information of “billions of individuals,” including their Social Security numbers, current and past addresses and the names of siblings and parents — personal data that could allow fraudsters to infiltrate financial accounts or take out loans in their names.
The allegation arose in a lawsuit filed earlier this month by Christopher Hofmann, a California resident who claims his identity theft protection service alerted him that his personal information had been leaked to the dark web by the “nationalpublicdata.com” breach. The lawsuit was earlier reported by Bloomberg Law.
The breach allegedly occurred around April 2024, with a hacker group called USDoD exfiltrating the unencrypted personal information of billions of individuals from a company called National Public Data (NPD), a background check company, according to the lawsuit. Earlier this month, a hacker leaked a version of the stolen NPD data for free on a hacking forum, tech site Bleeping Computer reported.
What’s to stop someone from in unfreezing your credit if they literally know everything about you and have all the info at their fingertips
It’s like running away from a bear… you don’t have to outrun the bear, just the other people running from the bear. If someone wants your identity, they’re probably gonna get it if they’re determined enough. The way these hacks usually work, though, is you just buy a chunk of the data, maybe 10k records. Then, they use automated tools to try and open accounts under those ID records. If it fails, no biggie, they just move on to the next record.
There’s no such thing as perfect security of course, but in this case it’s because having my phone number and address isn’t the same as having my phone. So short of a SIM clone or something like that, the MFA on those accounts still adds one layer of protection. There’s also “security” questions and, protip, the answer to what high school I went to is not which high school I went to. It’s just another, different pass phrase.
I’m just not worth the trouble to beat all the extra layers of security when there’s millions of people who’s money is far easier to get at.
The pyramid of pain.
Make it hair pullingly difficult to find the good stuff.
You want my name? Fine.
My number? Here’s my google voice digits.
My email? I’ve got dozens.
My home address? I’m gonna need something from you.
The above leaked current and previous addresses tho
They have to know to unfreeze. It’s an extra step, and unless you’re a particularly juicy target, it’s easier to move onto the next one.
/guess
Unfreeze also generally requires a PIN or tied to a login/accessible email. So not only would they need your info, they’d also need your credentials.
Defense in depth. More layers = more hurdles = deterrence.
Does anybody know the process to unfreeze? I froze mine years and years ago but I don’t recall setting a pin or even remember what it was if I did. It’s going to be a huge PITA next time I need a loan for something. I’ve nearly almost signed up for a new credit card before remembering that I froze all my accounts and abandoning the process because if the aforementioned PITA.
They may have sent you an email with the PIN but if you weren’t paying close attention you could have missed it. If you save your emails it may be worth doing a search.
All the more reason to do it yourself, they all mostly require accounts with 2FA now. Until you set that up, a bad actor could. Once set up, they would have to compromise your second factor as well.