Is the NPD Breach NBD? How Your SSN Is at Risk From This and Other Major Breaches

by Ryan Smith | Aug 29, 2024 | Breach, Identity Theft

“No big deal!” Maybe this thought ran through your head after reading recent headlines about the National Public Data (NPD) being breached.

When big breaches like this are a regular headline, it’s easy to shrug it off. So I wouldn’t blame anyone for feeling that way.

As for myself, I’m really not worried about it. I say it for a few reasons but one of the biggest is that I have various protections in place that give me that peace of mind.

Today, we’ll talk about what this means and share some tips on how to say, “No big deal!” to big breaches with a bit more confidence than just complacency.

What Happened with NPD?

NPD is a database used for background checks. They have access to data that may include:

• Social Security Numbers (SSNs)
• names
• email addresses
• phone numbers
• and mailing addresses

The details of a breach came out after a proposed class action lawsuit claimed that 2.9 billion personal records may have been exposed (other reports suggest 2.7 billion records, according to CNBC)

The official breach notice said 1.3 million records were possibly exposed.

NPD believes a bad actor hacked them in December 2023 with potential leaks of information in April 2024 and over the summer.

According to the CNBC article, representatives from NPD claim that much of the data was already public or was inaccurate data to begin with.

(All of the above was gathered from CNBC’s article “‘Was my Social Security number stolen?’ Answers to common questions on the National Public Data breach” which is worth a read here: https://www.cnbc.com/2024/08/23/was-my-social-security-number-stolen-national-public-data-breach-questions.html)

What “IF”?

What can happen IF your data gets compromised from this or any one of the other breaches we find in the news each week or month?

The stories vary by victim, but ID Theft and Fraud is a pretty serious problem today.

When major breaches like this put data out there, it can be used by other bad actors to target us or access our accounts, credit, or even medical records. Sometimes it’s used to impersonate you, or it could be used to build a false sense of trust with someone malicious.

Attacks with this kind of data can usually involve theft, extortion, manipulation, or someone impersonating you to attack your friends and family if not also completely random victims.

It really depends on who’s behind the attack and what they have to work with, but the impacts tend to do much more than financial harm. It’s particularly scary when it comes to emotional damage and stress related to recovering.

What’s worse is that the elderly and minors tend to be targets, often sought out because they are easier to trick or because more can be done before a problem is discovered.

Two quick side comments on this:

• If you want to know more about the impacts of ID Theft, follow me because on Thursday, October 31st at 9 MT we’re doing a Halloween and Cybersecurity Awareness Month Special on the “Horrors of ID Theft!” where we’ll dig into some of the crazy cases out there and share more tips on protecting yourself. I’m doing a ton all October but this will be a great one for all to attend!
• And, if you like R-rated action movies, ‘Beekeeper’ with Jason Statham has some ties into the storyline with ID theft. A personal cyber-attack that happens very early on in the movie (before any R-rated stuff if you want to check it out but don’t want to see some hackers get their butts kicked). Some of the threat actor side of it is a bit theatrical but the attack and victim’s perspective is a great example of one way these attacks can play out.

So Why Am I Not Worried?

Of course, things can still happen to me, but I’m focusing on what I can control and there are layers of security I have in place to help me that I’d recommend considering for yourself.

First, we need to acknowledge what we can’t control and let that go so we can focus on what we do control.

I can’t control what companies like NPD do to protect my data. In many cases, people in that database could have no clue NPD even had their data. There are more and more laws around data privacy and disclosures as well as requirements for how to protect this type of data, but it’s going to take time and no one can be 100% secure – so that data is still at risk.

The spokesperson from NPD is probably right, much of this data may already be out there (that doesn’t let them off the hook though!). I can’t tell you how many times I get a letter in the mail that a data breach occurred and I may have had my data exposed.

We’re a bit helpless as consumers and it’s easy to throw our hands up – so that’s why I don’t really worry about these things I have no control over.

That being said, what can we control?

What I can do is monitor for suspicious activity and make it harder for anyone who gets my data to use it. I do this through defend-id and have their ID Theft Protection services. The services alert me when my data is out there, being used, and give me help to recover as quickly as possible to minimize damage.

I also have my and my family’s credit frozen, making it harder to access any of my credit.

To protect my banks, I’m picky with who I bank with but also have made sure to set up MFA and other restrictions on my accounts. Each one has a very random and long password that is unique.

Same with any social accounts or anything else that’s tied to the most sensitive types of data or ways of communicating with me. I keep them locked up as best as possible with MFA and strong passwords.

(While MFA makes it a little harder for me to log in, it makes it MUCH harder for threat actors and, while there are still ways around it, it will slow most of them down)

I’m not impervious to having a breach like this come back to haunt me, but I feel better knowing I’m harder to attack and that someone’s not only got my back but is also watching it.

I still need to be careful with day-to-day activity and watch out for scams or other personal cyber attacks, just like you. That’s where it pays to stay on top of security awareness, and threats and keep an eye out for news articles like the NPD breach. And, it’s one of the reasons it’s important to me to share tips with others and promote awareness.

Want some tips on what to do to protect yourself?

First, be careful with FUD (Fear, Uncertainty, and Doubt) around all of these kinds of breach stories.

Make no mistake, breaches like this get a lot of attention in news articles as well as marketing where your fears are used to get attention for solutions. It’s this kind of behavior around breaches like this that desensitizes us and wears us down.

We have to practice being smart consumers and users of technology by filtering through the noise and looking for what we can control and taking the right action.

Also, keep in mind that scammers use the FUD and confusion to trick more victims. Don’t get caught entering your SSN into someone’s website to search if it’s compromised because you may very well compromise it yourself in the process.

The safest way to find out if your data is out there is to use a legit service that can search for you.

With all that in mind, here are some things I highly recommend doing right now:

Freeze your credit until you need it

• Many of the same monitoring services will help with this but you can still do this yourself if you don’t have resources helping you. Essentially, you need to work with each credit bureau to do so. There’s a good resource here on the USA.gov page that includes other consumer resources: https://www.usa.gov/credit-freeze
• If you need help with this or want our guide on protecting your minors and their identity, let me know by messaging me here or emailing me at info@rlsconsulting.co. I’ll send out our guide directly to you if you want a copy.

Get a password manager

Yes, all of your keys go in one basket, but using randomly generated passwords is much safer. Just protect your Password Manager as much as possible with MFA and a VERY good password or passphrase that you do not share or use elsewhere.

• Most Password Managers will typically tell you if any of your passwords are compromised
• Need help finding one, let me know!

Monitor for activity

Check for data you have that’s out there or if you have any suspicious activity around it:

• It’s worth repeating: be careful giving out your SSN to do searches for it! You very likely would expose it by entering it into various search sites.
• There are many sites and services out there that will let you search for any credentials or sensitive info tied to email addresses. If you don’t have a service you trust, defend-id has a new tool where we can run a search for you. It’ll be available to run by yourself online soon but just let me know if you want me to run a search on your behalf in the meantime.

NOTE: There are easy ways to find if your email is affiliated with any other data out there, but it can still be inconclusive. Just because there are no results, it doesn’t mean it’s not still out there, results that are found could be limited, and again doesn’t mean it’s found ‘everything’.

Get ID Theft Protection or Personal Cyber

The best recommendation for getting back some peace of mind and having help to turn to if your data is used would be to get monitoring and recovery services in place through ID Theft Protection, also often called Personal Cyber:

• Get 20% off of defend-id with code “RLS20” here: https://defend-id-personal.merchantsinfo.com/Default.aspx
• When it’s offered as an employee benefit, it’s super cheap, and the price of a cup of coffee per month per employee is about the same, so if you want to do something cool for your staff this year, let me know!

If your Insurance Agency does not offer ID Theft or Personal Cyber as a solution and you’d like to sell it, I can help you there too.  You can learn more in one of my recent articles: Should I Offer Personal Cyber?

Looking for a DYI Identity theft response plan?

Click here

Cybersecurity- More Than Just IT’s Job

by Brian Thompson | Apr 3, 2024 | Breach, Identity Theft

Cyber threats are as common as coffee breaks, making the myth that cybersecurity falls solely within the world of IT is a terrible oversight. It’s a wide-reaching challenge touching every role from the ground floor to the executive suite. This article aims to dismantle the outdated view of cybersecurity, highlighting the essential role of identity theft protection and individual responsibility in creating a secure digital environment for businesses.  Cybersecurity- More Than Just IT’s Job

Everyone Has a Part to Play

Gone are the days when cybersecurity efforts are the sole responsibility of the IT department. In today’s workplace, a single click on a malicious link by any employee can open the floodgates to cyber threats. It’s a reality that highlights the importance of every team member’s role in cybersecurity.

Employees at all levels frequently handle sensitive data, making identity theft protection an essential element of an organization’s overall cybersecurity strategy. Simple habits, such as regularly updating passwords, recognizing phishing attempts, and securely managing personal and professional information, can significantly reduce the risk of identity theft and data breaches.

Training: First Line of Defense

Knowledge is essential when it comes to protecting against cyber threats. Regular, engaging training sessions can transform cybersecurity from an abstract concept to a fundamental practice embraced by all. These sessions should not only cover the basics of cyber hygiene but also the nuances of identity theft and how individuals can safeguard their digital personas.

An environment where cybersecurity is discussed openly and questions are encouraged can demystify the subject, making it more approachable for everyone. Remember, a well-informed employee is an organization’s first line of defense.

Leadership’s Role

The tone for cybersecurity readiness is set at the top. Leadership’s commitment to cybersecurity is critical. Allocating resources for security initiatives, setting clear policies, and fostering a culture where security is everyone’s business, leaders can elevate cybersecurity from a niche IT concern to a universal priority.

Executives and managers should lead by example, demonstrating good cyber practices and actively participating in training sessions. This not only reinforces the importance of cybersecurity but also signals to every employee that their role in protecting the organization is valued and vital.

Cultivating a Culture of Security

Building a culture that prioritizes cybersecurity requires more than just annual training sessions; it demands a shift in mindset. Recognizing and rewarding employees who adhere to security practices can motivate others to follow suit. Similarly, creating channels for reporting suspicious activities without fear of retribution encourages a proactive stance against cyber threats.

Such a culture not only enhances the organization’s resilience against cyber attacks but also fosters an environment where security becomes second nature and part of the daily activities of every employee.

The Collective Shield

The narrative that cybersecurity is an exclusive domain of the IT department must be left in the past. With cyber threats becoming more sophisticated, the responsibility falls on each of us. Every employee, from new hires to the CEO, must understand cyber risks. Embedding strong identity theft protection is crucial for all.

Emphasizing collective responsibility for cybersecurity fosters an environment where everyone is empowered to contribute to the digital safety of the organization. It transforms cybersecurity from a daunting challenge into a shared mission, reinforcing the idea that, together, we are a formidable shield against cyber threats.

Cybersecurity- More Than Just IT’s Job

Dismantling the myth that cybersecurity is just IT’s job is no small feat, but it’s a necessary step toward building more protected organizations. We must embrace our roles and focus on strong identity theft protection. Fostering a culture of security awareness will safeguard our digital realms.

Get your identity theft response plan here:   https://defend-id.ac-page.com/employee-identity-theft-response-plan?test=true

Articles related to “Cybersecurity- More Than Just IT’s Job”

• 4 SMB Cybersecurity Tips from the FBI
• Common Ways Identity Theft Occurs and Tips
• defend-id

Protecting Your Business in the Aftermath of the ‘Mother Of All Breaches’: Essential Data Security Tips

by Brian Thompson | Jan 31, 2024 | Breach, Identity Theft

Businesses and organizations take note! The “Mother Of All Breaches,” involving an unprecedented 26 billion records, isn’t just a personal concern; it’s a corporate crisis. This breach, compromising data from major platforms, poses serious risks to both individual users and organizations. Dive into our mother of all breaches business data security tips.

Understanding the Breach: A Business Perspective

This isn’t just about leaked emails and passwords. The “Mother Of All Breaches” is a complex aggregation of multiple incidents, presenting a unique challenge for businesses. The breach’s vast scope means sensitive employee data could be at risk, leading to potential identity theft or financial fraud. Companies need to recognize the gravity of the situation and act swiftly to safeguard their data and support their employees.

Mother Of All Breaches business data security tips – Immediate Actions

For Employers: Ensure your team is aware of the breach. Encourage them to use tools like Have I Been Pwned to check their data status. For accounts with compromised credentials, enforce immediate password changes. Emphasize the necessity of unique passwords and the adoption of two-factor authentication across all work-related platforms.

Password Strength: A strong password is a blend of letters (both uppercase and lowercase), numbers, and symbols. For example, ‘Coffee_Mug123!’ is better than ‘coffee123’. Avoid using easily guessable information like birthdays or common words.

Long-Term Data Security Strategies

A robust approach to password management is non-negotiable. Encourage the use of password managers for generating and storing complex passwords. Regularly monitor company accounts for unusual activities and educate your employees on recognizing phishing attempts and other cyber threats.

Broader Implications for Companies

Responsibility: It’s not just about technical defenses; it’s about a culture of cybersecurity awareness. Regular training sessions and updates on data security policies are essential. Businesses must also stay abreast of global data protection regulations to ensure compliance and safeguard against breaches.

Securing Our Digital Future

The “Mother Of All Breaches” is a wake-up call for businesses and individuals alike. It’s a reminder that in our interconnected digital world, the responsibility for data security is shared. By fostering a culture of cybersecurity mindfulness and implementing proactive strategies, we can safeguard our collective digital future.

FAQs for Businesses:

1. What are the first steps a company should take after a breach?Immediately check if company or employee data is involved, enforce password updates, and review security protocols.
2. How can businesses educate their employees about cybersecurity? Regular training sessions, updates on cybersecurity best practices, and encouraging a culture of vigilance are key.
3. What are the long-term implications of such breaches for businesses? Potential risks include reputational damage, financial losses, and legal implications due to non-compliance with data protection laws.

Articles/linkes related to mother of all breaches business data security tips:

• LinkedIn Post
• 10 Tips to Reduce Your Risk of Identity Theft
• defend-id