Potential Breach Exposes Billions of Social Security Records: Security Experts Sound Alarm

ByMat Blake
Potential Breach Exposes Billions of Social Security Records: Security Experts Sound Alarm

In a shocking development that could impact millions, security experts are warning of a massive data breach involving a background check service, potentially compromising billions of Social Security and address records of individuals across the United States, the United Kingdom, and Canada.

The breach reportedly affects a background check service linked to National Public Data (NPD), a data brokerage known for aggregating publicly available information.

The Breach Unveiled

According to reports from BleepingComputer, a hacking forum has recently been abuzz with claims that a user has obtained a massive cache of documents from NPD.

The alleged breach was first highlighted in April 2024 when an individual on the forum advertised the stolen data for a hefty $3.5 million.

This cache reportedly includes approximately 2.9 billion files, encompassing not only Social Security numbers but also detailed address records and potential aliases for individuals.

The data, believed to be harvested by scraping publicly available records, is used by private investigators and in background checks.

NPD’s modus operandi involves aggregating and organizing this data into comprehensive profiles, which are then made available for various investigative purposes. However, the security of this data has come into question following the alleged breach.

Scope and Verification

The hacking forums initially featured claims that the breach affected every person in the U.S., the U.K., and Canada. While BleepingComputer was unable to independently verify the accuracy of this claim across all three countries, some verification was achieved.

Reporters confirmed that several individuals whose details appeared in the breached cache had accurate Social Security numbers and addresses, though some records contained outdated or incorrect residential information.

Moreover, the data’s unencrypted nature raises concerns about widespread dissemination. Portions of the breached cache have since been made available for free on the hacker forum Breached, which may have accelerated the spread of this sensitive information across the dark web.

Legal and Company Response

In response to the breach, Jerico Pictures, the company believed to operate under the National Public Data name, has been hit with a class-action lawsuit.

The lawsuit alleges negligence in protecting the vast troves of personal data, which is now exposed and at risk of misuse. Jerico Pictures has yet to respond to specific requests for comment on the breach or the lawsuit.

According to the Los Angeles Times, the company has stated that it has “purged” its entire database as a precautionary measure and is “investigating” the claims related to the breach.

However, this response has done little to alleviate the concerns of affected individuals and cybersecurity experts.

Advice for Affected Individuals

In light of the breach, security experts are advising individuals to take immediate action to protect their personal information.

The primary recommendation is to place a freeze on credit reports, which can help prevent identity theft by blocking new credit inquiries.

Additionally, individuals are urged to monitor their financial statements and report any suspicious activity to the authorities.

As the investigation continues, affected individuals should remain vigilant and proactive in safeguarding their personal information.

This incident underscores the critical importance of robust data protection practices, particularly for organizations handling sensitive information on such a massive scale.

As more details emerge, it will be crucial to assess the full extent of the breach and implement measures to prevent future occurrences. The cybersecurity community and affected individuals alike will be watching closely as this situation develops.

Trending News