Every day, there’s another screaming headline about “the biggest data breach in history.” This time, however, it really may be “the big one.”
In August 2024, a dark web hacker dumped 2.7 billion data records—including Social Security numbers—on a dark web forum. This information allegedly came from a background-checking service called National Public Data. Each record allegedly contains a person’s name, mailing address, Social Security number, and any other sensitive information, such as relatives’ names.
The hack originated from an incident on April 8th, when a known cybercriminal group named USDoD said it had gained access to the personal data of 2.9 billion people from the United States, the United Kingdom, and Canada. The group said it was selling the entire data dump for $3.5 million.
The National Public Data Breach: How at Risk is Your Data?
While this data breach appears very serious, there’s still much debate around how much data is truly involved and who is at risk. Leaked data sets from this hack show incomplete and duplicated information, leading many to believe the leak may not be as catastrophic as it is billed.
Even if this hack is only half as bad as anticipated, you still run a very high personal risk. With your name, address, birthday, and Social Security number, hackers can use your information to:
- Apply for jobs, and consequently, run up tax bills
- Apply for mortgages
- Secure car loans
- Open credit cards in your name
- Create accounts on social media and many other forums
…and, in general, impersonate you in just about every meaningful way. This nightmare scenario could make you liable for any debt they incur or the nefarious acts they do. Proving it wasn’t can be difficult, expensive, and often fought in legal courts.
In this digital age, we may never be 100% free from the risk of our data being hacked. But there are things you can do to better monitor your data and hopefully prevent this impersonation before it starts. Let’s get into it.
Freezing Your Credit: How to Prevent Hackers from Impersonating You
Truth is, data dangers are much larger than just the National Public Data Breach. Hackers are everywhere, and your data could be leaked at any time. That’s why we in the cybersecurity community have always recommended that everyone “freeze their credit.”
Freezing your credit is an effective way to thwart hackers because it restricts access to your credit report. This makes it difficult for identity thieves to open new accounts in your name. It’s important to note here that freezing your credit will not close off your credit cards and keep them from being used. It will simply shut down new applications for your credit.
Here’s how to freeze and manage your credit.
National Public Data Breach: Seven Steps to Freezing and Managing Your Credit
#1—Start by Visiting the Major Credit Bureau Websites
Equifax, Experian, and TransUnion are the three major credit bureaus. You’ll need to freeze your credit at each one separately. You can do this online, over the phone, or by mail. Here’s additional information on the topic from usa.gov.
#2— Create or Log into Your Accounts
Do you already have an account with these bureaus? If so, you’ll simply need to log in. If you haven’t yet done this, now is the time to create your account. This usually requires you to verify your identity by answering security questions and providing other personal details, including your social security number.
#3—Initiate a Credit Freeze
Now that you’ve logged in find the option to initiate a credit freeze. You’ll find this under labels such as “freeze my credit” or “security freeze.” Follow the prompts to complete the process. Keep in mind that you’ll need to do this with each of the credit bureaus individually.
If you have dependent children at home or a financial power of attorney for a loved one, you can also freeze their credit. This is especially important, as this kind of impersonation is often not caught for years. People simply don’t think of checking for it. This is one way to protect their financial future before it even gets started.
#4—Carefully Store Your PIN and/or Password
Once your credit is frozen, each bureau will provide you with a PIN or a password. Treat this like gold because you will need that PIN to unfreeze your credit in the future.
You can save that PIN in a secured password vault. Even better, write it down and save it in a fireproof safe. Don’t leave this PIN out in a file or a password book that others can easily access.
#5—Carefully Manage Your Credit Freeze
While it’s a great idea to have your credit frozen on a daily basis, there will be times that you have to temporarily lift the freeze. For instance, you’ll need to suspend the freeze when you apply for a car, card, or mortgage credit.
Fortunately, this is easy to do by going back into your account and having the freeze lifted. You can also choose to permanently remove the freeze if you decide you no longer want that protection.
The trick, of course, is to remember to do this every time you apply for credit. It’s also important to give the appropriate amount of time for the freeze to go through. A freeze can be initiated pretty much instantly if it is done through your online account. Initiating the freeze by letter or phone will take far longer.
#6—Understand the Differences Between Freezing and Locking Credit
There is a lot of disinformation around the subject of freezing versus locking your credit. Remember, a credit freeze is always free and is the strongest protection you can get under the law. Credit locks offered by major national firms like LifeLock are similar, but they are paid and offer additional monitoring services. They do not offer the same legal protections you’ll get with a simple credit freeze.
#7—Regularly Monitor Credit Reports for You and Your Dependents
Freezing your credit is a great first step. You’ll need to follow up by regularly monitoring your credit reports for suspicious activity. Each year, you are entitled to a free credit report from each credit bureau. Here’s a guide to doing that from the Consumer Financial Protection Bureau.
As always, it’s important to carefully review your credit card statements each month. Any suspicious activity you see should be reported immediately and taken off your bill. If your credit card company suspects someone is using a card that isn’t you, they’ll issue you a new card and number immediately.
A Cybersecurity Reminder to Corporate Leaders Handling Client or Employee Data
While I’ve been discussing how to protect your personal financial data from the national public data breach, it’s also important to remember that your company can be the source of a personal data breach.
If you hold a position in your company that gives you access to your clients’ or employees’ personal data, now is a good time to re-examine how that information is stored and shared. Specifically, you should:
- Ensure no one can access your systems without a password and a secondary form of identification, such as multi-factor authentication.
- Think through the levels of access to sensitive data. Remove access and searchability to these files so that only a few trusted team members can view the information.
- Consider a zero-trust authentication framework, which continuously verifies users while they are working in your networks.
- Implement Endpoint Detection and Response so that unusual activity on your network’s devices can be found quickly and hackers can be caught in the act before any damage is done.
Interested in Preventing Data Breaches at Your Company?
Integris can help. We offer managed IT services to small and medium-sized companies across the US. Contact us for a free consultation.