If your personal information hasn’t been compromised already thanks to previous data breaches of AT&T, Experian, and others, then you can safely assume that it has been now. National Public Data (NPD), a background investigations company, recently announced that their data systems were hacked and that BILLIONS of personal records belonging to you and me were accessed illegally and released on the dark web by foreign hackers. Many people, myself included, are now scrambling to understand the implications of our personal information being released on the dark web and what we need to do about it. If you’re feeling a bit overwhelmed by all of this, you’re not alone. Here’s a breakdown of what happened, what it means, and the actionable steps you can take to safeguard your personal information and financial records.
What Happened?
This recent data breach, which has been described as one of the largest of its kind, involved unauthorized access to sensitive personal information belonging to hundreds of millions of people. Details from 2.7 billion records —including names, dates of birth, social security numbers, addresses, phone numbers, and other personal information belonging to residents of the United States, Canada, and the United Kingdom were all compromised and released on the dark web for anyone to misuse.
Why This Breach Matters
This is important because compromised personal information can be used to open fraudulent accounts or obtain loans and credit cards in your name. They can also be used to access and take over your existing accounts. Just think about all the companies who verify your identity by asking for your name, date of birth, or social security number and you can safely assume that hackers will now have access to all those accounts.
Was Your Information Compromised?
If you’re wondering if you were a victim of this data breach, here’s what you can do. Pentester, a cybersecurity firm, was able to review all the leaked data on the dark web and they created a webpage to allow people to search for their information online. The best way to find out if you’re a victim of this data breach is to check this link. You do have to enter your name, state of residence, and YEAR of birth (not the full date of birth) but this is only to let the site know what you’re looking for. No social security or credit card numbers are required and there is nothing you have to sign up for. Just type in your info and the site will tell you what information was leaked online. And keep in mind, this site only checks for data that was leaked as part of the NPD data breach. It does not check for other data breaches.
If your search comes back with “No Matches Found,” then congrats! Your information was not compromised. But if it was compromised, then Pentester will list the information that has been compromised. And in case you’re wondering, yes, Pentester did mask your personal information on this site to further protect you but know that it wasn’t masked on the dark web.
I did it for myself and found my name, social security number, and all my previous addresses and phone numbers going back to when I was a kid, were all leaked. Yikes!
Steps to Protect Yourself
While the breach itself cannot be undone, there are proactive steps you can take to minimize the impact and protect yourself.
- Set up a PIN (pin identification number) with your telephone company. This will prevent hackers from stealing your phone number and transferring it to another phone. Why is this important? Well, if you have two-factor authentication set up and the hackers gain access to your phone number, they can now authorize access to your other accounts that rely on two-factor authentication. And yes, this does happen so protect the one thing you use to protect your other accounts. Here’s more info on how hackers steal your phone number. If you want to take it one step further, place a “port out” lock and a SIM card switch lock on your telephone account. This will prevent anyone from porting your phone number to another carrier or switching your phone number to another phone.
- Set up two-factor authentication on all your accounts. This will add an additional layer of security in case anyone is able to access your accounts with just your name and social security number. This can be easily done with a phone number, email, or a third-party authenticator app such as Microsoft Authenticator.
- Change your passwords and make sure they are strong. Especially for accounts such as your telephone, Apple ID, and your primary email address, these need to be very strong passwords. If hackers gain access to these accounts, they can lock you out and then gain access to your other accounts.
- Set up a recovery email address just in case your primary email or other accounts get compromised.
- Lock your credit reports. This is the best thing to do to prevent fraud because if thieves can’t access your credit reports, then they can’t apply for new credit cards or loans in your name. Experian, TransUnion and Equifax all have their own FREE service to allow you to lock and unlock your credit reports. You do not need to subscribe for any of their premium services, which cost money. I always keep all my credit files locked until I need to apply for a new loan or credit card. I then unlock them, allow the creditor to access my credit files and then re-lock them again until my next application.
- If someone has already committed fraud with your personal information, file a police report and place a fraud alert on your credit reports. It is important that you file a police report and not just a dispute with the credit card companies.
- Monitor your financial records regularly and review your bank and credit card statements for any unauthorized transactions. Early detection is key to addressing potential issues before they escalate and if you are responsible for elderly parents and/or kids, monitor their financial records as well. This is where a paid service may come in handy if you don’t want to manually monitor your records.
- Be wary of scams and phishing attempts. Please be cautious of unsolicited emails, calls, or text messages asking for personal information. If you don’t know who they are, don’t give them any personal information. Google the correct phone and verify the legitimacy of anyone calling before providing them with your personal information.
Overall Thoughts
There’s no easy way of saying this. We have to assume that someone out there already has our personal information and they are actively trying to gain access to our existing accounts. And it’s up to us to protect ourselves from fraud and from my personal experience, it’s much easier to prevent fraud in the first place than try to dispute the fraudulent accounts after they have been opened.
I know I just threw a lot of information at you but I hope this information helps. Please let me know if you have any other questions or concerns. Thanks for reading!
