(Rightallegiance.com) – In a massive data breach that may have compromised the Social Security numbers and other sensitive information of millions, a notorious hacking group called USDoD claims to have stolen personal records from National Public Data.
The breach, which reportedly occurred in April 2024, involves 2.9 billion records from the U.S., Canada, and the U.K., according to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Florida. The stolen data, totaling 277.1 gigabytes, includes names, addresses, relatives, and Social Security numbers dating back over three decades.
USDoD allegedly posted these records for sale on the dark web for $3.5 million, as reported by a cybersecurity expert on X (formerly Twitter). The data was later leaked by a hacker known as “Fenice” in August, providing what is believed to be the most complete version of the stolen information. The leak, which includes nearly all the details required for identity theft, has sparked major concerns among cybersecurity experts.
Teresa Murray, consumer watchdog director for the U.S. Public Interest Research Group (PIRG), emphasized the potential risks posed by this breach. “If this is the entire dossier on all of us, it’s much more concerning than prior breaches,” Murray stated. She warned that the leaked information could enable bad actors to take over bank accounts, create fake identities, and cause widespread financial chaos.
National Public Data, the company targeted by the breach, has yet to officially notify the public about the incident but claims to have purged its database of all non-public personal information. However, cybersecurity analysts who have examined portions of the leaked data suggest that it appears to be authentic.
With sensitive information now potentially available to criminals, experts urge individuals to take immediate precautions. Placing a freeze on credit files with major credit bureaus (Experian, Equifax, and TransUnion) can help prevent unauthorized financial activities. Additionally, monitoring services that keep an eye on the dark web and existing accounts can offer further protection against identity theft.
While these measures are crucial, Murray notes that even those who have not signed up for online access to their accounts might be at higher risk. Thieves can exploit this vulnerability by creating logins and passwords under a stolen identity more easily than hacking into an existing account.
The breach underscores the importance of being proactive about protecting personal information, especially as data breaches become increasingly common. As millions of people potentially face identity theft, the need for vigilant personal cybersecurity practices has never been more urgent.