Crazy International Personal Data Theft -- What To Do?

[betarhoalphadelta]

So there's reportedly a massive international data theft of personal information. Names, SSN, addresses, etc.

https://abc7.com/post/hackers-may-h...bers-every-american-heres-what-know/15190266/

This seems REALLY serious. My question since we're all trying to probably figure out and navigate this, is what is the appropriate thing for all of us, as individuals, to do to protect ourselves?

Are you doing anything immediately about this? What are the best practices for individuals?

 

[fluketamer]

the first time i had a major hack was when i tried to submit my tax returns and the repsonce i got was : you have already submitted your taxes and a return of 6000$ was credited to your account. wtf

now when i file and forever forward i have to get a two factor id check . apparently there was nothing i could do to prevent this.

the only thing proactive thing i see which may help, which i do, is get the extra security from chase bank which costs a few dollars more a month but seems to have stopped the id thieves.

unfortunately now it sounds like its too late to do anything retroactive in this situation.

good luck

 

[day_trippr]

Have a last name with a first letter near the end of the alphabet. It'll be centuries before the bad guys get to you

 

[BrewnWKopperKat]

My question since we're all trying to probably figure out and navigate this, is what is the appropriate thing for all of us, as individuals, to do to protect ourselves?

• Krebs on Security: NationalPublicData.com Hack (link)
  • feel free to skip to the "What should you do?" section
• Troy Hunt: Inside the "3 Billion People" National Public Data Breach (link)

My thoughts:

• security freeze on all credit reports
• signup and secure electronic tax return filing
  • even if you don't e-file
• multi-factor authentication on all financial (bank, investment, bill pay) accounts
• text/email alerts for financial transactions
• unique passwords for all accounts
  • Troy Hunt: Have I Been Pwned?
• use "bogus" answers for password reset challenges (and write the answer down)
  • Q: Mothers maiden name?
  • A: Exploding Ford Pinto (remove spaces if necessary)
• Various businesses (like "LifeLock") will have a lists with additional ideas.
  • Find three or four lists,
  • combine them, and
  • go to work.

Some additional background reading:

Updated A lawsuit has accused a Florida data broker of carelessly failing to secure billions of records of people's private information, which was subsequently stolen from the biz and sold on an online criminal marketplace.

California resident Christopher Hofmann filed the potential class-action complaint against Jerico Pictures, doing business as National Public Data, a Coral Springs-based firm that provides APIs so that companies can perform things like background checks on people and look up folks' criminal records. As such National Public Data holds a lot of highly personal information, which ended up being stolen in a cyberattack.

According to the suit [PDF], filed in a southern Florida federal district court, Hofmann is one of the individuals whose sensitive information was pilfered by crooks and then put up for sale for $3.5 million on an underworld forum in April.

If the thieves are to be believed, the database included 2.9 billion records on all US, Canadian, and British citizens, and included their full names, addresses, and address history going back at least three decades, social security numbers, and the names of their parents, siblings, and relatives, some of whom have been dead for nearly 20 years.

Class action lawsuit filed on Aug 1 states

As the Krebs article mentioned, much of the data is already "out there"

As the Hunt article mentioned, records and people are two different things.

 

[Agent]

I'm just giving this one a bump because even knowing how much information is out there, I still hadn't gone through and froze my credit until recently.

It only took a hack on SWMBO's employer which included the full personnel and payroll files. That finally got me off my butt.

 

[bailey mountain brewer]

I've had my credit frozen for a few years now with all the credit bureaus because I've had my identity stolen a couple times, it's a miserable thing to deal with and very frustrating. Apparently I once filed for unemployment in Puerto Rico... there are apps (credit karma) that can help monitor some stuff. But ultimately I set up with fico, experian, and equifax. I get monthly emails to verify no changes and if I need to open my credit I can easily do so. If someone tries to use it I get notifications right away and it gets shut down. I have no doubt that my info is out there but hopefully doing what I can to prevent it from being used. There's things like lifelock out there as well at a cost so depends how far you want to go with it.

 

[Snuffy]

This is the most comprehensive description of what happened and what you should do I have found.

https://www.kiplinger.com/personal-finance/billions-hacked-in-national-public-data-breach

Go to npd.pentester.com and put in your name, state and birth year to see if your data is involved.
If so, (and mine was) go create accounts at the big 3 credit bureaus and freeze your credit reporting.
Change passwords.
Enable MFA

That's about all you can do.

 

[day_trippr]

I did all of that when the first site that could verify my name was "out there" came on line.
But given there are banks involved I'm now hoping it doesn't turn into a different kind of pita down the road...

 

[mac_1103]

That pentester thing sounds like a good way to expose your data.

 

[FloppyKnockers]

Relax Don't Worry, Have All the Home Brews.












Rinse and repeat as necessary.

 

[Snuffy]

That pentester thing sounds like a good way to expose your data.

Name, State, Year of birth. Not DOB. Just the year. That's not much exposure.

Besides, odds are we're all in there so the exposure is done.