April 2024 Data Breach Puts Every American at Risk – Protect Your Identity Now!

In August 2024, a class-action lawsuit revealed that every American’s Social Security number might have been stolen in a massive data breach that occurred in April 2024.

The lawsuit alleges that hackers obtained the personal information of 3 billion people, including every Social Security number in existence, from the background check company National Public Data (NPD). If true, this breach could put every American at risk of identity theft.

Don’t Wait – Freeze Your Credit Now!

While the full details of the breach are yet to be confirmed, it's crucial to take preventive action immediately. Freezing your credit is a simple and effective step to protect yourself.

• Benefits of Freezing Your Credit:
• Free of Charge: Freezing your credit costs nothing.
• No Impact on Credit Score: Your credit score remains unaffected.
• Quick and Easy to Thaw: You can quickly unfreeze your credit if you need to apply for a loan or credit.

How to Freeze Your Credit

Freezing your credit prevents anyone, including yourself, from opening new lines of credit (such as credit cards or mortgages) using your identity. However, you can temporarily unfreeze or "thaw" your credit as needed.

To initiate a freeze, contact the three major credit reporting agencies: Equifax, Experian, and TransUnion. You must freeze your credit with each bureau individually, which can be done online or over the phone. It’s recommended to keep your credit frozen as a default security measure.

If you discover that someone has attempted to open a credit card in your name or notice unauthorized charges, report the issue immediately to the bank or credit card company.

Protect Your Child’s Credit

You can also freeze your children’s credit. Cybercriminals may attempt to create a new identity using a child’s Social Security number – and it often goes undetected until the child turns 18! The Federal Trade Commission (FTC) offers more detailed guidance on this.

A Massive Data Breach Raises Concerns, But Don’t Panic

The alleged hack of a background check company made headlines this week, potentially exposing billions of Social Security numbers. However, cybersecurity experts caution that incidents like this are increasingly common as companies continue to collect vast amounts of consumer data.

The data in question reportedly appeared on hacker forums in April, consisting of millions of records, some containing authentic names and Social Security numbers, according to multiple cybersecurity researchers cited by The Washington Post. Despite the alarming reports, experts believe the scale and severity of the breach may have been exaggerated. It remains unclear how much of the data is genuine or if it was indeed the result of a hack or from scraping publicly available sources.

Hackers on these forums claimed responsibility for the breach, offering to sell or share the data, which they said included personal information from billions of individuals in the United States, the United Kingdom, and Canada. While some of the data has been verified as authentic, cybersecurity expert Troy Hunt noted that the large dataset likely includes fake or recycled information.

A class-action lawsuit filed in August, first reported by Bloomberg Law, accuses National Public Data of failing to protect personal information, including names, addresses, and Social Security numbers. However, neither National Public Data nor the Social Security Administration has responded to requests for comment.

Rob Shavell, CEO of consumer security company DeleteMe, mentioned that his team has not seen any indication that new stolen data is flooding online markets.

James E. Lee, COO of the Identity Theft Resource Center, emphasized that there’s “nothing new” about this data exposure, noting that Social Security numbers have been circulating online for years.

“The steps you need to take today are the same steps you should have been taking all along,” Lee said.

How to Protect Yourself from Fraud and Identity Theft

Freeze Your Credit

A credit freeze blocks any new lines of credit from being opened, making it difficult for bad actors to obtain new credit cards or loans in your name. Freezing your credit does not affect your credit score and can be done easily through the websites of the three major credit reporting agencies: Equifax, Experian, and TransUnion. You may need to scroll down or navigate through the menu to find the option to “manage freeze” or “add a freeze.” After filling out a form, you might be asked to verify your identity – just follow the prompts.

You can lift or remove the freeze whenever necessary by revisiting the website or contacting the reporting agency by phone or mail.

Enable Two-Factor Authentication

Two-factor authentication adds an extra layer of security by requiring multiple forms of verification before accessing an account. This typically involves receiving a code via text message when logging in.

Activating two-factor authentication, either during account setup or later in the settings, is one of the simplest and most effective ways to secure your accounts, according to the Identity Theft Resource Center. Unfortunately, many people skip this step. Always opt-in for two-factor authentication, whether through text messages, emails, or a standalone authenticator app that asks, “Is that you?” each time you sign in.

If you haven’t set up two-factor authentication yet, start with your most sensitive accounts, like banking and healthcare, advised Shavell.

Consider Dark Web Monitoring

Data brokers compile information about individuals to build profiles they sell to advertisers and even law enforcement. If your Social Security number has found its way into a broker’s database, it can be difficult to track down on your own. Signing up for a service that monitors the web for your personal information and sends removal requests on your behalf can provide an added layer of protection.

Revisit Your Password Hygiene

It’s 2024, and using the same password for multiple websites is no longer acceptable. Each account should have a long, unique password that includes a mix of letters, numbers, and special characters.

Worried about remembering all those passwords? Consider using a password manager like DashLane or 1Password, which can automatically generate secure passwords and autofill them when you log in. These tools are typically priced similarly to a Netflix subscription, but Apple and Google also offer free password managers integrated with their operating systems.

If you’re still hesitant to use a password manager, at least avoid using personal information like your pet’s name or your birthday in your passwords, as these can make it easier for cybercriminals to guess, advised Ginny Fahs, Director of Research and Development at Consumer Reports.

Control Your Online Visibility

Making your social media accounts private can significantly reduce the amount of personal information that criminals can access. Public posts on platforms like Facebook, for example, can make it easier for a hacker to impersonate you in a phishing attack targeting your friends or family. Remember to review your privacy settings in apps like Venmo and YouTube as well. Just last month, reporters at Wired discovered that public Venmo transactions of Vice-Presidential candidate Senator JD Vance (Ohio) provided a glimpse into his social connections.

Delete Unused Accounts

Don’t just abandon accounts you no longer use – delete them. This reduces the amount of personal information you have online, such as an old Myspace account, and can prevent companies from sharing or selling your data in the future.

“If you’re no longer using that site, there’s no reason for that company to have your information,” Fahs explained.

In many cases, deleting your profile doesn’t necessarily mean the company has erased the data they store about you. However, some states have privacy laws that require companies to honor deletion requests and purge your information from their servers. Consumer Reports offers a tool called Permission Slip that allows you to send multiple data deletion requests in one place.