Experts Fear Incoming Wave of Identity Fraud After Massive Data Hack Potentially Exposed Every American’s Social Security Number

By: Alex Trent | Published: Aug 15, 2024

In what some are describing as one of the worst data hacks in history, a notorious hacking group has reportedly stolen and released records of potentially 2.9 billion people, which may include social security numbers and sensitive data from every American.

In the wake of news that the data breach was being leaked online, public advocates fear an unprecedented wave of identity fraud and theft is on the horizon.

Data Breach

A hacking group was revealed in a new class action lawsuit to have allegedly stolen the personal records of 2.9 billion people from a records database known as National Public Data back in April.

Advertisement
A hacker in a black hood sitting at a desk with a computer. He is also holding a smartphone and both screens have lots of writing in green and red.

Sora Shimazaki/Pexels

The records include sensitive data from citizens in the US, Canada, and the UK.

Advertisement

Selling the Data

At first, the hackers tried to sell the data on the dark web, requesting millions of dollars.

Advertisement
Someone holds up multiple $100 bills in one hand.

Source: JP Valery/Unsplash

“2.9 billion records of USA, Canada, and UK citizens allegedly for sale for $3.5 million,” said an X post from HackManac, a cybersecurity company which included a screenshot of the listing. “The threat actor USDoD claims to be selling a 4 TB database containing 2.9 billion rows apparently exfiltrated from National Public Data, a public records data provider specializing in background checks and fraud prevention.”

What’s in the Data?

According to news outlets who have examined portions of the data, it appears to contain real people’s information.

Advertisement
Website code being seen through an artisitic lense.

Source: Markus Spiske/Unsplash

“Each record consists of the following information – a person’s name, mailing addresses, and Social Security number, with some records including additional information, like other names associated with the person. None of this data is encrypted,” said the website Bleeping Computer. 

Free Release

Although initially shopping for a buyer for their data treasure trove, the hacking group reportedly decided to release the information completely free on an online marketplace for stolen personal data.

Advertisement
Close-up of a person's hands typing on a laptop keyboard. The individual's fingers are captured in motion, suggesting active typing

Source: Kaitlyn Baker/Unsplash

A screenshot posted by Bleeping Computer of a group member known as Fenice advertised that the “full NPD database” is now available to be downloaded.

Accuracy of Information

According to reports, some have reached out to news outlets to say their information has been associated with other people they don’t know, so the data in the leak may not be entirely accurate.

A magnifying glass against a blue background.

Source: Markus Winkler/Unsplash

It’s also possible that some of the information may be outdated, with Bleeping Computer suggesting this might indicate the data was taken from an old backup file.

Advertisement

Breach Lawsuit

The data breach that allegedly happened back in April generated multiple class action lawsuits against Jerico Pictures, also known as National Public Data.

A wooden judge’s gavel.

Source: Tingey Injury Law Firm/Unsplash

A lawsuit filed in Florida District Court alleges that NPD failed to properly secure the data and that “Plaintiff and Class Members at no point knowingly provided their [personal information] to Defendant and Defendant instead scraped their [personal information] from non-public sources.”

Advertisement

Wake Up Call

Tesersa Murray, consumer watchdog director for the U.S. Public Information Research Group, feels like this massive hack should be a wake-up call for people to take better precautions.

A woman with black nails, wearing a ring talks on an iphone cell phone.

Source: Taylor Grote/Unsplash

“If this in fact is pretty much the whole dossier on all of us, it certainly is much more concerning” than prior breaches, Murray said in an interview. “And if people weren’t taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them.”

Advertisement

A Wave of Identity Theft

Public policy experts are now warning of a wave of identity crime that may start sweeping the country given the leak of important information that includes social security numbers, email addresses, and phone numbers.

Question marks painted on trees.

Source: Evan Dennis/Unsplash

“For somebody who’s really suave at it,” Murray said, “the possibilities are really endless.”

Advertisement

Unsuspecting Victims

Murray also warned about a possible incoming wave of attempts to gain more information and defraud unsuspecting people by leveraging information obtained in the leak.

A person hiding in the dark with their shadow on the wall.

Source: Ammar Sabaa/Unsplash

“These bad guys, this is what they do for a living,” Murray said. “Ten thousand dollars in one day for having one hit with one victim, that’s a pretty good return on investment. That’s what motivates them.”

Advertisement

Demanding Accountability

In the wake of the hacking news, some are demanding accountability not just from NPD, but politicians as well.

The official portrait for US Senator from Florida Rick Scott.

Source: Public Domain/Wikimedia

“It is disturbing and unacceptable that Americans are just now learning of this massive hack, which allowed criminal hackers to gain access to and now offer for sale approximately 2.9 billion records,” said Florida Senator Rick Scott in a statement. “While we learn more about this breach, the Biden-Harris administration must detail what is being done to hold the contractor that was holding this data, National Public Data, accountable for its failure to protect against this hack.”

Advertisement

Informing Users

It is unclear if NPD took adequate steps to properly inform those affected of the months-old data breach in the wake of the hack.

A macro shot of an iPhone screen displaying a red notification bubble indicating 6,753 unread emails on the Mail app

Source: 84 Video/Unsplash

According to the Florida lawsuit, the “Defendant has still not provided any notice or warning to Plaintiff and Class Members. In fact, upon information and belief, the vast majority of Class Members were unaware that their sensitive [personal information] had been compromised.”

Advertisement