NationalPublicData.com Breach Exposes 2.9 Billion SSNs: Protect Yourself

NationalPublicData.com Breach Exposes 2.9 Billion SSNs: Protect Yourself

We previously reported last month that NationalPublicData.com, a widely-used public data aggregation platform, had suffered a massive system breach, exposing 2.9 billion Social Security Numbers (SSNs). This incident marks one of the largest data breaches in history, leaving millions vulnerable to identity theft and fraud.

As details continue to unfold, it’s important to understand what happened, what this breach means for you, and how you can protect yourself in the aftermath.

What Happened?

This summer, NationalPublicData.com, which aggregates and provides access to public records, announced that its database had been compromised by an external party. NationalPublicData.com serves a range of industries and businesses, including financial institutions, insurance companies, and government agencies. The breach affected an enormous volume of personal data, including 2.9 billion SSNs, full names, addresses, and other sensitive information. Given the scale, this breach impacts a significant portion of the global population, as the platform collects data from various sources worldwide.

Initial reports suggest that the breach was a result of a vulnerability in the system’s database security, which hackers were able to exploit. NationalPublicData.com has since launched an investigation and is working with cybersecurity experts to understand the full scope of the breach. However, the exposed data is already circulating on dark web forums, increasing the urgency for those affected to take immediate action.

Why is This Breach So Concerning?

The exposure of 2.9 billion SSNs is particularly alarming because of how SSNs are used in the United States and other countries as a primary identifier. With access to an individual’s SSN, cybercriminals can:

– Open new credit accounts: Fraudsters can use your SSN to open credit cards, loans, or other financial accounts in your name, leading to financial chaos.
– File fraudulent tax returns: Identity thieves can use stolen SSNs to file fraudulent tax returns and claim refunds in your name.
– Gain access to medical records: With an SSN, criminals can access healthcare records or commit medical fraud.
– Commit employment fraud: Stolen SSNs can be used to obtain jobs under your identity, which can create problems with the IRS and impact your credit report.

Beyond these financial and personal risks, this breach could lead to widespread identity theft, damaging the reputations of both individuals and businesses.

What Should You Do If You’re Affected?

If you are one of the millions who have received a CyberAgent Dark Web monitoring alert from us, please read the alert in entirety as it will include a list of recommended actions to take. Remember that an alert is sent when our surveillance technology has discovered information on the internet that matches up to your monitored identity elements. Multiple alerts could mean multiple monitored identity elements were found on various sites. Personal information exposed on the dark web does not necessarily mean your information has been used fraudulently. The actions recommended are proactive steps to prevent any potential risk.

We suggest that you make a practice to do the following:

– Monitor Your Financial Accounts: Keep a close eye on your bank accounts, credit cards, and other financial records for any suspicious or unauthorized transactions. Consider setting up alerts to notify you of any unusual activity

– Change Your Passwords Regularly: While SSNs are the primary concern, it’s a good idea to update your passwords for any accounts linked to NationalPublicData.com or other platforms that store sensitive data. Use strong, unique passwords and consider enabling two-factor authentication (2FA) where possible.

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo credit courtesy: Uriel SC via Unsplash.com

2.9 Billion SSN Records on Dark Web

2.9 Billion SSN Records on Dark Web

A background check service known as National Public Data (NPD) just confirmed that their system has been breached. The company stated that “the breached data may include names, email addresses, phone numbers, social security numbers (SSNs) and mailing addresses.”

Ten days ago a large portion of the database was leaked with an enormous amount of sensitive information, including 2.9 billion social security numbers. Bleeping Computer reported that “the leaks started after a threat actor in April using the alias USDoD offered to sell for $3.5 million 2.9 billion records allegedly stolen from NPD.” The records include citizens from the United States, Canada and the United Kingdom. A hacker known as “Felice” leaked the most complete version of the data for free. Learn More

Because contact information and sensitive background information related to family members, even those who are deceased, are a part of what was leaked, there is a high probability of individuals being victims of phishing attempts. There is also a reputation aspect of the breach that could potentially cause harm to individuals, leading to embarrassment, humiliation and/or emotional distress.

What You Can Do:

– If you have received a Cyber Agent notification from us, contact us immediately at 888.966.4827 (GUARD) so we can help place proactive measures for you.

– Update your passwords for your email and financial institution accounts.

– Enable multi-factor authentication on all of your accounts that offer the service.

– Be on the look-out for phishing attempts. Do not respond to anyone calling, texting or emailing to update your banking credentials. Learn More

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Photo courtesy credit: Erfan Parhizi via unsplash.com

Millions Potentially Exposed by Neiman Marcus Breach

Dallas-based Neiman Marcus Group (NMG), a luxury department store chain that includes Bergdorf Goodman, recently learned that an unauthorized party gained access to a cloud database platform used by NMG that is provided by a third party named Snowflake. The company notified Maine’s Attorney General’s Office that the breach has impacted more than 64,000 customers. The company started mailing notification letters on June 24th. This is not the first cybersecurity incident for Neiman Marcus. Previous breaches are known to have occurred in 2013, 2015 and 2020 for the high-end retailer.

NMG disclosed the incident just as a hacker announced the sale of the database. According to SecurityWeek, although a ransom was demanded, the retailer refused to pay. SecurityWeek also reported that the database sold for $150,000 and allegedly includes information on 180 million users which is far more than the 64,000+ NMG reported. The hacker is now advertising 70 million transactions, 50 million customer email addresses, 12 million gift card numbers and six billion rows of customer shopping records, employee data and store information.

Campaigns have targeted at least 165 organizations associated with Snowflake cloud storage systems, such as Advance Auto Parts, Allstate, Anheuser-Busch, Mitsubishi, Progressive, State Farm and Ticketmaster. We expect to see a heightened volume of cybersecurity incidents surrounding Snowflake and will notify you as soon as we hear any further news. Learn More

Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 888.966.4827 (GUARD) and [email protected].

Memorial Day Hacks and Hamburgers

Memorial Day Hacks and Hamburgers

Memorial Day is a special time of year to honor the men and women who have died while serving in the U. S. military. Originally known as Decoration Day, Memorial Day originated in the years following the Civil War and became an official federal holiday in 1971. Visit History.com for more information.

Always the last Monday in May, this holiday also marks the unofficial beginning of summer fun … pool season, popsicles, and plenty of barbeques. Americans have traditionally observed Memorial Day by visiting cemeteries or memorials, holding family gatherings, and participating in parades. This year the weekend activities may still look a bit different if social distancing, but we will continue to reflect on the sacrifices our soldiers made for us while lighting up our grills. Speaking of, take a visit to Chowhound.com for some amazing tips for the most perfect hamburger ever (80/20 lean to fat ratio ground chuck always!) and clever grilling hacks. Did you know you can use a spare cooler as an insulated warmer to keep food hot and juicy right off the grill? One tip you won’t see there is a favorite of mine … folding a dollop of mayo into each burger patty for optimal juiciness before they even go on the grill. Try it. You’ll love it!

Unfortunately during this time of year crooks might pop up who feed on our gratitude. Watch out for Memorial Day scams where hackers use a patriotic or military approach when contacting service members for money. The Better Business Bureau (BBB) suggests to be on the lookout for five specific scams during this time of remembrance:

Fake military charities. Scammers will send out emails, phone calls, direct mailers and send texts using the same outreach practices as well-known legitimate nonprofits. Be wary of messages that contain words like “disabled,” “heroes,” and “warriors” and always double-check the exact name and spelling of the charity.

Fake rental properties. Scammers take out classified ads and will use photos from legitimate rental properties that promise military discounts or other incentives.

High-priced military loans. No legitimate lender will guarantee a loan as being instantly approved. Watch for ads that may also say no credit check is required. If this is the case, the loan will likely come with hidden fees as well as outrageously high interest rates.

Veteran benefit buyout plans. These plans offer an attractive cash payment in exchange for a disabled veteran’s future benefits or pension payments. The cash payment is typically only 30-40% of what the veteran is entitled to receive.

Misleading car sales. Some websites post ads that contain false discounts for those in the military. There is also an increase of ads that claim to be from soldiers who need to sell their autos quickly due to deployment.

Stay safe this weekend and please reach out to us if needed. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. We are available for you 24/7/365 at 888.966.GUARD (4827) and [email protected].

Photo courtesy Justin Casey via unsplash.com

 

ALERT: Toll Smishing Text Scam – Do Not Click!

ALERT: Toll Smishing Text Scam – Do Not Click!

The Ohio Turnpike and Infrastructure Commission, the FBI and SunPass are warning drivers of a text message smishing scam that requests payment for unpaid tolls. The FBI is recommending that if you receive a message like the one shown below, to take the following actions:

– Do not click the link in the text.

– Contact the FBI’s Internet Crime Complaint Center, also known as IC3, at www.ic3.gov, and include the phone number the text came from and the website listed within the text.

– If you have an EZ-Pass or SunPass account, check it via their legitimate website and let them know about the text.

– Delete the smishing text you received.

– If for any reason you accidentally clicked the link in the text and made a payment, contact your financial institution immediately to help secure your personal information and financial accounts. Contact our Member Services team at 1.888.966.4827 (GUARD) or email [email protected].

Screenshot image of a sample scam on an iphone

Being informed of what steps you may need to take before a slip up happens can help ease the potential damage (and your stress level) if it does occur. Guard Well Identity Theft Solutions exists to provide you, your family and your employees from the damages of identity theft. Please don’t hesitate to reach out if you need help or have any questions or concerns. We are available for you 24/7/365 at 1.888.966.4827 (GUARD) and [email protected].

Consumer Fraud Losses Top $10 Billion

The Federal Trade Commission (FTC) recently released data showing that consumers reported losing more than $10 billion to fraud in 2023. This marks a 14% increase over reported losses in 2022. Fraud data came from 2.6 million consumers last year, nearly the same as 2022. Consumers reported to the FTC that they lost more money to investment scams – more than $4.6 billion – than any other category in 2023. The second highest loss category was imposter scams with losses of nearly $2.7 billion.

The following is a breakdown of the top frauds reported:

– Imposter scams (in business and government impersonators)

– Online shopping scams

– Prizes, sweepstakes and lottery scams

– Investment scams

– Business and job opportunity scams

The method scammers reportedly used to reach consumers most commonly was via email, which has displaced text messages. Phone calls are now the second most reported contact method. LEARN MORE

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

 

Help Spread the Word: Identity Theft Awareness Week

Help Spread the Word: Identity Theft Awareness Week

Welcome to Identity Theft Awareness Week. January 29th to February 2nd, otherwise known as #IDTheftWeek, exists to spread resources so you and your loved ones can stay ahead of identity thieves. Whether you’re a business owner, a young adult, a service member, an older adult or someone caring for a senior, understand that knowledge is power and identity theft knows no boundaries.

With tax season right around the corner, it is especially important to know that one of the biggest signs of identity theft is when you are unable to file your tax return because someone else has already filed one using your personal identifying information (PII). Other signs of identity theft include seeing unfamiliar transactions on one of your accounts and/or seeing new accounts you didn’t open on one of your credit report checks.

Here are five tips from the Federal Trade Commission (FTC) to help protect your identity:

– Read your credit card and bank statements carefully. If there is something that you don’t recognize, check into it. Even though you might have dreamed about a Louis Vuitton handbag, chances are you would know if you purchased one and certainly wouldn’t be footing the bill if you didn’t.

– Know your payment due dates. If a bill you pay regularly, such as your electric or water bill, doesn’t appear in your mailbox (or inbox), contact the provider immediately. The last thing you want is to have anything shut off in the dead of winter or an energy bill that is three times what you were expecting.

– Shred any documents that contain your PII, medical or financial information. Many national chains provide shredding services if you don’t own a personal shredder. Check out your local UPS store or FedEx Office for options.

– Review each of your three credit reports at least once a year. Visit our credit report check for more information.

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

 

Photo courtesy credit: Dylan Gillis via Unsplash.com

 

Scammers are Impersonating FTC Inspector General Katsaros

Scammers are Impersonating FTC Inspector General Katsaros

The Federal Trade Commission (FTC) has released that scammers are using the names of their employees, including the Inspector General Andrew Katsaros to trick people into sending money or giving up their personal identifying information (PII).

What you need to know:

The FTC won’t threaten you or demand a payment. If you receive a phone call or mail with the name of the FTC Commissioner or staff member that threatens some dire consequence if you don’t pay immediately, it’s a scam. Don’t pay.

The FTC doesn’t give out prizes. If someone contacts you claiming that you need to pay to get your prize, it’s a scam. Don’t pay.

FTC employees won’t identify themselves with a badge number. If someone claiming to work for the FTC gives you a badge number, it’s a scam. Don’t fall for it and keep your PII safe!

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Source: Federal Trade Commission

Photo Credit: Courtesy of Bermix Detail via unsplash.com

How to Spot a Scam with Children’s Health Insurance

How to Spot a Scam with Children’s Health Insurance

The cost of health care has skyrocketed in the United States. The very topic is as stressful as it is expensive. Did you know that the United States is the highest spending country on healthcare worldwide? In 2021, total health expenditure exceeded four trillion dollars with per capita health expenditure at $12,555.30. Statista Research recently reported that expenditure as a percentage of Gross Domestic Product (GDP) is projected to increase to approximately 20% by 2030.

During the pandemic, each state’s Medicaid Children’s Health Insurance Program (CHIP) helped millions of families with the cost of healthcare. With the end of the pandemic, states are reaching out to update Medicaid enrollments and scammers are already taking advantage of the situation. CHIP won’t ask you to pay to renew … but scammers will.

Here is what you need to know:

– CHIP won’t charge you to renew or enroll. They may reach out to you via email, phone or text but they will NOT ask you to pay, for any of your personal financial information and especially your credit card number or bank account information.

– Do NOT click! Even if it looks like a message is from your state’s Medicaid agency, if there is anything clickable in a message, assume it is scam and visit medicaid.gov to get contact information for your state’s Medicaid agency.

– Utilize healthcare.gov to complete insurance plans, find coverage and see if you are eligible. The website will ask you for your monthly income and age to give you a quote.

– Understand that medical discount plans are NOT insurance plans. Scammers will pitch discount plans to entice you and make you think they are the same as insurance.

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Source: Federal Trade Commission

Photo Credit: Courtesy of Charles Deluvio via unsplash.com

Major Eyewear Company: Over 70 Million Hacked

Major Eyewear Company: Over 70 Million Hacked

Our security teams have recently discovered large data sets of compromised cyber elements on the Dark Web. On May 19th, the world’s largest eyewear company, Luxottica, confirmed reports of a 2021 data breach from a vendor’s computer network that leaked private information.

Luxottica, based in Milan, Italy, designs and manufactures sunglass and prescription frames. Brands include Burberry, Chanel, Dolce and Gabbana, Georgio Armani, Michael Kors, Oakley and Ray-Ban. The company also owns several retailers selling products such as LensCrafters and Sunglass Hut.

The hacking origin date is November, 2022 with retail customer data exposed being name, email address, physical address and phone number.

The company’s public acknowledgement stated that they discovered through their “proactive monitoring procedures that certain retail customer data, allegedly obtained through a third-party vendor related to Luxottica retail customers, was published in an online post.” The company reported the incident to the FBI and the Italian Police. The owner of the website where the data was exposed has since been arrested by the FBI. The website that leaked the information has also been shut down and the investigation is still ongoing. Learn More

Guard Well Identity Theft Solutions exists to provide you, your family, and your employees from the damages of identity theft. If you have any questions or concerns, please contact our Member Services team immediately. We are always available for you 24/7/365 at 888.966.4827 (GUARD).

Image courtesy credit: uriel-sc-11KDtiUWRq4-unsplash.jpg unsplash.com