Business
Hackers may have stolen the Social Security numbers of every American. How to protect yourself
About four months after a notorious hacking group claimed to have stolen an extraordinary amount of sensitive personal information from a major data broker, a member of the group has reportedly released most of it for free on an online marketplace for stolen personal data.
The breach, which includes Social Security numbers and other sensitive data, could power a raft of identity theft, fraud and other crimes, said Teresa Murray, consumer watchdog director for the U.S. Public Information Research Group.
“If this in fact is pretty much the whole dossier on all of us, it certainly is much more concerning” than prior breaches, Murray said in an interview. “And if people weren’t taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them.”
According to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Fla., the hacking group USDoD claimed in April to have stolen personal records of 2.9 billion people from National Public Data, which offers personal information to employers, private investigators, staffing agencies and others doing background checks. The group offered in a forum for hackers to sell the data, which included records from the United States, Canada and the United Kingdom, for $3.5 million, a cybersecurity expert said in a post on X.
The lawsuit was reported by Bloomberg Law.
Last week, a purported member of USDoD identified only as Felice told the hacking forum that they were offering “the full NPD database,” according to a screenshot taken by BleepingComputer. The information consists of about 2.7 billion records, each of which includes a person’s full name, address, date of birth, Social Security number and phone number, along with alternate names and birth dates, Felice claimed.
National Public Data didn’t respond to a request for comment, nor has it formally notified people about the alleged breach. It has, however, been telling people who contacted it via email that “we are aware of certain third-party claims about consumer data and are investigating these issues.”
In that email, the company also said that it had “purged the entire database, as a whole, of any and all entries, essentially opting everyone out.” As a result, it said, it has deleted any “non-public personal information” about people, although it added, “We may be required to retain certain records to comply with legal obligations.”
Several news outlets that focus on cybersecurity have looked at portions of the data Felice offered and said they appear to be real people’s actual information. If the leaked material is it what it’s claimed to be, here are some of the risks posed and the steps you can take to protect yourself.
The threat of ID theft
The leak purports to provide much of the information that banks, insurance companies and service providers seek when creating accounts — and when granting a request to change the password on an existing account.
A few key pieces appeared to be missing from the hackers’ haul. One is email addresses, which many people use to log on to services. Another is driver’s license or passport photos, which some governmental agencies rely on to verify identities.
Still, Murray of PIRG said that bad actors could do “all kinds of things” with the leaked information, the most worrisome probably being to try to take over someone’s accounts — including those associated with their bank, investments, insurance policies and email. With your name, Social Security number, date of birth and mailing address, a fraudster could create fake accounts in your name or try to talk someone into resetting the password on one of your existing accounts.
“For somebody who’s really suave at it,” Murray said, “the possibilities are really endless.”
It’s also possible that criminals could use information from previous data breaches to add email addresses to the data from the reported National Public Data leak. Armed with all that, Murray said, “you can cause all kinds of chaos, commit all kinds of crimes, steal all kinds of money.”
How to protect yourself
Data breaches have been so common over the years, some security experts say sensitive information about you is almost certainly available in the dark corners of the internet. And there are a lot of people capable of finding it; VPNRanks, a website that rates virtual private network services, estimates that 5 million people a day will access the dark web through the anonymizing TOR browser, although only a portion of them will be up to no good.
If you suspect that your Social Security number or other important identifying information about you has been leaked, experts say you should put a freeze on your credit files at the three major credit bureaus, Experian, Equifax and TransUnion. You can do so for free, and it will prevent criminals from taking out loans, signing up for credit cards and opening financial accounts under your name. The catch is that you’ll need to remember to lift the freeze temporarily if you are obtaining or applying for something that requires a credit check.
Placing a freeze can be done online or by phone, working with each credit bureau individually. PIRG cautions never to do so in response to an unsolicited email or text purporting to be from one of the credit agencies — such a message is probably the work of a scammer trying to dupe you into revealing sensitive personal information.
For more details, check out PIRG’s step-by-step guide to credit freezes.
You can also sign up for a service that monitors your accounts and the dark web to guard against identity theft, typically for a fee. If your data is exposed in a breach, the company whose network was breached will often provide one of these services for free for a year or more.
As important as these steps are to stop people from opening new accounts in your name, they aren’t much help protecting your existing accounts. Oddly enough, those accounts are especially vulnerable to identity thieves if you haven’t signed up for online access to them, Murray said — that’s because it’s easier for thieves to create a login and password while pretending to be you than it is for them to crack your existing login and password.
Of course, having strong passwords that are different for every service and changed periodically helps. Password manager apps offer a simple way to create and keep track of passwords by storing them in the cloud, essentially requiring you to remember one master password instead of dozens of long and unpronounceable ones. These are available both for free (such as Apple’s iCloud Keychain) and for a fee.
Beyond that, experts say it’s extremely important to sign up for two-factor authentication. That adds another layer of security on top of your login and password. The second factor is usually something sent or linked to your phone, such as a text message; a more secure approach is to use an authenticator app, which will keep you secure even if your phone number is hijacked by scammers.
Yes, scammers can hijack your phone number through techniques called SIM swaps and port-out fraud, causing more identity-theft nightmares. To protect you on that front, AT&T allows you to create a passcode restricting access to your account; T-Mobile offers optional protection against your phone number being switched to a new device, and Verizon automatically blocks SIM swaps by shutting down both the new device and the existing one until the account holder weighs in with the existing device.
Your worst enemy may be you
As much or more than hacked data, scammers also rely on people to reveal sensitive information about themselves. One common tactic is to pose as your bank, employer, phone company or other service provider with whom you’ve done business and then try to hook you with a text or email message.
Banks, for example, routinely tell customers that they will not ask for their account information by phone. Nevertheless, scammers have coaxed victims into providing their account numbers, logins and passwords by posing as bank security officers trying to stop an unauthorized withdrawal or some other supposedly urgent threat.
People may even get an official-looking email purportedly from National Public Data, offering to help them deal with the reported leak, Murray said. “It’s not going to be NPD trying to help. It’s going to be some bad guy overseas” trying to con them out of sensitive information, she said.
It’s a good rule of thumb never to click on a link or call a phone number in an unsolicited text or email. If the message warns about fraud on your account and you don’t want to simply ignore it, look up the phone number for that company’s fraud department (it’s on the back of your debit and credit cards) and call for guidance.
“These bad guys, this is what they do for a living,” Murray said. They might send out tens of thousands of queries and get only one response, but that response could net them $10,000 from an unwitting victim. “Ten thousand dollars in one day for having one hit with one victim, that’s a pretty good return on investment,” she said. “That’s what motivates them.”
Nike is cutting about 1,400 jobs in its operations division, mostly from its technology department, the company said Thursday.
In a note to employees, Venkatesh Alagirisamy, the chief operating officer of Nike, said that management was nearly done reorganizing the business for its turnaround plan, and that the goal was to operate with “more speed, simplicity and precision.”
“This is not a new direction,” Mr. Alagirisamy told employees. “It is the next phase of the work already underway.”
Nike, the world’s largest sportswear company, is trying to recover after missteps led to a prolonged sales slump, in which the brand leaned into lifestyle products and away from performance shoes and apparel. Elliott Hill, the chief executive, has worked to realign the company around sports and speed up product development to create more breakthrough innovations.
In March, Nike told investors that it expected sales to fall this year, with growth in North America offset by poor performance in Asia, where the brand is struggling to rejuvenate sales in China. Executives said at the time that more volatility brought on by the war in the Middle East and rising oil prices might continue to affect its business.
The reorganization has involved cuts across many parts of the organization, including at its headquarters in Beaverton, Ore. Nike slashed some corporate staff last year and eliminated nearly 800 jobs at distribution centers in January.
“You never want to have to go through any sort of layoffs, but to re-center the company, we’re doing some of that,” Mr. Hill said in an interview earlier this year.
Mr. Alagirisamy told employees that Nike was reshaping its technology team and centering employees at its headquarters and a tech center in Bengaluru, India. The layoffs will affect workers across North America, Europe and Asia.
The cuts will also affect staffing in Nike’s factories for Air, the company’s proprietary cushioning system. Employees who work on the supply chain for raw materials will also experience changes as staff is integrated into footwear and apparel teams.
Nike’s Converse brand, which has struggled for years to revive sales, will move some of its engineering resources closer to the factories they support, the company said.
Mr. Alagirisamy said the moves were necessary to optimize Nike’s supply chain, deploy technology faster and bolster relationships with suppliers.
A bill that would have required insurers to offer coverage to homeowners who take steps to reduce wildfire risk on their property died in the Legislature.
The Senate Insurance Committee on Monday voted down the measure, SB 1076, one of the most ambitious bills spurred by the devastating January 2025 wildfires.
The vote came despite fire victims and others rallying at the state Capitol in support of the measure, authored by state Sen. Sasha Renée Pérez (D-Pasadena), whose district includes the Eaton fire zone.
The Insurance Coverage for Fire-Safe Homes Act originally would have required insurers to offer and renew coverage for any home that meets wildfire-safety standards adopted by the insurance commissioner starting Jan. 1, 2028.
It also threatened insurers with a five-year ban from the sale of home or auto insurance if they did not comply, though it allowed for exceptions.
However, faced with strong opposition from the insurance industry, Pérez had agreed to amend the bill so it would have established community-wide pilot projects across the state to better understand the most effective way to limit property and insurance losses from wildfires.
Insurers would have had to offer four years of coverage to homeowners in successful pilot projects.
Denni Ritter, a vice president of the American Property Casualty Insurance Assn., told the committee that her trade group opposed the bill.
“While we appreciate the intent behind those conversations, those concepts do not remove our opposition, because they retain the same core flaw — substituting underwriting judgment and solvency safeguards with a statutory mandate to accept risk,” she said.
In voting against the bill Sen. Laura Richardson, (D-San Pedro), said: “Last I heard, in the United States, we don’t require any company to do anything. That’s the difference between capitalism and communism, frankly.”
The remarks against the measure prompted committee Chair Sen. Steve Padilla, (D-Chula Vista), to chastise committee members in opposition.
“I’m a little perturbed, and I’m a little disappointed, because you have someone who is trying to work with industry, who is trying to get facts and data,” he said.
Monday’s vote was the fourth time a bill that would have required insurers to offer coverage to so-called “fire hardened” homes failed in the Legislature since 2020, according to an analysis by insurance committee staff.
Fire hardening includes measures such as cutting back brush, installing fire resistant roofs and closing eaves to resist fire embers.
Pérez’s legislation was thought to have a better chance of passage because it followed the most catastrophic wildfires in U.S. history, which damaged or destroyed more than 18,000 structures and killed 31 people.
The bill was co-sponsored by the Los Angeles advocacy group Consumer Watchdog and Every Fire Survivor’s Network, a community group founded in Altadena after the fires formerly called the Eaton Fire Survivors Network.
But it also had broad support from groups such as the California Apartment Association, the California Nurses Association and California Environmental Voters.
Leading up to the fires, many insurers, citing heightened fire risk, had dropped policyholders in fire-prone neighorhoods. That forced them onto the California FAIR Plan, the state’s insurer of last resort, which offers limited but costly policies.
A Times analysis found that that in the Palisades and Eaton fire zones, the FAIR Plan’s rolls from 2020 to 2024 nearly doubled from 14,272 to 28,440. Mandating coverage has been seen as a way of reducing FAIR Plan enrollment.
“I’m disappointed this bill died in committee. Fire survivors deserved better,” Pérez said in a statement .
Also failing Monday in the committee was SB 982, a bill authored by Sen. Scott Wiener, (D-San Francisco). It would have authorized California’s attorney general to sue fossil fuel companies to recover losses from climate-induced disasters. It was opposed by the oil and gas industry.
Passing the committee were two other Pérez bills. SB 877 requires insurers to provide more transparency in the claims process. SB 878 imposes a penalty on insurers who don’t make claims payments on time.
Another bill, SB 1301, authored by insurance commissioner candidate Sen. Ben Allen, (D-Pacific Palisades), also passed. It protects policyholders from unexplained and abrupt policy non-renewals.
Times Insider explains who we are and what we do, and delivers behind-the-scenes insights into how our journalism comes together.
Politicians in Washington and the reporters who cover them have an often adversarial relationship.
But on the last Saturday in April, they gather for an irreverent celebration of press freedom and the First Amendment at the Washington Hilton Hotel: The White House Correspondents’ Association dinner.
Hosted by the association, an organization that helps ensure access for media outlets covering the presidency, the dinner attracts Hollywood stars; politicians from both parties; and representatives of more than 100 networks, newspapers, magazines and wire services.
While The Times will have two reporters in the ballroom covering the event, the company no longer buys seats at the party, said Richard W. Stevenson, the Washington bureau chief. The decision goes back almost two decades; the last dinner The Times attended as an organization was in 2007.
“We made a judgment back then that the event had become too celebrity-focused and was undercutting our need to demonstrate to readers that we always seek to maintain a proper distance from the people we cover, many of whom attend as guests,” he said.
It’s a decision, he added, that “we have stuck by through both Republican and Democratic administrations, although we support the work of the White House Correspondents’ Association.”
Susan Wessling, The Times’s Standards editor, said the policy is a product of the organization’s desire to maintain editorial independence.
“We don’t want to leave readers with any questions about our independence and credibility by seeming to be overly friendly with people whose words and actions we need to report on,” she said.
The celebrity mentalist Oz Pearlman is headlining the evening, in lieu of the usual comedy set by the likes of Stephen Colbert and Hasan Minhaj, but all eyes will be on President Trump, who will make his first appearance at the dinner as president.
Mr. Trump has boycotted the event since 2011, when he was the butt of punchlines delivered by President Barack Obama and the talk show host Seth Meyers mocking his hair, his reality TV show and his preoccupation with the “birther” movement.
Last month, though, Mr. Trump, who has a contentious relationship with the media, announced his intention to attend this year’s dinner, where he will speak to a room full of the same reporters he often derides as “enemies of the people.”
Times reporters will be there to document the highs, the lows and the reactions in the room. A reporter for the Styles desk has also been assigned to cover the robust roster of after-parties around Washington.
Some off-duty reporters from The Times will also be present at this late-night circuit, though everyone remains cognizant of their roles, said Patrick Healy, The Times’s assistant managing editor for Standards and Trust.
“If they’re reporting, there’s a notebook or recorder out as usual,” he said. “If they’re not, they’re pros who know they’re always identifiable as Times journalists.”
For most of The Times’s reporters and editors, though, the evening will be experienced from home.
“The rest of us will be able to follow the coverage,” Mr. Stevenson said, “without having to don our tuxes or gowns.”
-
West Virginia4 minutes agoTown hall meeting scheduled to discuss proposed Google data center in Putnam County – WV MetroNews
-
Wyoming10 minutes agoWyoming to implement odd-even outdoor water restrictions for several neighborhoods
-
Crypto16 minutes agoBIS Report: Crypto Earn Products Resemble Deposits With No FDIC Protection
-
Finance22 minutes agoRising gas prices put more financial pressure on Latino households, study says
-
Fitness28 minutes ago
Jane Fonda was in her 40s when she changed the way we exercise
-
Movie Reviews40 minutes agoMovie Review: The Mortuary Assistant – HorrorFuel.com: Reviews, Ratings and Where to Watch the Best Horror Movies & TV Shows
-
World52 minutes ago
Meta slashes 8,000 jobs, or 10% of its workforce, as Microsoft offers buyouts
-
News58 minutes agoTrump Says Israel and Lebanon Agree to Extend Cease-Fire by Three Weeks
