We’re still getting more information on this, but at the time of writing this, every American can assume that their social security number has been stolen. Let’s share what we know so far.
Cybersecurity has been an uphill battle for businesses and individuals for a long time. We’ve been preaching the importance of being mindful of your data and your organization’s cybersecurity—cyberthreats can cause a whole litany of problems that can result in downtime, extremely high ransomware demands, data theft, lawsuits, and public humiliation.
As of August 15th, it’s reported that 2.7 billion records were stolen from National Public Data.
We know this because the hacking group that claimed to steal the data, USDoD, reportedly tried to sell the data for $3.5 million, but has now posted most of it for free on the darkweb. The hacking group claims that the 2.7 billion records contain the personal data from every citizen from the US, Canada, and United Kingdom. We did the math - the combined populations only amount to about 440 million people, but without diving into the data, it’s hard to tell how accurate it is. It could contain lots of duplicates, or a single person might have multiple records.
Several news sites and cybersecurity experts have taken a look at the data and have suggested that it’s real information.
According to what we know at the moment, each record contains a name, mailing address, social security number, and some other details associated with the person. It’s unclear of Canadian Social Insurance Numbers or U.K. National Insurance Numbers were stolen at this time.
Previously leaked samples of this data included phone numbers and email addresses, but that information is currently not in the data that has been published on the darkweb. It’s very likely that the cybercriminals also have this information too.
So, we’re looking at a huge mess.
First and foremost, don’t panic. This is a big deal, but if the data is as comprehensive as the hackers say it is, we’re basically all in this boat together. I guess we can chalk that up to good news?
Some other good news is that the data might be a little bit older and not always contain the current address or correct information. It’s really early to make hard assumptions since the amount of data is so massive and the news is so fresh. Just know that there is a pretty good chance that this data breach has likely leaked some of your personal information.
The most effective step you can take is to freeze your credit files at Experian, Equifax, and Transunion. That way, nobody can sign up for a credit card or open up a financial account in your name.
With 2.7 billion records taken, the odds of a cybercriminal using your information to cause trouble is pretty slim, so keep that in mind. It’s good to take precautions, either way.
The most important problem we all need to be aware of is just how much easier this will make things for cybercriminals and scammers. With names, addresses, phone numbers, and other information of virtually everyone from the U.S., U.K., and Canada, it’s going to open up the floodgates for scammers, phishing attacks, and more.
The next several months are going to be interesting, and likely not in a good way.
Now is absolutely the time to strengthen your organization’s cybersecurity. Get a cybersecurity audit, talk to us about making sure everything is locked down, and commit to training your staff on how to spot and mitigate scams and other threats. It’s going to be a wild world out there.
Don’t hesitate to give us a call at (770) 448-5400 to get the ball rolling.
Comments