260
submitted 2 months ago by bilbobaggins@lemmy.world to c/privacy@lemmy.ml

You may have heard about a lawsuit filed regarding a data breach concerning social security numbers. I encourage you to read at least the first few pages of the linked class action complaint to see how massive a violation of privacy this is.

The data breach concerns National Public Data, a company which offers background checks. They collect personally identifiable information (PII) as a part of their business. The defendant claims that NPD scraped PII from non-public sources (¶11). NPD then stored the data in an insecure manner and did not adequately protect this personal information (¶25). Consequently, a hacking group by the name of "USDoD" stole records of 2.9 billion individuals from NPD. According to the document, the data was independently reviewed by VX-underground, the cybersecurity company. They confirmed the breach included full names, address and address history, and social security numbers. They were also able to identify familial connections, both living and deceased (¶ 22-24).

Based on this class action complaint, NPD's conduct was grossly negligent, leading to potential identity theft for almost anyone in the United States. It was also a massive privacy violation by scraping data from non-public sources. Even after they took millions of Americans personal information, they failed to secure the data from hackers.

Criminals can ruin your life if they target you with this information. They can open lines of credit without you knowing. You might only find out until creditors call you, demanding that you pay them back (¶60).

So, yeah. I am very concerned. I'll have to figure out how to defend against this identity theft. Overall, I'm new to the privacy community, but I'm feeling like "privacy" in the United States is an absolute mess. If your data wasn't somewhere on the dark web, it might be now. Protect your data. Stay safe.

you are viewing a single comment's thread
view the rest of the comments
[-] mazelado@lemmy.world 72 points 2 months ago
[-] MajorHavoc@programming.dev 63 points 2 months ago* (last edited 2 months ago)

Yes! And don't pay these assholes a dime for the privilege.

They're legally required to provide freezes for free, but two of them were trying to sell it as a service through misleading page links, last time I checked.

[-] Stowaway@midwest.social 24 points 2 months ago
[-] Passerby6497@lemmy.world 4 points 2 months ago

Experian does it with every. single. login. Really fucking annoying when you have to login multiple times for thawing and whatnot when necessary.

[-] IllNess@infosec.pub 21 points 2 months ago

Everyone in the US should freeze their credit. Yes, it sucks that you have to unfreeze it to apply for new credit but it doesn't actually suck that bad. Everything is done through the websites.

Also what ever email you use, enable 2 factor authentication. I think using OTA is better because people have had their numbers sim swapped.

[-] Kalysta@lemm.ee 20 points 2 months ago

Don’t forget these companies didn’t exist before the late 80’s and credit worked just fine without them.

[-] zbyte64@awful.systems 6 points 2 months ago

Yeah, but we replaced welfare with credit cards so...

[-] refalo@programming.dev 5 points 2 months ago

I tried to create an account with TransUnion but it said the identity check failed and won't create an account, I have no idea what to do now.

[-] Ransack3@lemmy.world 2 points 2 months ago

Yep, same issue, haven’t figured out a fix yet.

[-] ampersandcastles@lemmy.ml 4 points 2 months ago

No. I never opted into this system. They can opt me out.

[-] refalo@programming.dev 8 points 2 months ago

Unfortunately the US doesn't work that way. Unless you want to continue living under a rock, you have to deal with your credit.

[-] inspxtr@lemmy.world 3 points 2 months ago

I’ve never had an account with these. Do I need to create an account with them to freeze my credits? And what kinds of information should I give / not give when I do?

[-] TheGalacticVoid@lemm.ee 2 points 2 months ago

If they have your records, then you can request a freeze in a variety of ways. Online is just the easiest way to manage all that.

[-] HootinNHollerin@lemmy.world 2 points 2 months ago

I tried w equifax recently and kept saying not available at this time

this post was submitted on 15 Aug 2024
260 points (98.9% liked)

Privacy

31601 readers
313 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS