Millions of people may have had their personal information, including their Social Security numbers, compromised as part of a huge data breach carried out by a hacking group.
Bloomberg Law reported this week that a class-action lawsuit was filed over the incident, which the USDoD hacking group claimed to have carried out. As part of the attack on National Public Data, the group stole the personal records of 2.9 million people.
The lawsuit states that the alleged breach is thought to have happened sometimes around April.
Schubert, Jonckheer & Kolbe is the law firm that has filed the class-action suit. In a news release, the firm said the file that was stolen includes 277.1 gigabytes of total data, which dates back more than 30 years.
Included in that data, according to the firm, were people’s address histories, Social Security numbers, names and the names of relatives. The database includes information on people from Canada, the U.K. and the U.S.
A cybersecurity expert posted on the social media platform X recently that the USDoD group has claimed that it’s selling those records for $3.5 million on the dark web.
Bleeping Computer, a technology and cybersecurity news website, has reported that since the database was posted for sale back in April, other entities have also released different copies of that same data.
The most complete version of it, according to Bleeping Computer, was released this month on a forum for free by a hacker who’s known as “Fenice.”
Based in Florida and operated by parent company Jerico Pictures Inc., National Public Data conducts background checks. While the company hasn’t confirmed any data breach publicly, the Los Angeles Times has reported that officials in the company have been telling some people who have contacted them via email that “we are aware of certain third-party claims about consumer data and are investigating these issues.”
People who believe their information could have been part of that breach have been advised to take a few steps to protect themselves.
First, they should update their antivirus software on their computers, and perform a security scan on all of their devices. If you find any malware, the antivirus program you use should be able to remove it, in most cases.
You’re also advised to change all passwords you have for online accounts, including email accounts, bank accounts and more. It’s also suggested to make these passwords strong — with combinations of letters, numbers, symbols, lowercase and uppercase letters — and make then different for each account if possible.
Many sites allow users to have multi-factor authentication turned on, which requires users to receive a code via text message before logging in. This should be activated.
Check a copy of your credit report, and then report if you see that someone may have made an unauthorized use of any of your credit cards or other lines of credit.
You can also ask the credit bureaus to put a freeze on your credit if you notice that suspicious activity has taken place.