Personal Finance

2.9 billion people may have had Social Security numbers, other financial data compromised. What it means for you


Sakorn Sukkasemsakorn | Istock | Getty Images

About 2.9 billion people may have had their personal information hacked, a new proposed class action lawsuit alleges.

If true, reports suggest all Americans may have had valuable personal information compromised — including full names, current and past addresses, Social Security numbers and information on parents, siblings and other relatives.  

The alleged April 2024 breach occurred when a background check company doing business as National Public Data, owned by Jerico Pictures Inc., failed to properly safeguard information it scraped, the lawsuit states. The company provides instant search access to billions of records.

Neither National Public Data nor Jerico Pictures returned requests for comment by CNBC.

“If this turns out to be accurate … then it would just basically mean that everyone’s affected,” said Cliff Steinhauer, director of information security and engagement at The National Cybersecurity Alliance, a nonprofit focused on cybersecurity awareness and education.

Identity theft is where bad actors are focusing their attention, says CyberArk CEO

However, this breach may not be as far-reaching as reports suggest, said James E. Lee, chief operating officer at the Identity Theft Resource Center, a nonprofit working to minimize the risk of identity theft.

For example, if there were multiple records per individual compromised, that could reduce the total number of people affected. If other countries were affected too, that could reduce the number of Social Security numbers involved. In addition, much of the information leaked may have already been available elsewhere, he said.

‘You’re vulnerable forever’

Massive data breaches are not new.

A 2017 Equifax data breach was estimated to have affected half the U.S. population. In 2013, a Yahoo data breach may have hit all the company’s accounts, or a total of 3 billion people.

Still, experts say the news of this latest breach should put consumers on high alert.

“It’s not a matter of if, it’s a matter of when,” Steinhauer said. “I’d be surprised [if] there are many people who haven’t been affected by a data breach like this already, just because of the sheer number of breaches that have happened that contain similar data.”

More from Personal Finance:
Social Security cost-of-living adjustment may be 2.6% in 2025
Here’s the inflation breakdown for July 2024
A U.S. construction boom is sending rents lower

Consumers tend to find out their information may have been compromised through data breach notices from the companies affected.

“We’ve got enough data now to say if you get a data breach notice, there’s a high likelihood that you’re going to suffer an identify crime at some point within 12 months,” Lee said.

While it’s still not possible to directly correlate a breach to an identity theft, he said, the risks have no expiration date once your information has been exposed.

“You’re vulnerable forever,” Lee said.

Freezing your credit is the ‘No. 1 piece of advice’

As you freeze your credit, you should proceed with caution. Make sure you’re not clicking on a lookalike domain that purports to be one of the three major credit bureaus that could instead be operated by hackers, Steinhauer said.

Additionally, do not open your personal records on public Wi-Fi, he said.

Consumers can purchase additional protection through dark web monitoring services, which will let you know when your information is compromised. While that step can provide peace of mind, it’s not going to stop anything from happening, Lee said.

Consumers should also make sure they have strong and unique passwords that use multifactor authentication, where two or more steps are used before access to an account is granted. Consumers may want to consider using a password manager, which can help generate strong passwords and store those codes, Steinhauer said.

Don’t miss these insights from CNBC PRO



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.