Another data breach has affected countless unsuspecting people due to lax security measures. Billions of personal records may soon be leaked online after allegedly being obtained from a Florida-based firm specializing in background checks and other private information requests.
The criminal gang known as USDoD has reportedly put the database up for sale for $3.5 million on an underground forum, claiming the trove includes 2.9 billion records on individuals from the United States, Canada, and the United Kingdom. This alarming breach raises significant concerns about data security and the potential implications for millions of individuals.
Morgan & Morgan takes cyber security and data breaches very seriously. If you’ve been affected, contact us now. Here’s what you need to know.
The Alleged Breach
The Database and Its Contents
The stolen data is said to include a staggering amount of personal information:
- Full names
- Current and past addresses (spanning at least three decades)
- Social security numbers
- Information about parents, siblings, and other relatives (including some who have been deceased for nearly 20 years)
USDoD claims that this information was not scraped from public sources, suggesting a severe breach of private databases. The information appears to be comprehensive, though there may be duplicate entries within the dataset.
Verification of the Data
Infosec watchers at VX-Underground have managed to view the database and verify that at least some of its contents are real and accurate. Their assessment reveals that the 277.1 GB file contains nearly three billion records, predominantly of people who have lived in the United States, including U.S. citizens and residents, as well as Canadians and Brits.
Source of the Breach
The data was allegedly stolen from National Public Data, a small information broker based in Coral Springs, Florida. This firm offers API lookups to other companies for services like background checks. Despite inquiries from The Register, National Public Data has not responded to the allegations.
Who Is USDoD?
USDoD is a criminal gang known for previous data breaches. Notably, they previously sold a 3 GB+ database from TransUnion containing financial information on 58,505 individuals. They also touted personal information belonging to 3,200 Airbus vendors after an intrusion at the aerospace giant last September.
Implications of the Data Leak
Personal Privacy and Security Risks
The potential leak of this database poses severe risks to personal privacy and security. With access to full names, addresses, social security numbers, and familial information, criminals can engage in identity theft, financial fraud, and other malicious activities. Individuals affected by this breach may face:
- Unauthorized credit applications and loans
- Tax fraud
- Compromised social media and email accounts
- Phishing and targeted scams
The Importance of Data Opt-Out Services
There is a slight silver lining: according to VX-Underground, the database does not contain information from individuals who used data opt-out services. This highlights the importance of opting out of data collection where possible to protect personal information from such breaches.
Steps to Take if You Are Affected
If you suspect that your information may have been part of this breach, here are some steps you can take to protect yourself:
1. Monitor Your Credit Reports
Regularly check your credit reports for any unusual or unauthorized activity. You can request free reports from major credit bureaus like Equifax, Experian, and TransUnion.
2. Place Fraud Alerts or Credit Freezes
Consider placing a fraud alert or credit freeze on your credit reports. A fraud alert warns creditors to take extra steps to verify their identity before opening new accounts. A credit freeze restricts access to your credit report, making it harder for identity thieves to open accounts in your name.
3. Change Passwords and Enable Two-Factor Authentication
Change passwords for your online accounts, especially those related to banking and personal information. Use strong, unique passwords and enable two-factor authentication (2FA) where possible for added security.
4. Watch for Phishing Attempts
Be cautious of emails, phone calls, or messages that ask for personal information. Verify the sender's identity before providing any information and avoid clicking on suspicious links.
5. Contact Financial Institutions
Notify your bank, credit card companies, and other financial institutions about the potential breach. They can monitor your accounts for unusual activity and take steps to protect your information.
6. Stay Informed
Keep up with news and updates regarding the breach. Authorities and cybersecurity experts may provide additional recommendations and resources for affected individuals.
Contact Morgan & Morgan for Help
For those affected by data breaches, seeking legal recourse may be an option. Morgan & Morgan is dedicated to helping victims of data breaches and identity theft. Our experienced attorneys can guide you through the process of protecting your rights and seeking compensation for damages incurred due to the breach.
Wondering if you have a claim? Take our quiz in minutes and find out.
