You may have heard about a lawsuit filed regarding a data breach concerning social security numbers. I encourage you to read at least the first few pages of the linked class action complaint to see how massive a violation of privacy this is.

The data breach concerns National Public Data, a company which offers background checks. They collect personally identifiable information (PII) as a part of their business. The defendant claims that NPD scraped PII from non-public sources (¶11). NPD then stored the data in an insecure manner and did not adequately protect this personal information (¶25). Consequently, a hacking group by the name of “USDoD” stole records of 2.9 billion individuals from NPD. According to the document, the data was independently reviewed by VX-underground, the cybersecurity company. They confirmed the breach included full names, address and address history, and social security numbers. They were also able to identify familial connections, both living and deceased (¶ 22-24).

Based on this class action complaint, NPD’s conduct was grossly negligent, leading to potential identity theft for almost anyone in the United States. It was also a massive privacy violation by scraping data from non-public sources. Even after they took millions of Americans personal information, they failed to secure the data from hackers.

Criminals can ruin your life if they target you with this information. They can open lines of credit without you knowing. You might only find out until creditors call you, demanding that you pay them back (¶60).

So, yeah. I am very concerned. I’ll have to figure out how to defend against this identity theft. Overall, I’m new to the privacy community, but I’m feeling like “privacy” in the United States is an absolute mess. If your data wasn’t somewhere on the dark web, it might be now. Protect your data. Stay safe.

      • Possibly linux@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        3 months ago

        I know

        That’s why this seems megafishy. It would’ve had to be a international breach plus maybe some dead people

        • refalo@programming.dev
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          3 months ago

          It has tons of dead people, duplicates, invalid entries, foreign residents, etc., basically anyone or anything that ever needed a SSN.

      • smb@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        maybe there was a mixup of individual datapoints and individual persons.

        lets see if that could fit.

        as far as i read things in this thread, the whole security is based on exactly these datapoints: Full Name, Date of Birth and SSN (three datapoints) plus username and password for 3 sites (six datapoints) makes 3+6= 9 datapoints per person.

        2.9 billion (us) should be 2.900.000.000 (correct me if i’m wrong, but where i live one “billion” is actually “1.000.000.000.000” thus a “bit” more)

        divided by 9 those 2.9billion would be ~ 320 million.

        on wikipedia they say the us had 331 million people in 2020…

        that would fit like an ass on a bucket! lol just to mention that.

        have a nice day!

    • capital@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      3 months ago

      There is duplicate data and address history in the dump.

      # of records ≠ # of people.