A few weeks ago, I received a disturbing message from my bank. My social security number was compromised in a reported data breach. I held onto the word “alleged” as I tried to figure out if it was real. Now I know: It’s real.
About 272 million social security numbers are floating around hacker forums stole them From a Florida based background check company National Public Datawhich is owned by a Actor and retired sheriff’s deputy named Salvatore “Sal” Verini. This data breach isn’t as catastrophic as some headlines might make it seem. A news station runs hyperbolic The title claims that“Hackers Could Steal Every American’s Social Security Number.” They don’t.
Even so, now is a good time to freeze your credit files with the major bureaus (Equifax, Experian and TransUnion) if you haven’t already. This will protect you from scammers who follow such major breaches. If more people freeze their files, there will be fewer victims of cybercrime. There may be a good thing to come from this massive Social Security number breach.
Consolidating your credit means easy Prevent potential creditors from accessing your credit reportThat makes it harder for bad actors to use your personal information to open a new account, such as a new credit card or loan This prevents credit bureaus from selling the data on your credit report. Which they do unfortunately. If you want to be granted access to your credit report, you can simply ask the credit bureau to thaw your files. None of this will hurt your credit score.
Even if you don’t think you’ve been affected by a National Public Data Breach, your data is almost certainly involved in a breach of some sort. This is why you should freeze your credit files: It’s a free and easy way to protect yourself from identity theft and keep hackers and scammers out of your bank account. And while this latest breach isn’t an urgent concern, such major security fears attract scammers who prey on the anxious. It’s election season, already Full of fraudulent spam. So why not take an extra step or two to lock down your account?
I did this a few days ago, and it took no more than 10 minutes. But to understand why you should freeze your credit files – and why you should too Your children’s credit files are frozenEven if they’re under 18 — it helps to understand what a big data breach means to you now and when an even bigger one happens in the inevitable future.
Big but not too scary social security number hack
In April, a cybercriminal known as the USDoD Tried to sell Four terabytes of data on a hacker forum. The data comes from National Public Data, a national public database, and contains 2.9 billion rows of records, including Social Security numbers, addresses and phone numbers. A partial copy of the information was leaked before another hacker the following month A nearly complete version was posted on August 6 Anyone can download it for free. A few days later, National Public Data confirmed that it had suffered a data breach. That’s when security experts began to worry.
The hacker forum play-by-play is important here because it explains how freewheeling data thieves can be. Once your data is compromised in a breach, you can expect it to end up in the wrong hands.
How data breaches make scams worse
It’s a presidential election year, and the new batch of free stolen data provided by the National Public Data Breach will supercharge the usual types of scams you see during an election. The National Association of Secretaries of State has a subsidiary Guidelines for the three most common types of election season scams: Political donation scams, fake polls, and voter registration scams. You should be very careful about any message you receive asking you to donate to a campaign or submit your personal information.
“If someone is interested in contributing to a campaign … they should find the campaign’s official website and donate through that instead of clicking the link in their SMS inbox,” said Bill Buddington, senior staff technologist at the Electronic Frontier Foundation, who clarified that he is selective. Did not advise.
honestly Do not click on links in unsolicited text messages. There is no way that click would be a good thing.
One of the first security experts for data analysis There was Troy HuntIts founder HaveIBeenPwned.comA website that lets you see if you’ve been involved in a data breach. The sheer scale of the breach meant it was “very serious,” Hunt said in an interview. This information was reported by researchers from Atlas Data Privacy Corporation There are 272 million unique Social Security numbersWhich is not the 2.9 billion you see Some titles. Many records appear to belong to deceased persons. Atlas is a website set up where you can Check to see if you are affected By breaching national public data.
Hunt actually found its own data in the breach, though much of the information was outdated or inaccurate.
“I’m not going to lose sleep over it because I don’t think it’s particularly different from what’s been going on for years,” Hunt told me.
TJ Sayers, director of intelligence and event response at the Internet Security Center, had a similar response when I asked him how concerned we should be about this attack.
“I don’t necessarily think it’s groundbreaking and game-changing,” Sayers said. “Much of the information contained here likely already exists in some form or fashion from other breaches that have occurred in the past.”
In fact, data breaches are extremely common. A familiar cycle of breaches is occurring, companies are admitting it, Lawyers are filing a class action lawsuitand individual consumers Getting a $5 check in the mail. It’s usually – no arrests, no jail time, no consequences for the hackers who stole the data or the companies who failed to protect it. There is little regulation Oversight of the data broker industryWhere companies large and small mine information from consumers and sell it to other companies, often Without properly protecting that information — hence the frequency of violations. However, data brokers don’t necessarily care Consumer goods In this industry, the customer is not.
The amount of stolen consumer information available online is also increasing. In his coverage of this latest breach, Krebs, the security journalist, Compares data brokers to oil tankers; A breach is an oil spill with negative long-term effects. Krebs says, “[T]The cost and effort he cleans up from data spills — even large collections of technically ‘public’ documents such as [National Public Data] Corpus – can be huge, and most of the costs associated with it are directly or indirectly passed on to consumers.”
So while this breach may not be an immediate threat, the sum total of all data breaches is catastrophic. And there isn’t much to protect consumers like you and me.
How to Freeze Your Credit File
This brings us back to our accumulated credit files. Even in the absence of a major data breach, freezing your credit is a free and easy way to protect yourself from identity theft. It’s surprisingly easy to do and just as easy to undo, if you want to open a new account or apply for a loan.
The three major credit bureaus are Equifax, Experian and TransUnion. You may remember Equifax from its own massive data breachThat compromised personal records of 148 million Americans in 2017. The hack, which was carried out by the Chinese military, According to the FBIHarsh data breaches lead to calls for laws — laws that have yet to be passed But thanks A 2018 Act Since the Great Recession has loosened some banking regulations, credit bureaus can no longer charge fees to freeze and unfreeze your credit files. You can too Request a free credit report From each bureau now once a week, not once a year. So things got better in a way.
You can put a freeze on each credit bureau website by setting up an account. (Here are direct links to pages to freeze your account Equifax, ExperianAnd Transunion.) Once your account is set up, it only takes a few clicks to freeze your files You can file a freeze by phone or mail. Read more about how it works here. You may also consider filing your files with secondary bureaus, of which there are many You can opt out of LexisNexis, one of the largest, here. Other secondary bureaus include ChexSystems, Innovis, MicroBilt, and NCTUE — you can read on See and about them How to freeze Those files too.
However, you won’t pay for anything while doing this. Credit bureaus should let you freeze your files for free, but they may try to sell you a paid service with the misleading name “credit lock.” Credit lock service, which costs Like $30 a monthAlso limit access to your credit report and promise to unlock it immediately. Credit freezes can take a business day or three to unfreeze, but they do come More legal protection.
If you have children, you can also freeze their credit files — even if they don’t have one yet. While freezing a child’s credit isn’t as quick as two clicks on a website, It’s fairly straightforward And can save your family a lot of grief.
“Childhood identity theft is outpacing adult identity theft,” said Sayers, from the Center for Internet Security. “Many parents and kids don’t realize their identity has been stolen until they turn 18 and need to get a college loan or get their first credit card.”
It’s all scary stuff, though the latest batch of stolen Social Security numbers in the news won’t scare you into inaction. Freezing your credit files will not only provide peace of mind, but also real protection. Now is also a good time Start using a password manager And multi-factor authentication if you don’t already. After all, your usernames and passwords are more than likely floating around hacker forums, just waiting for an identity thief to target you next.
A version of this story also appeared in the Vox Technology Newsletter.Sign up hereSo you don’t miss the next one!
