There’s a 75% chance that *your* Social Security Number was leaked. What should you do?
The story starts with a company called National Public Data, which gathered and aggregated data about you, me and the rest of the US population, then sold it to companies who wanted to target us for sales. They did a good job and were making a lot of money, but what they didn’t do well is protect our data. A hacker group named USDoD broke in and stole 272 million Social Security Numbers from them and offered it for sale. But before USDoD could sell the data on the dark web, another threat actor, Fenice, swiped the data from USDoD and published it on the dark web for free. You can’t make this stuff up.
If you want some insight into how to protect yourself now that your data is probably on the dark web, please read further.
More Info:
What you can do to protect your personal information
SSA.GOV
How to place or lift a security freeze on your credit report
USA.GOV
What to do right away (if you become a victim)
identitytheft.gov
More details about the breach
ZDNet.com
You can use one of several sites to check if your SSN was part of the breach, but I contend that it doesn’t matter. Whether your SSN was hacked this time or not, you should act as if it was
(because someday, it will be).
For those who want to check, you can use npd.pentester.com. Others require you to enter your SSN, which I’m not comfortable doing.
Most days, I, like most of you, receive emails warning that my financial information—like my name, address, email, social security number, or credit card details—has been compromised. It’s a constant reminder of the importance of protecting our identities. So, what steps can you take to ensure your finances remain safe?
This article is mostly about locking up your financial identity and protecting your financial accounts from a successful attack. However, the precautions apply to other online accounts as well. We are writing this article because we have received several questions from clients regarding the numerous emails they have been receiving about breaches and leaked data. In a breach earlier this year (or perhaps late last year) 2.9 billion identity records and an estimated 272 million US citizen Social Security Numbers were leaked to the dark web. That puts your chance of being among them quite high.
The dark web is a constantly shifting landscape of overseas hackers, and no commercial service can keep up with these ever-changing threats. Instead, focus on practical steps you can take to protect your privacy.
Here are some key actions you can take:
Freeze Your Credit
Consider freezing your credit at the major credit-reporting agencies—Experian, Equifax, and TransUnion. This prevents anyone from checking your credit without your permission, protecting your personal information from being used to open new accounts in your name. You can temporarily lift the freeze when you need to establish credit. Steps on freezing your credit can be found here. Yes, you have to freeze your credit at each of the three agencies individually.
Strengthen Your Logins
Use long, unique, complex passphrases for any financial accounts and enable two-factor authentication. This adds an extra layer of security, making it harder for attackers to gain access. If you are worried that you won’t remember the long, unique, complex passphrases, then use a password manager. You may not care that much about your local newspaper account credentials, but you really should care about your financial account credentials.
Use Multifactor Authentication
Accept your financial institutions offer to enable multifactor authentication. It could send you a text code when you login into your account. It takes another 30 seconds to login, but it reduces your chances of a hacker getting into your account by over 95%.
Monitor Your Accounts Regularly
Even if you don’t conduct business online, regularly logging into your bank accounts can help you spot any suspicious activity early.
Set Up Alerts
Ensure your financial institutions have alert notifications set up for your accounts. This way, you’ll be notified immediately of any suspicious activity.
Review Your Credit Reports
Regularly pull your credit reports and review them for any unfamiliar accounts or transactions. Many banks now offer access to your FICO score through their mobile apps, allowing you to monitor changes easily.
Secure Your Debit Card
Make sure you have a debit card linked to your bank account, even if you don’t use it. Lock it through your banking app to prevent unauthorized use and unlock it only when necessary.
By taking these steps, you can significantly reduce the risk of identity theft and ensure your personal information remains secure. Stay vigilant and proactive in monitoring your accounts and credit reports to protect your identity.
Take home message:
Freeze your Credit!
If you have questions about this, please let us know and we will be happy to assist you.
Take care,
