SSA Data Breach

Hello and welcome back. I hope you are having a good day and that God is blessing you and yours.

I know you may have heard about the massive data breach that involves 2.9 Billion people globally. At the time I am writing this blog post it will be well into a week maybe two that it has happened. I have been searching the internet and not found much on it on Yahoo, Google or Bing. I hope more will come out when this blog posts. So grab a coffee and let's delve into this massive data breach.

After about an hour of search the news sites I and not finding anything, I did find an LA Times article on DuckDuckGo. I will leave a link so you can read the entire article in its entirety if you like.

HTTP://www.msn.com/en-us/money/other/massive-data-breach-that-includes-social-security-numbers-may-be-even-worse-than-suspected/ar-AA1oW0B9?ocid=socialshare

The article starts out:

The company whose data breach potentially exposed every American's Social Security number to identity thieves finally has acknowledged the data theft — and said hackers obtained even more sensitive information than previously reported.

National Public Data, a Florida-based company that collects personal information for background checks, posted a "Security Incident" notice on its site to report "potential leaks of certain data in April 2024 and summer 2024." The company said the breach appeared to involve a third party "that was trying to hack into data in late December 2023."

It goes on to say that "According to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Fla., the hacking group USDoD claimed in April to have stolen personal records of 2.9 billion people from National Public Data. Posting in a forum popular among hackers, the group offered to sell the data, which included records from the United States, Canada and the United Kingdom, for $3.5 million, a cybersecurity expert said in a post on X.

Last week, a purported member of USDoD identified only as Felice told the hacking forum that they were offering “the full NPD database,” according to a screenshot taken by BleepingComputer. The information consists of about 2.7 billion records, each of which includes a person’s full name, address, date of birth, Social Security number and phone number, along with alternate names and birthdates, Felice claimed.

None of the information was encrypted."

They also have a video on that you may wish to watch while there. It states that the data breach included email addresses, home addresses, birthdates and Social Security Numbers. This is truly alarming and needs our attention. There are steps that I have taken and that this article recommends everyone to do. First thing is to freeze your credit now with the three big credit Bureaus as soon as possible. Links below.

Equifax - https://www.equifax.com/personal/credit-report-services

Experian - https://www.experian.com/help/

TransUnion - https://www.transunion.com/credit-help

I have frozen my credit with the first two, however at the time I am writing this blog I could not with TransUnion. I believe it is of my own doing, since I put all my devices behind a VPN. I will try without the VPN after writing this.

This is the bare minimum that you should do. You really should download all the apps and allow them to send you notifications. This allows you to be notified if anyone attempts to open anything in your name.

We must take charge of our own security at all times, and that means educating ourselves and being proactive. The report states in the video that many are getting "breach fatigue" do not fall into this category, we must stay vigilant at all times.

We need to also convey this to our loved ones and dear friends we care about,

I have recently tightened up all my security by updating and changing passwords, turned on 2FA on all my logins and where it is accepted started to use a YubiKey and a password manager to help stay secured. I also stress to my wife and kids how important it is to use encrypted email and text messengers.

Not only that, but I watch a lot of security YouTubers, and they as well as myself find it very annoying that a lot of websites and apps do not use YubiKeys as a primary means of security. Not sure if it is due to more code needing written or what ever the case maybe, but they are by far the most secure. Also turn on biometrics on your mobile device as well. I thought at one time that my fingerprint and face would be stored on the web if I did this but after doing my research found that is not the case or that is what Samsung says. LOL. I am still a little skeptical about doing so. Lol.

I recently purchased two YubiKeys. They recommend this so you have a backup. One you carry and the other one in a very safe place. These can be used with over 1000 accounts.

https://www.amazon.com/Yubico-YubiKey-USB-Authentication-Security/dp/B07HBD71HL/ref=sr_1_1?crid=JYDHKJ2LZOLT&dib=eyJ2IjoiMSJ9.yZvUmdK_VLlOE_TrNMDvY26X-jZkel55JqfOH0OHlJlIntNH1XfxbxqfAV0SkkDjFYIgJNOwv7ydHPSDa8xuTBo9dXfpZ07llB2FsQCMdwV2MpPsiISOhUQbb7D3IRM-Mu1JyQAGAgDiTbU_wDNUPg.GzTJ8LJ4CLpvllw5T_91iHAeTXzCxFMfxfR2f2w_YH8&dib_tag=se&keywords=yubikeys+5+nfc&qid=1723906986&sprefix=yubikeys%2Caps%2C151&sr=8-1

The ones above will do all except biometrics. The ones that do biometrics cost several hundreds of dollars, and for the average user these are fine.

I do hope that one day all these very smart individuals will eventually get the security locked down without infringing on our rights or personal privacy. I do not understand how the hackers can use their God Given talent to do harm to so many individuals instead of using it to help everyone as God intend it to be used.

Well, I hope I have given you some advice you can use and will use to protect yourself.

So long for now and God bless everyone.

Pop Pop.