“No big deal!” Maybe this thought ran through your head after reading recent headlines about the National Public Data (NPD) being breached.
When big breaches like this are a regular headline, it’s easy to shrug it off. So I wouldn’t blame anyone for feeling that way.
As for myself, I’m really not worried about it. I say it for a few reasons but one of the biggest is that I have various protections in place that give me that peace of mind.
Today, we’ll talk about what this means and share some tips on how to say, “No big deal!” to big breaches with a bit more confidence than just complacency.
What Happened with NPD?
NPD is a database used for background checks. They have access to data that may include:
- Social Security Numbers (SSNs)
- names
- email addresses
- phone numbers
- and mailing addresses
The details of a breach came out after a proposed class action lawsuit claimed that 2.9 billion personal records may have been exposed (other reports suggest 2.7 billion records, according to CNBC)
The official breach notice said 1.3 million records were possibly exposed.
NPD believes a bad actor hacked them in December 2023 with potential leaks of information in April 2024 and over the summer.
According to the CNBC article, representatives from NPD claim that much of the data was already public or was inaccurate data to begin with.
(All of the above was gathered from CNBC’s article “‘Was my Social Security number stolen?’ Answers to common questions on the National Public Data breach” which is worth a read here: https://www.cnbc.com/2024/08/23/was-my-social-security-number-stolen-national-public-data-breach-questions.html)
What “IF”?
What can happen IF your data gets compromised from this or any one of the other breaches we find in the news each week or month?
The stories vary by victim, but ID Theft and Fraud is a pretty serious problem today.
When major breaches like this put data out there, it can be used by other bad actors to target us or access our accounts, credit, or even medical records. Sometimes it’s used to impersonate you, or it could be used to build a false sense of trust with someone malicious.
Attacks with this kind of data can usually involve theft, extortion, manipulation, or someone impersonating you to attack your friends and family if not also completely random victims.
It really depends on who’s behind the attack and what they have to work with, but the impacts tend to do much more than financial harm. It’s particularly scary when it comes to emotional damage and stress related to recovering.
What’s worse is that the elderly and minors tend to be targets, often sought out because they are easier to trick or because more can be done before a problem is discovered.
Two quick side comments on this:
- If you want to know more about the impacts of ID Theft, follow me because on Thursday, October 31st at 9 MT we’re doing a Halloween and Cybersecurity Awareness Month Special on the “Horrors of ID Theft!” where we’ll dig into some of the crazy cases out there and share more tips on protecting yourself. I’m doing a ton all October but this will be a great one for all to attend!
- And, if you like R-rated action movies, ‘Beekeeper’ with Jason Statham has some ties into the storyline with ID theft. A personal cyber-attack that happens very early on in the movie (before any R-rated stuff if you want to check it out but don’t want to see some hackers get their butts kicked). Some of the threat actor side of it is a bit theatrical but the attack and victim’s perspective is a great example of one way these attacks can play out.
So Why Am I Not Worried?
Of course, things can still happen to me, but I’m focusing on what I can control and there are layers of security I have in place to help me that I’d recommend considering for yourself.
First, we need to acknowledge what we can’t control and let that go so we can focus on what we do control.
I can’t control what companies like NPD do to protect my data. In many cases, people in that database could have no clue NPD even had their data. There are more and more laws around data privacy and disclosures as well as requirements for how to protect this type of data, but it’s going to take time and no one can be 100% secure – so that data is still at risk.
The spokesperson from NPD is probably right, much of this data may already be out there (that doesn’t let them off the hook though!). I can’t tell you how many times I get a letter in the mail that a data breach occurred and I may have had my data exposed.
We’re a bit helpless as consumers and it’s easy to throw our hands up – so that’s why I don’t really worry about these things I have no control over.
That being said, what can we control?
What I can do is monitor for suspicious activity and make it harder for anyone who gets my data to use it. I do this through defend-id and have their ID Theft Protection services. The services alert me when my data is out there, being used, and give me help to recover as quickly as possible to minimize damage.
I also have my and my family’s credit frozen, making it harder to access any of my credit.
To protect my banks, I’m picky with who I bank with but also have made sure to set up MFA and other restrictions on my accounts. Each one has a very random and long password that is unique.
Same with any social accounts or anything else that’s tied to the most sensitive types of data or ways of communicating with me. I keep them locked up as best as possible with MFA and strong passwords.
(While MFA makes it a little harder for me to log in, it makes it MUCH harder for threat actors and, while there are still ways around it, it will slow most of them down)
I’m not impervious to having a breach like this come back to haunt me, but I feel better knowing I’m harder to attack and that someone’s not only got my back but is also watching it.
I still need to be careful with day-to-day activity and watch out for scams or other personal cyber attacks, just like you. That’s where it pays to stay on top of security awareness, and threats and keep an eye out for news articles like the NPD breach. And, it’s one of the reasons it’s important to me to share tips with others and promote awareness.
Want some tips on what to do to protect yourself?
First, be careful with FUD (Fear, Uncertainty, and Doubt) around all of these kinds of breach stories.
Make no mistake, breaches like this get a lot of attention in news articles as well as marketing where your fears are used to get attention for solutions. It’s this kind of behavior around breaches like this that desensitizes us and wears us down.
We have to practice being smart consumers and users of technology by filtering through the noise and looking for what we can control and taking the right action.
Also, keep in mind that scammers use the FUD and confusion to trick more victims. Don’t get caught entering your SSN into someone’s website to search if it’s compromised because you may very well compromise it yourself in the process.
The safest way to find out if your data is out there is to use a legit service that can search for you.
With all that in mind, here are some things I highly recommend doing right now:
Freeze your credit until you need it
- Many of the same monitoring services will help with this but you can still do this yourself if you don’t have resources helping you. Essentially, you need to work with each credit bureau to do so. There’s a good resource here on the USA.gov page that includes other consumer resources: https://www.usa.gov/credit-freeze
- If you need help with this or want our guide on protecting your minors and their identity, let me know by messaging me here or emailing me at info@rlsconsulting.co. I’ll send out our guide directly to you if you want a copy.
Get a password manager
Yes, all of your keys go in one basket, but using randomly generated passwords is much safer. Just protect your Password Manager as much as possible with MFA and a VERY good password or passphrase that you do not share or use elsewhere.
- Most Password Managers will typically tell you if any of your passwords are compromised
- Need help finding one, let me know!
Monitor for activity
Check for data you have that’s out there or if you have any suspicious activity around it:
- It’s worth repeating: be careful giving out your SSN to do searches for it! You very likely would expose it by entering it into various search sites.
- There are many sites and services out there that will let you search for any credentials or sensitive info tied to email addresses. If you don’t have a service you trust, defend-id has a new tool where we can run a search for you. It’ll be available to run by yourself online soon but just let me know if you want me to run a search on your behalf in the meantime.
NOTE: There are easy ways to find if your email is affiliated with any other data out there, but it can still be inconclusive. Just because there are no results, it doesn’t mean it’s not still out there, results that are found could be limited, and again doesn’t mean it’s found ‘everything’.
Get ID Theft Protection or Personal Cyber
The best recommendation for getting back some peace of mind and having help to turn to if your data is used would be to get monitoring and recovery services in place through ID Theft Protection, also often called Personal Cyber:
- Get 20% off of defend-id with code “RLS20” here: https://defend-id-personal.merchantsinfo.com/Default.aspx
- When it’s offered as an employee benefit, it’s super cheap, and the price of a cup of coffee per month per employee is about the same, so if you want to do something cool for your staff this year, let me know!
If your Insurance Agency does not offer ID Theft or Personal Cyber as a solution and you’d like to sell it, I can help you there too. You can learn more in one of my recent articles: Should I Offer Personal Cyber?