© 2024 WUKY
background_fid.jpg
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

Social Security numbers of 272 million people found in breach of consumer data broker records

AP Photo/Jenny Kane, File

Over 2.7 billion records of personal identifying information – including names, addresses, and Social Security numbers – are vulnerable following the breach of a company facilitating background checks. However, much of that information was already available, inaccurate, or outdated.

National Public Data is a consumer data broker – a company which scrapes public records to provide data for background checks. The company acknowledges that a third party accessed the data in December 2023; in July, a cybercriminal leaked the stolen records, which exposed personal information relating to over 272 million people.

However, not all of that data is useful to criminals, said security software developer and host of The Daily Decrypt Colin McA.

"The majority of the records were outdated information or information that belonged to people who are now almost certainly deceased," said Colin.

Over 15 million of the leaked SSNs are assigned to people born before 1930.

"The nature of this type of data service is to grab any data that exists online," explained Colin. "It's likely that your social security number was impacted by this."

Those who weren’t affected include most people born after 2002 – as well as people who use services which remove their personally identifiable information from databases.

"It seems that anyone who has used a data removal service - such as DeleteMe or Incogni - their data was not affected."

One danger of having your SSN exposed is the possibility of bad actors opening lines of credit in your name – a risk you can mitigate by freezing your credit. But Colin says the data from these leaks will rarely be used to open loans or credit cards.

"The major risk of this type of leak - which is also included in the AT&T Breach and most breaches - is that attackers just have more information on you," said Colin. "They're going to use that to start personalizing attacks against you."

Colin says social engineers may use exposed information to add legitimacy to scam calls. Someone pretending to be from your bank, your medical provider, or the government may try to convince you they are who they say they are because they know who you are.

"One that's actually personally happened to me was my entire family received calls that I had been kidnapped and held for ransom, and that they needed to pay immediately," said Colin. "Like, 'I know you live at this address, I know this is your Social Security number, I know this is this, trust me when I say I have your brother.'"

Many scams can be identified by the sense of urgency they provoke. If an unknown person contacts you with a time-sensitive demand for money or personal information, hang up, stay calm, and initiate a follow-up call from your end. Contact the organization or person the call claims to be coming from and confirm whether they are actually trying to reach you.

You can familiarize yourself with other common scam patterns here.