What Happened in the National Public Data Breach?
Until the NPD breach happened, the Yahoo data breach in 2013 was the worst cyberattack in US history, ultimately affecting all 3 billion Yahoo customers. Unfortunately, in April 2024, the infamous hacker group “USDoD” (not to be confused with the actual U.S. Department of Defense) broke into NPD’s computers and stole over 2.9 billion records. Of greatest concern is that, unlike the Yahoo breach, the NPD breach involves full Social Security numbers, potentially exposing every SSN holder in the US. The breach also includes your address history for the last three DECADES.
To make matters worse, not only did USDoD steal the information, and try to sell it for $3.5 million worth of crypto currency, but then another fraudster group called Fenice stole the data from them and released it on the dark web.
How Do I Know If My Data Is Compromised?
You can check to see if your data was exposed by checking this site hosted by the personal security firm Pentester. I checked my name and birthdate, and discovered that my personal address history and social security numbers going back to the early years of my 38-year marriage were now out there for all to see.
What if My Data Was Exposed?
If your data has been exposed, first take a deep breath. There are actions you can take to protect yourself.
1. Freeze Your Credit (It’s Free!)
First things first, freeze your credit monitoring with all three credit-reporting agencies. The process is free and makes it virtually impossible for someone to open an account or try to get a loan in your name. Here’s where to do it:
If you don’t already have a free account/login with each agency, you will need to create one. To institute a freeze, you must provide your date of birth, Social Security number, and current address. You must be prepared to provide your contact information, a government-issued ID, and proof of address to validate your identity.
Important Note: During this process, the agencies will try to get you to sign up for additional services. You don’t need to pay for anything to freeze your credit.
A credit freeze is permanent until you change it. Once you freeze your credit, it’ll remain that way until you lift it online, over the phone, or by mail. If you are ever applying for credit (home or auto loan, new credit card, etc), you can temporarily unfreeze your listings while the bank checks your credit.
2. Get Some Identity Theft Protection
Next, consider an identity theft protection and credit monitoring service. Reputable credit monitoring and identity theft protection services can safeguard you and your credit. Your personal information, including your name, SSN, linked financial accounts, addresses, and credit agreements are all monitored. If changes occur, you are alerted — allowing you to act quickly.
Expect services to cost between $10 – $30 per month. Aura has good customer service and some unique features for families. IdentifyForce gets strong ratings from consumer rating companies and is especially good for heavy users of secure information on mobile devices.
3. Consider Identity Theft Insurance
Your property and casualty insurance carrier might offer identity theft insurance. For $20-$100 a year, you can get comprehensive coverage that’ll help you restore your identity if it’s stolen and reimburse you if someone goes on a digital shopping spree with your info.
Some policies will even help you prepare for a cyberattack by helping to secure your home Wi-Fi network.
4. The Opt-Out Option
In addition to the above defensive strategies, you may want to consider “opt-out” services. According to this ZDNet article: Was your Social Security number leaked to the dark web?, people who had used data opt-out services weren’t exposed during this recent breach.
These services range from the straightforward, like the National Do Not Call Registry, to more complex options that might limit your ability to use social media easily. If you’re interested in blocking your information from data brokers, this article Top Ten Opt Outs from the World Privacy Forum is worth a few minutes of your time.
Protecting Yourself Over the Long Haul
Maintaining our cyber health is now a task that we all should be taking very seriously.
In a previously published Abacus article, Cybercrime Is Real: 7 Best Ways To Protect Your Identity, my colleague Gabe Brenner, CFP®, outlines additional strategies for mitigating risk. While some of these methods may seem obvious or annoying they are there to protect you from hackers trying to steal your data. A few worth noting here:
- Pick tough passwords and use a secure password storage tool
- Set up 2-factor authentication for any website that stores private information
- Be on high alert for phishing and spoofing emails. If you think it might be a scam, it probably is.
The NPD data breach serves as a stark reminder of the importance of cybersecurity in our increasingly digital world. By taking proactive steps to protect your personal information and staying informed about potential threats, you can significantly reduce your risk of falling victim to identity theft and financial fraud.
Disclosure:
Abacus Wealth Partners, LLC is an SEC registered investment adviser. SEC registration does not constitute an endorsement of Abacus Wealth Partners, LLC by the SEC nor does it indicate that Abacus Wealth Partners, LLC has attained a particular level of skill or ability. This material prepared by Abacus Wealth Partners, LLC is for informational purposes only and is accurate as of the date it was prepared. It is not intended to serve as a substitute for personalized investment advice or as a recommendation or solicitation of any particular security, strategy or investment product. Advisory services are only offered to clients or prospective clients where Abacus Wealth Partners, LLC and its representatives are properly licensed or exempt from licensure. No advice may be rendered by Abacus Wealth Partners, LLC unless a client service agreement is in place. This material is not intended to serve as personalized tax, legal, and/or investment advice since the availability and effectiveness of any strategy is dependent upon your individual facts and circumstances. Abacus Wealth Partners, LLC is not a legal or accounting firm. Please consult with your tax and/or legal professional regarding your specific tax or legal situation when determining if any of the mentioned strategies are right for you.