You may have heard about a lawsuit filed regarding a data breach concerning social security numbers. I encourage you to read at least the first few pages of the linked class action complaint to see how massive a violation of privacy this is.
The data breach concerns National Public Data, a company which offers background checks. They collect personally identifiable information (PII) as a part of their business. The defendant claims that NPD scraped PII from non-public sources (¶11). NPD then stored the data in an insecure manner and did not adequately protect this personal information (¶25). Consequently, a hacking group by the name of “USDoD” stole records of 2.9 billion individuals from NPD. According to the document, the data was independently reviewed by VX-underground, the cybersecurity company. They confirmed the breach included full names, address and address history, and social security numbers. They were also able to identify familial connections, both living and deceased (¶ 22-24).
Based on this class action complaint, NPD’s conduct was grossly negligent, leading to potential identity theft for almost anyone in the United States. It was also a massive privacy violation by scraping data from non-public sources. Even after they took millions of Americans personal information, they failed to secure the data from hackers.
Criminals can ruin your life if they target you with this information. They can open lines of credit without you knowing. You might only find out until creditors call you, demanding that you pay them back (¶60).
So, yeah. I am very concerned. I’ll have to figure out how to defend against this identity theft. Overall, I’m new to the privacy community, but I’m feeling like “privacy” in the United States is an absolute mess. If your data wasn’t somewhere on the dark web, it might be now. Protect your data. Stay safe.
There’s no longer any restrictions on feeezing and thawing your credit from the big 3 agencies. All of them also offer temporary thawing that automatically freeze after a designated time. Do not under any circumstance permanently thaw them again. If you need new credit cards, credit checks from apartments or mortgaging / car loans, just work with your lender / seller to figure out which agency they will query and when. Set a temporary thaw for as small amount of time as you can, and all will be peachy. What’s more, after a temporary thaw, get a credit report in a couple months after that to verify nothing snuck in during that time.
What does freezing your credit do, exactly? Is this still something someone should do if they don’t even have any credit cards?
I’ve generally been pretty ignorant toward how credit reporting works.
It prevents opening new credit cards or other lines of credit in your name.
The reason this matters is lots of fraudsters are using names and SSNs they bought on the dark web, to open credit cards they have no intention of paying back.
If you’re an American, your name and SSN combination is almost certainly for sale for about 25 cents, on the dark web, today.
Freezing your credit at all three agencies is the only effective prevention, today.
The credit agencies will attempt to charge you a monthly fee for the privilege, but don’t fall for it. They’re legally required to provide the service for free.
If I’m ever a juror on a murder trial where the “victim” worked in leadership at one of the big three credit agencies, I’ll have to admit that I couldn’t possibly convict someone for that.
Yes. Absolutely. Being a victim of credit fraud can make it impossible to get a home mortgage, or even get certain jobs or apartments. It can be incredibly difficult and expensive to clean up, and the burden is largely left entirely on the victim.
Thanks, Major. How hard is it for fraudsters to unfreeze credit?
Generally they need all of your personal information (Full Name, Date of Birth and SSN - which costs them 25 cents or less on the dark web), plus your username and password that you create when you first visit each site. (Which hopefully isn’t on the dark web, because it’s new and unique.)
The new username and password that you create are what give some security.
And a warning, only because someone reading along will need it:
don’t re-use a password used elsewhere.
Re-used passwords, from past data breaches, paired nicely with email addresses and full names, also cost about 25 cents on the dark web.
Oh nice
Bitwarden FTW! (If they get hacked it’ll only take, oh, an entire day to change all my passwords 😉 you’re probably a KeePass person?)
Yeah. I feel seen. Naturally I try to only use the finest artisinal open source from F-Droid.
Though, honestly, I’m impressed by BitWarden and I’m happy enough to recommend it.
How can anyone genuinely write that and still support any country that imposes it.
Laughable. Fuck this country.
Uh… I’m a patriot.
I fully support my country in every meaningful way, especially those ways that might otherwise make my billionaire overlords feel threatened enough to put a hit out on me.
More seriously, my neighbors are, on average, fantastic people, that deserve my support.
Edit: To be clear, I fully agree that this should piss us all off.
Your neighbors are probably ones being mistreated by this country.
Support the people, not the country.
The US is a cesspool.
Freezing your credits means you (or anyone else) cannot access your credit report to open new lines of credit. No credit cards, mortgages, car loans, nothing.
@ChaosCoati @Chozo
Exactly.
But it’s very easy and fast to temporarily thaw it when you want to apply for credit.
I’ve been doing it for years.
What are the chances that my attempt to thaw gets denied “for my protection”?
Because I’ve gotten locked out if every bank account I’ve ever owned at some point “for my protection” just because I tried to login. The only thing stopping me from freezing my credit is fear that I’ll never be able to thaw it because of these terrible anti-fraud systems that lock me out.
And just as easy for crooks with this same data to thaw it for you.
@refalo
Not really. Online they’ll need my user/pass, 2fa for starters.
If they try to do it by phone they’ll need to first answer a bunch of questions (which yes they can probably get), but then upload a photo of my license…
There have been several leaks with driver license and passport photos of people from all over the world, usually from sites or services that need to verify identity like for stock trading or porn.
Can’t someone who has your SSN just thaw it themselves?
Not easily. The scammer likely has your current address & contact info, but knows nothing about your history.
To confirm your identity when you contact these reporting agencies they will use details from your credit history by asking detailed questions the scammer likely won’t know. For example it might be questions like these:
They’ll throw 3 or 4 questions like these at you that you’ll have to answer correctly. They might involve places you used to live, banks you have had accounts with, etc. The chances of a scammer with your SSN knowing all these details about you is pretty tiny.