Business
Hackers may have stolen the Social Security numbers of every American. How to protect yourself
About four months after a notorious hacking group claimed to have stolen an extraordinary amount of sensitive personal information from a major data broker, a member of the group has reportedly released most of it for free on an online marketplace for stolen personal data.
The breach, which includes Social Security numbers and other sensitive data, could power a raft of identity theft, fraud and other crimes, said Teresa Murray, consumer watchdog director for the U.S. Public Information Research Group.
“If this in fact is pretty much the whole dossier on all of us, it certainly is much more concerning” than prior breaches, Murray said in an interview. “And if people weren’t taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them.”
According to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Fla., the hacking group USDoD claimed in April to have stolen personal records of 2.9 billion people from National Public Data, which offers personal information to employers, private investigators, staffing agencies and others doing background checks. The group offered in a forum for hackers to sell the data, which included records from the United States, Canada and the United Kingdom, for $3.5 million, a cybersecurity expert said in a post on X.
The lawsuit was reported by Bloomberg Law.
Last week, a purported member of USDoD identified only as Felice told the hacking forum that they were offering “the full NPD database,” according to a screenshot taken by BleepingComputer. The information consists of about 2.7 billion records, each of which includes a person’s full name, address, date of birth, Social Security number and phone number, along with alternate names and birth dates, Felice claimed.
National Public Data didn’t respond to a request for comment, nor has it formally notified people about the alleged breach. It has, however, been telling people who contacted it via email that “we are aware of certain third-party claims about consumer data and are investigating these issues.”
In that email, the company also said that it had “purged the entire database, as a whole, of any and all entries, essentially opting everyone out.” As a result, it said, it has deleted any “non-public personal information” about people, although it added, “We may be required to retain certain records to comply with legal obligations.”
Several news outlets that focus on cybersecurity have looked at portions of the data Felice offered and said they appear to be real people’s actual information. If the leaked material is it what it’s claimed to be, here are some of the risks posed and the steps you can take to protect yourself.
The threat of ID theft
The leak purports to provide much of the information that banks, insurance companies and service providers seek when creating accounts — and when granting a request to change the password on an existing account.
A few key pieces appeared to be missing from the hackers’ haul. One is email addresses, which many people use to log on to services. Another is driver’s license or passport photos, which some governmental agencies rely on to verify identities.
Still, Murray of PIRG said that bad actors could do “all kinds of things” with the leaked information, the most worrisome probably being to try to take over someone’s accounts — including those associated with their bank, investments, insurance policies and email. With your name, Social Security number, date of birth and mailing address, a fraudster could create fake accounts in your name or try to talk someone into resetting the password on one of your existing accounts.
“For somebody who’s really suave at it,” Murray said, “the possibilities are really endless.”
It’s also possible that criminals could use information from previous data breaches to add email addresses to the data from the reported National Public Data leak. Armed with all that, Murray said, “you can cause all kinds of chaos, commit all kinds of crimes, steal all kinds of money.”
How to protect yourself
Data breaches have been so common over the years, some security experts say sensitive information about you is almost certainly available in the dark corners of the internet. And there are a lot of people capable of finding it; VPNRanks, a website that rates virtual private network services, estimates that 5 million people a day will access the dark web through the anonymizing TOR browser, although only a portion of them will be up to no good.
If you suspect that your Social Security number or other important identifying information about you has been leaked, experts say you should put a freeze on your credit files at the three major credit bureaus, Experian, Equifax and TransUnion. You can do so for free, and it will prevent criminals from taking out loans, signing up for credit cards and opening financial accounts under your name. The catch is that you’ll need to remember to lift the freeze temporarily if you are obtaining or applying for something that requires a credit check.
Placing a freeze can be done online or by phone, working with each credit bureau individually. PIRG cautions never to do so in response to an unsolicited email or text purporting to be from one of the credit agencies — such a message is probably the work of a scammer trying to dupe you into revealing sensitive personal information.
For more details, check out PIRG’s step-by-step guide to credit freezes.
You can also sign up for a service that monitors your accounts and the dark web to guard against identity theft, typically for a fee. If your data is exposed in a breach, the company whose network was breached will often provide one of these services for free for a year or more.
As important as these steps are to stop people from opening new accounts in your name, they aren’t much help protecting your existing accounts. Oddly enough, those accounts are especially vulnerable to identity thieves if you haven’t signed up for online access to them, Murray said — that’s because it’s easier for thieves to create a login and password while pretending to be you than it is for them to crack your existing login and password.
Of course, having strong passwords that are different for every service and changed periodically helps. Password manager apps offer a simple way to create and keep track of passwords by storing them in the cloud, essentially requiring you to remember one master password instead of dozens of long and unpronounceable ones. These are available both for free (such as Apple’s iCloud Keychain) and for a fee.
Beyond that, experts say it’s extremely important to sign up for two-factor authentication. That adds another layer of security on top of your login and password. The second factor is usually something sent or linked to your phone, such as a text message; a more secure approach is to use an authenticator app, which will keep you secure even if your phone number is hijacked by scammers.
Yes, scammers can hijack your phone number through techniques called SIM swaps and port-out fraud, causing more identity-theft nightmares. To protect you on that front, AT&T allows you to create a passcode restricting access to your account; T-Mobile offers optional protection against your phone number being switched to a new device, and Verizon automatically blocks SIM swaps by shutting down both the new device and the existing one until the account holder weighs in with the existing device.
Your worst enemy may be you
As much or more than hacked data, scammers also rely on people to reveal sensitive information about themselves. One common tactic is to pose as your bank, employer, phone company or other service provider with whom you’ve done business and then try to hook you with a text or email message.
Banks, for example, routinely tell customers that they will not ask for their account information by phone. Nevertheless, scammers have coaxed victims into providing their account numbers, logins and passwords by posing as bank security officers trying to stop an unauthorized withdrawal or some other supposedly urgent threat.
People may even get an official-looking email purportedly from National Public Data, offering to help them deal with the reported leak, Murray said. “It’s not going to be NPD trying to help. It’s going to be some bad guy overseas” trying to con them out of sensitive information, she said.
It’s a good rule of thumb never to click on a link or call a phone number in an unsolicited text or email. If the message warns about fraud on your account and you don’t want to simply ignore it, look up the phone number for that company’s fraud department (it’s on the back of your debit and credit cards) and call for guidance.
“These bad guys, this is what they do for a living,” Murray said. They might send out tens of thousands of queries and get only one response, but that response could net them $10,000 from an unwitting victim. “Ten thousand dollars in one day for having one hit with one victim, that’s a pretty good return on investment,” she said. “That’s what motivates them.”
Residents of Monterey Park voted overwhelmingly to ban data centers on election day, making the San Gabriel Valley city the first in the nation to do so by public vote.
As of Wednesday, 86% of votes were in favor of Measure NDC, the city ban, according to the Los Angeles County registrar-recorder/county clerk.
Other cities and towns have passed moratoriums on data centers, as a wave of opposition sweeps the country. But the Monterey Park vote can only be overturned by another ballot measure, making it the most permanent data center ban in a jurisdiction.
Monterey Park’s City Council had already banned data centers by ordinance, after a proposed 247,000-square-foot data center met an outpouring of public anger and concern. The developer withdrew that plan.
That facility would have been less than 500 feet away from the nearest home, and would have used three times the electricity of the entire 60,000-person city. Residents said it would have caused noise and air pollution and driven up electricity rates.
“This ensures long-lasting protections for current and future generations,” Amy Wong, co-founder of the group San Gabriel Valley Progressive Action, said of the vote. “It means that future city councils cannot overturn a data center ban, even if data center developers wanted to spend money to fund pro-data center candidates.”
The measure had no formal opposition. The developer of the proposed facility, investment firm HMC StratCap, said it wouldn’t engage in the ballot fight when it withdrew in March.
The Data Center Coalition, an industry trade group, expressed disappointment in the vote.
“It sends a signal that the area is closed for business, both for data centers and for other significant economic development projects,” state policy director Khara Boender said.
“It deprives local residents of the opportunity to compete for jobs and investment, while also causing the area to relinquish substantial long-term economic investment, high-wage jobs, and critical tax revenue to neighboring areas or other states.”
SGV Progressive Action worked with hyperlocal groups including No Data Center Monterey Park to rally support for the measure.
The group is now focused on stopping data center proposals in the City of Industry and fighting a move by City of Industry, Santa Fe Springs, Vernon and City of Commerce to welcome data centers and other industry with fast-tracked permitting and tax incentives.
City of Industry, in the San Gabriel Valley, and Vernon, south of downtown L.A., are primarily industrial areas, each with around 300 permanent residents. They are employment centers, and tens of thousands of workers commute in daily.
There has been little vocal opposition to data centers among the few residents of these cities. Wong said the protest is primarily coming from the surrounding neighborhoods.
“If a data center gets built in City of Industry, residents across the region would bear the brunt of pollution and increased utility costs,” Wong said, noting that it is surrounded by 16 other cities and unincorporated communities.
Data center proposals have been limited in California compared to Virginia, Texas, Georgia, Illinois and Arizona, which sit at the center of a recent boom in hyperscaler facilities to power artificial intelligence.
California has the third-most data centers in the country, with 300, but high electricity rates, expensive land and regulatory hurdles mean that fewer, and smaller, facilities are currently planned than in other hotspots.
That doesn’t mean opposition hasn’t been fierce. In Coachella and Imperial County, residents are showing up in droves to protest local proposals.
In the San Gabriel Valley, Montebello, El Monte and Baldwin Park have all enacted temporary moratoriums, and Alhambra recently banned data centers as part of a zoning code update.
Wong said she hoped the ballot measure vote would galvanize the opposition. “The vote is a testament to the people power of our region,” she said. “Our region is worth protecting, and we won’t let data centers determine our future.”
A rule intended to prevent rent gouging in the wake of the Eaton and Palisades fires has lapsed in Los Angeles County, possibly exposing some renters to hikes.
The executive order that blocked rent increases was issued by Gov. Gavin Newsom amid the devastating wildfires last year. Under the order, landlords couldn’t increase rents by more than 10% above their prefire levels.
The rule, which was supposed to be temporary and was repeatedly extended, ended Friday after a vote to extend it again failed to garner enough votes. Supervisor Lindsey Horvath, whose district includes Pacific Palisades, sounded the alarm in a motion to extend price protections that failed to pass at the Board of Supervisors’ May 19 meeting.
“These price gouging protections continue to be necessary as construction and rebuilding continue, and as thousands of people remain displaced,” the motion said. “Families which signed short-term leases could face drastic price increases of 50% or more without further price gouging protection.”
Los Angeles County is home to more than 1 million rental properties, though not all of them needed protection from the new rule. There are already stricter rent increase caps for many residences, depending on the location, type and age of the building. Despite the rent control in the region, the people of Los Angeles pay among the highest rents in the country.
It is uncertain whether renters will face rapidly rising rents now that the protection has lapsed. But some real estate experts and policymakers said there was no need for the temporary rule that was part of the governor’s state of emergency.
Supervisors Kathryn Barger, Janice Hahn and Holly Mitchell abstained from voting on the motion to extend the protection, while Supervisors Hilda Solis and Horvath supported it.
“I abstained because I did not see sufficient evidence to justify extending this emergency ordinance, nor did I see evidence to eliminate it entirely,” Hahn said.
Barger’s office said she supported allowing the protections to sunset while waiting to see whether new information emerged.
“Market data already shows countywide rents are only about 2% above pre-emergency levels and rental inventory has grown,” Barger representative Helen E. Chavez Garcia said. “The Supervisor is also mindful of the burden these ongoing protections place on small property owners throughout the county.”
Mitchell did not immediately respond to a request for comment.
There haven’t been steep rent hikes in neighborhoods within three miles of the Palisades fire, according to a Times analysis of data from Zillow, the property listing company.
In ZIP Codes within three miles of the Palisades fire, rent increased 4.8% from December 2024 to April 2025. In areas around the Eaton fire, which destroyed swaths of Altadena, rent jumped 5.2% in the same period.
In L.A. County, ZIP Codes farther from the fires saw only about a 2% increase.
A landlords representative, Jesus Rojas of the Apartment Owners Assn. of Greater Los Angeles, told the supervisors during public comment at the meeting that the county’s rent-gouging rules have “long outlived the emergency they were intended to address” and are now being “wrongfully used to harm thousands of rental housing providers throughout the county.”
“There is no proof that multifamily rental housing providers are hugely increasing rents for impacted homeowners,” Rojas said.
Indeed, there are strong signs that the property market in the Los Angeles area has at last begun to cool.
L.A. metro-area rent prices recently fell to a four-year low, with the median rent slipping to $2,167 in December.
Meanwhile, condominium sales had their slowest start of the year in decades. Condo sales in Los Angeles have plummeted to a 20-year low, with fewer than 2,000 units sold in January and February — the worst start to the year since 2005.
Newsom defended the price-gouging protections shortly after they went into effect.
“In the days following the Los Angeles firestorms, we worked quickly to protect Los Angeles survivors from any form of exploitation,” he said in February 2025. “The state has the tools in place to not only block price gouging during this emergency, but also to prosecute bad actors.”
The Los Angeles County Department of Consumer and Business Affairs said it received more than 2,000 complaints after the fires, alleging that retailers and landlords were taking advantage of people put in hardship by their losses, and sent out more than 2,000 cease-and-desist letters to businesses and landlords for alleged price gouging, said Morine Merritt, who oversees department investigations into consumer and real estate fraud.
“Close to 90% of the complaints that we received involved allegations of rent increases,” Merritt said in an interview. Now that the fire-related protections have expired, existing laws and “regular market conditions determine price increases for goods and services, including rents,” she said.
Crackdowns on fire-related rent gouging have been rare, said Chelsea Kirk of the activist organization the Rent Brigade, which analyzed L.A. County’s rental market in the year after the fires. It reported 18,360 potential examples of price gouging in listings but said that few lawsuits had been filed by authorities so far.
Last week, Rent Brigade announced what it said was the first private civil lawsuit brought by a family that claimed to be rent-gouged in the aftermath of the wildfires. Plaintiffs Randall and Candy Renick, whose Altadena home was damaged, said they were charged nearly three times the maximum permitted rate for nearly 10 months. They seek restitution of $96,000 plus civil penalties and attorneys’ fees.
The rental market has probably stabilized since the fires, Kirk said, but other families may still be “locked into illegal rents” that they agreed to pay when they were in a rush to find housing after they were displaced.
Dear Mr. Pelley:
I meant what I said in my letter last week to the 60 Minutes team: joining 60 Minutes is the honor of my career and I am grateful to be working alongside the people who have contributed to the most important television journalism brand this country has ever produced. While I’m new to 60 Minutes, I’ve devoted my career to investigative journalism and storytelling. I started this job excited to collaborate and to benefit from the wisdom and experience of the 60 Minutes veterans, with you among them. For that reason, one of the first things I did in my new role was call you to talk and invite you to dinner. It is a profound disappointment that you rejected that overture and chose ambush instead. Yesterday, you hijacked my first meeting with staff to disparage me, my qualifications, and my intentions with remarkable incivility and contempt. I welcome a diversity of viewpoints and respectful debate among the team, but this was nothing of the sort. Yesterday’s performative display of hostility enacted in front of the staff instead of in a civil, private conversation-demonstrated that you have no interest in contributing to the future success of the show, or approaching my new tenure with a mind open to collaboration and progress. I am here to deliver first-in-class news programming, not to make headlines about newsroom drama. I am eager to work alongside those who share this goal.
Despite yesterday’s misconduct, I had hoped that in sitting down with you today we could find a path forward together. You made clear that you are not interested in such a path.
Your antipathy to the future of the show has come through loud and clear. And I have heard you. I therefore write on behalf of CBS News, Inc. (“CBS”) to inform you that your employment with CBS is terminated for cause effective immediately. Enclosed is your formal termination letter.
Sincerely,
Nick Bilton
Executive Producer, 60 Minutes
-
South Dakota22 seconds agoTornado watch in effect as severe storms target South Dakota
-
Tennessee3 minutes agoTennessee Baseball Breakout Star Announces He Won’t Enter the Transfer Portal
-
Texas8 minutes agoCentral Texas soldier dies in Iraq during training incident, Department of Defense says
-
Utah15 minutes agoNew program at University of Utah aims to keep up with growing Utah industry
-
Vermont18 minutes agoVermont seeks dynamic pricing for state park access
-
Virginia23 minutes agoWest Virginia commit announces decision by blasting ‘Country Roads,’ lighting a couch on fire
-
Washington30 minutes agoSteelers Sign TE Darnell Washington to Four-Year Extension
-
Wisconsin33 minutes agoWisconsin DNR reminding ATV and UTV drivers that more wardens will be out this weekend
