Business
Hackers may have stolen the Social Security numbers of every American. How to protect yourself
About four months after a notorious hacking group claimed to have stolen an extraordinary amount of sensitive personal information from a major data broker, a member of the group has reportedly released most of it for free on an online marketplace for stolen personal data.
The breach, which includes Social Security numbers and other sensitive data, could power a raft of identity theft, fraud and other crimes, said Teresa Murray, consumer watchdog director for the U.S. Public Information Research Group.
“If this in fact is pretty much the whole dossier on all of us, it certainly is much more concerning” than prior breaches, Murray said in an interview. “And if people weren’t taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them.”
According to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Fla., the hacking group USDoD claimed in April to have stolen personal records of 2.9 billion people from National Public Data, which offers personal information to employers, private investigators, staffing agencies and others doing background checks. The group offered in a forum for hackers to sell the data, which included records from the United States, Canada and the United Kingdom, for $3.5 million, a cybersecurity expert said in a post on X.
The lawsuit was reported by Bloomberg Law.
Last week, a purported member of USDoD identified only as Felice told the hacking forum that they were offering “the full NPD database,” according to a screenshot taken by BleepingComputer. The information consists of about 2.7 billion records, each of which includes a person’s full name, address, date of birth, Social Security number and phone number, along with alternate names and birth dates, Felice claimed.
National Public Data didn’t respond to a request for comment, nor has it formally notified people about the alleged breach. It has, however, been telling people who contacted it via email that “we are aware of certain third-party claims about consumer data and are investigating these issues.”
In that email, the company also said that it had “purged the entire database, as a whole, of any and all entries, essentially opting everyone out.” As a result, it said, it has deleted any “non-public personal information” about people, although it added, “We may be required to retain certain records to comply with legal obligations.”
Several news outlets that focus on cybersecurity have looked at portions of the data Felice offered and said they appear to be real people’s actual information. If the leaked material is it what it’s claimed to be, here are some of the risks posed and the steps you can take to protect yourself.
The threat of ID theft
The leak purports to provide much of the information that banks, insurance companies and service providers seek when creating accounts — and when granting a request to change the password on an existing account.
A few key pieces appeared to be missing from the hackers’ haul. One is email addresses, which many people use to log on to services. Another is driver’s license or passport photos, which some governmental agencies rely on to verify identities.
Still, Murray of PIRG said that bad actors could do “all kinds of things” with the leaked information, the most worrisome probably being to try to take over someone’s accounts — including those associated with their bank, investments, insurance policies and email. With your name, Social Security number, date of birth and mailing address, a fraudster could create fake accounts in your name or try to talk someone into resetting the password on one of your existing accounts.
“For somebody who’s really suave at it,” Murray said, “the possibilities are really endless.”
It’s also possible that criminals could use information from previous data breaches to add email addresses to the data from the reported National Public Data leak. Armed with all that, Murray said, “you can cause all kinds of chaos, commit all kinds of crimes, steal all kinds of money.”
How to protect yourself
Data breaches have been so common over the years, some security experts say sensitive information about you is almost certainly available in the dark corners of the internet. And there are a lot of people capable of finding it; VPNRanks, a website that rates virtual private network services, estimates that 5 million people a day will access the dark web through the anonymizing TOR browser, although only a portion of them will be up to no good.
If you suspect that your Social Security number or other important identifying information about you has been leaked, experts say you should put a freeze on your credit files at the three major credit bureaus, Experian, Equifax and TransUnion. You can do so for free, and it will prevent criminals from taking out loans, signing up for credit cards and opening financial accounts under your name. The catch is that you’ll need to remember to lift the freeze temporarily if you are obtaining or applying for something that requires a credit check.
Placing a freeze can be done online or by phone, working with each credit bureau individually. PIRG cautions never to do so in response to an unsolicited email or text purporting to be from one of the credit agencies — such a message is probably the work of a scammer trying to dupe you into revealing sensitive personal information.
For more details, check out PIRG’s step-by-step guide to credit freezes.
You can also sign up for a service that monitors your accounts and the dark web to guard against identity theft, typically for a fee. If your data is exposed in a breach, the company whose network was breached will often provide one of these services for free for a year or more.
As important as these steps are to stop people from opening new accounts in your name, they aren’t much help protecting your existing accounts. Oddly enough, those accounts are especially vulnerable to identity thieves if you haven’t signed up for online access to them, Murray said — that’s because it’s easier for thieves to create a login and password while pretending to be you than it is for them to crack your existing login and password.
Of course, having strong passwords that are different for every service and changed periodically helps. Password manager apps offer a simple way to create and keep track of passwords by storing them in the cloud, essentially requiring you to remember one master password instead of dozens of long and unpronounceable ones. These are available both for free (such as Apple’s iCloud Keychain) and for a fee.
Beyond that, experts say it’s extremely important to sign up for two-factor authentication. That adds another layer of security on top of your login and password. The second factor is usually something sent or linked to your phone, such as a text message; a more secure approach is to use an authenticator app, which will keep you secure even if your phone number is hijacked by scammers.
Yes, scammers can hijack your phone number through techniques called SIM swaps and port-out fraud, causing more identity-theft nightmares. To protect you on that front, AT&T allows you to create a passcode restricting access to your account; T-Mobile offers optional protection against your phone number being switched to a new device, and Verizon automatically blocks SIM swaps by shutting down both the new device and the existing one until the account holder weighs in with the existing device.
Your worst enemy may be you
As much or more than hacked data, scammers also rely on people to reveal sensitive information about themselves. One common tactic is to pose as your bank, employer, phone company or other service provider with whom you’ve done business and then try to hook you with a text or email message.
Banks, for example, routinely tell customers that they will not ask for their account information by phone. Nevertheless, scammers have coaxed victims into providing their account numbers, logins and passwords by posing as bank security officers trying to stop an unauthorized withdrawal or some other supposedly urgent threat.
People may even get an official-looking email purportedly from National Public Data, offering to help them deal with the reported leak, Murray said. “It’s not going to be NPD trying to help. It’s going to be some bad guy overseas” trying to con them out of sensitive information, she said.
It’s a good rule of thumb never to click on a link or call a phone number in an unsolicited text or email. If the message warns about fraud on your account and you don’t want to simply ignore it, look up the phone number for that company’s fraud department (it’s on the back of your debit and credit cards) and call for guidance.
“These bad guys, this is what they do for a living,” Murray said. They might send out tens of thousands of queries and get only one response, but that response could net them $10,000 from an unwitting victim. “Ten thousand dollars in one day for having one hit with one victim, that’s a pretty good return on investment,” she said. “That’s what motivates them.”
San José tech company Cisco plans to cut 471 workers in three Bay Area offices, according to layoff notices filed to a state agency.
The company, which provides networking devices along with other services including video conferencing and cybersecurity, told employees in May that it was going to cut fewer than 4,000 jobs or less than 5% of its workforce.
The notices, processed by the California Employment Development Department this week, provide more details about what jobs Cisco will cut in California.
The artificial-intelligence boom has fueled more investments in data centers, commercial real estate and other areas. But advancements in AI tools have also been reshaping jobs, especially in Silicon Valley, the epicenter of the tech industry.
Cisco’s layoffs in California impacted workers in its San José, Milpitas and San Francisco offices. The company cut a variety of roles in software engineering, product management, design, business operations and other areas, the notices show.
Cisco said it didn’t have anything additional to share beyond what it published in May about its restructuring plans.
Tech companies have been citing various reasons for layoffs including prioritizing investments in artificial intelligence. As workers use AI-powered tools to generate code, words and other content, some executives have said they don’t need as many employees. There’s also skepticism, though, about how big a role AI is playing at companies with a large amount of workers globally.
From January to May, U.S. technology companies announced 123,653 cuts, up 66% from the same period in 2025, according to a June report from global outplacement and executive coaching firm Challenger, Gray & Christmas. The firm said that AI was the leading reason companies cited for cuts but it still isn’t the “jobpocalypse some predicted.”
Meta, Snap, Block, Oracle and Amazon are among tech companies that have announced mass layoffs this year.
Cisco markets itself as a company that “provides critical infrastructure for the AI era” and has benefited from the AI boom, reaching a record revenue of $15.8 billion in the third quarter this year. The company’s net income grew 35% to $3.4 billion year-over-year during that quarter.
Cisco Chief Executive Chuck Robbins told employees in May it’s cutting costs in certain areas while prioritizing other investments. That includes employee use of AI across the company.
He said Cisco will be among winners in the AI era, but that means “making hard decisions — about where we invest, how we’re organized, and how our cost structure reflects the opportunity in front of us.”
As of July 2025, Cisco had roughly 86,200 employees, according to its annual report.
Social media company Snap is being sued by the parents of a girl who was raped when she was 12 years old by a man she met on disappearing messaging app Snapchat.
The 111-page lawsuit, filed this week in a Missouri Circuit Court, alleges that Santa Monica-based Snap “enabled and facilitated the grooming, exploitation, and sexual abuse” of the minor who is referred to as “J.F.”
The company failed to disable or warn users about “dangerous” features that predators use on the app to find and abuse their victims, according to the lawsuit.
Missouri resident Gabriel Joel Valentin-Rios, who was 25 years old at the time, raped the girl in September 2021 after she sneaked out of her house, the lawsuit alleges. The parents are also suing the attacker, who pleaded guilty to sexually assaulting the girl and is serving 18 years in prison, according to the Social Media Victims Law Center.
The center and the Holland Law Firm announced Thursday they filed the lawsuit on behalf on the victim’s family.
“This assault did not happen in a vacuum — it happened because Snapchat’s product design made it easy for a predator to reach and manipulate an unsuspecting child,” said Matthew Bergman, founding attorney of the Social Media Victims Law Center, in a statement. “Snap executives have long known that their features create a perfect environment for predators to exploit children, yet they have repeatedly failed to make the platform safe.”
A Snap spokesperson said in a statement the company cares “deeply about the safety and well-being of all Snapchatters.”
“Our teams have worked for years to build safeguards, launch safety tutorials, partner with experts, and work with law enforcement to help prevent the misuse of our platform,” the spokesperson said in a statement.
The lawsuit is the latest legal hurdle facing Snap. Multiple parents who lost their children have previously sued the company, alleging that Snap failed to provide enough safeguards on the messaging app. Parents and child safety groups have voice concerns about how the app can be used to connect young people with drug dealers and child predators.
Other tech companies such as gaming platform Roblox, Google-owned YouTube and Facebook parent company Meta have also faced lawsuits over safety and mental health issues.
In March, a Los Angeles jury found that Meta-owned Instagram and YouTube were liable for the suffering of a California woman who alleged the platforms were built to addict young users. Snap settled that lawsuit before the trial started.
The latest lawsuit against Snap highlights safety concerns surrounding several features on the messaging app including “Quick Add,” which suggests users to connect with on Snapchat. Valentin-Rios used that feature to connect with the girl along with others to disguise his identity and groom her into sending explicit photos, the lawsuit said. The company’s “Snap Maps” feature allowed him to find the girl’s home address. And he used a cartoon avatar known as Bitmoji on Snapchat to conceal his age and present himself as a “a young, innocuous, and friendly looking boy.”
Families have faced challenges holding tech companies accountable for safety issues because a U.S. law shields platforms from being held liable for content posted by its users.
The lawsuit against Snap, though, says that it seeks to hold the company liable for the design and marketing of “unreasonably dangerous social media products.” It alleges that Snap co-created content such as Bitmojis abused by child predators and it designed the app to entice users to spend more time messaging others.
The lawsuit accused Snap of consistently turning a “blind eye” to underage users of its app. Snapchat requires users be at least 13 years old to sign up for an account, but J.F. started using the app when she was 11 years old. Snapchat was popular among her peers and friends so J.F. downloaded the app, which was presented as lighthearted and entertaining platform, without her parents’ knowledge or consent. The company failed to warn users about potential dangers, verify the ages of minors and lacks adequate parental controls, the lawsuit alleges.
Snapchat has a “family center” where parents can see their teen’s friends, view time spent and other insights about how their children are using the app. But the lawsuit said it isn’t enough because parents can’t restrict teens from sending private messages and children can create accounts without their parents’ knowledge.
The plaintiffs’ counsel also tested Snap’s “Quick Add” feature in 2023 and found that many of the usernames “generated by Snap’s recommendation algorithm appeared on their face to belong to predatory users,” the lawsuit said.
Valentin-Rios was also able to create a second Snapchat account with the username “Nocits21g” to connect with J.F. and to conceal the activity from his girlfriend, according to the lawsuit.
The rape victim, who was diagnosed with PTSD, anxiety and depression, started to engage in self-harm and expressed suicidal thoughts, the lawsuit states.
The lawsuit seeks a jury trial and financial damages for the harm allegedly caused by the company to the family.
“J.F. feels embarrassed and ashamed, but she is also angry that Snap facilitated this by design, and angrier still that Snap continues to operate its platform in the same manner today,” the lawsuit said.
Gov. Gavin Newsom signed a law Thursday to crack down on inflated profits stemming from car crash lawsuits, blessing a hard-fought compromise between Uber and the state’s trial attorneys that averts a November showdown between two of California’s most powerful and moneyed lobbying forces.
The deal, the fruit of months of negotiations, takes aim at the lucrative way doctors can charge for procedures on patients referred to them by personal injury lawyers.
If a law firm has a client who was hurt in a car accident, the lawyer will often send them to a doctor who will perform surgery on a “lien” basis, meaning the doctor will be paid from money that comes from a lawsuit settlement rather than through insurance.
Uber contends this arrangement has created an incentive for doctors and attorneys to collude to dramatically inflate medical bills. The more expensive the bill, they say, the bigger the resulting payout.
The law, SB 623, caps how much these doctors can charge when their patient is involved in a lawsuit against a ride-share company, which are frequent targets of litigation due to their top-of-the-line insurance policies. The new law will also require Uber to ramp up background checks of its drivers.
“We’re going to have a much safer state both for medical patients and passengers in Ubers,” said Nicholas Rowley, a prominent Texas attorney who helped bankroll the fight and took a leading role in the negotiations.
The law only applies to cases that involve ride-share accidents that take place after Jan. 1, 2027.
“This legislation puts meaningful guardrails in place to better protect accident victims, increase transparency and accountability in the medical lien system and strengthen safety,” said Ramona Prieto, Uber’s head of public policy for the Western U.S., in a statement.
For months, Uber and lawyers from across the state poured tens of millions into dueling ballot measures that threatened to devastate the profits of whichever side lost.
Uber fired the first shot with a ballot measure that sought to cap how much attorneys can earn in lawsuits involving auto accidents. The company argued attorneys were swindling their own clients, inflating medical bills of car crash victims to increase the value of the settlement and then pocketing a hefty chunk of the payouts.
The state’s trial attorneys countered that the fee cap would make small or difficult cases a money-losing endeavor and block scores of accident victims from the courts. They shot back with their own ballot measure that would increase legal liability for ride-share companies if a passenger or driver is sexually assaulted while on a ride, seizing on investigative reporting that highlighted assaults in Ubers.
“They were waiting for us to blink and we didn’t,” said Douglas Saeltzer, the head of the Consumer Attorneys of California, the lawyer trade group that pushed for the measure against Uber. “Their starting place, I don’t believe, was in the interest of protecting victims — it was in the interest of protecting Uber.”
With the passage of Thursday’s law, both sides have agreed to pull their respective measures from the November ballot, halting campaigns that had both parties amassing tens of millions in funding and blanketing the airwaves with ads.
“Now we can stop seeing all the commercials,” said Assemblymember Blanca Pancheo (D-Downey) at a Tuesday hearing.
The law, put forward by Assemblymember Diane Papan (D-San Mateo) and Sen. Thomas Umberg (D-Santa Ana), also caps the amount that can be earned by third-party investors who buy out a doctor’s lien in a personal injury case. These companies will purchase a doctor’s stake in the case at a reduced rate, then pocket a share of the payout if the case settles.
“Private equity and hedge funds buy them at a steep discount, then turn around and collect the full inflated amount,” Saeltzer said at a Tuesday hearing on the bill. “That’s money flowing to Wall Street investors, not patients.”
The law will require annual background checks for ride-share drivers and expand the list of offenses that disqualify someone from the job.
In addition to the ballot battle, has Uber sued two of LA’s most well-known personal injury firms — the Law Offices of Jacob Emrani and Downtown L.A. Law Group — accusing them of inflating medical bills and forcing clients to undergo needless and expensive surgeries to inflate the value of the claim. The firms asked the judge to dismiss the case Wednesday, arguing Uber had failed to prove fraud. Both firms have vehemently denied wrongdoing.
The lawsuit, filed last year, has put the plaintiff lawyers in the unusual position of playing defense. Listening in the audience at Wednesday’s hearings were the partners of Downtown L.A. Law Group and Jacob Emrani.
“Let’s be clear about what this Uber case really is,” said John Hueston, outside counsel for Emrani. “It’s brought by a $150 billion dollar company … to intimidate the plaintiff’s bar, exhaust its resources and chill the suits that hold Uber accountable.”
Michael Huston, one of the lawyers who represents Uber, countered that the case is “not an attack on the plaintiff’s bar.”
“We have brought suit against the two in this state … that are engaged in naked fraud,” he said.
-
Connecticut22 seconds ago
Newly released video shows Connecticut prison officers striking inmate before he died
-
Delaware3 minutes agoAnnual Delaware River Sojourn honors the nation’s 250th anniversary
-
Florida8 minutes agoFlorida Lottery Mega Millions, Jackpot Triple Play results for June 26, 2026
-
Georgia15 minutes ago
Georgia Lottery Mega Millions, Cash 3 results for June 26, 2026
-
Hawaii18 minutes agoPolice recover 19 gaming machines, $7K in Kakaako gambling bust
-
Idaho23 minutes agoThe reactor race has begun
-
Illinois30 minutes agoNew Illinois bill aims to overhaul public defense system | The Chicago Report
-
Indiana33 minutes agoDriver airlifted after NW Indiana police chase ends with crash into tree
