You may have heard about a lawsuit filed regarding a data breach concerning social security numbers. I encourage you to read at least the first few pages of the linked class action complaint to see how massive a violation of privacy this is.
The data breach concerns National Public Data, a company which offers background checks. They collect personally identifiable information (PII) as a part of their business. The defendant claims that NPD scraped PII from non-public sources (¶11). NPD then stored the data in an insecure manner and did not adequately protect this personal information (¶25). Consequently, a hacking group by the name of “USDoD” stole records of 2.9 billion individuals from NPD. According to the document, the data was independently reviewed by VX-underground, the cybersecurity company. They confirmed the breach included full names, address and address history, and social security numbers. They were also able to identify familial connections, both living and deceased (¶ 22-24).
Based on this class action complaint, NPD’s conduct was grossly negligent, leading to potential identity theft for almost anyone in the United States. It was also a massive privacy violation by scraping data from non-public sources. Even after they took millions of Americans personal information, they failed to secure the data from hackers.
Criminals can ruin your life if they target you with this information. They can open lines of credit without you knowing. You might only find out until creditors call you, demanding that you pay them back (¶60).
So, yeah. I am very concerned. I’ll have to figure out how to defend against this identity theft. Overall, I’m new to the privacy community, but I’m feeling like “privacy” in the United States is an absolute mess. If your data wasn’t somewhere on the dark web, it might be now. Protect your data. Stay safe.
Freeze your credit:
Yes! And don’t pay these assholes a dime for the privilege.
They’re legally required to provide freezes for free, but two of them were trying to sell it as a service through misleading page links, last time I checked.
Experian does it with every. single. login. Really fucking annoying when you have to login multiple times for thawing and whatnot when necessary.
Still are.
Don’t forget these companies didn’t exist before the late 80’s and credit worked just fine without them.
Yeah, but we replaced welfare with credit cards so…
I tried to create an account with TransUnion but it said the identity check failed and won’t create an account, I have no idea what to do now.
Yep, same issue, haven’t figured out a fix yet.
Everyone in the US should freeze their credit. Yes, it sucks that you have to unfreeze it to apply for new credit but it doesn’t actually suck that bad. Everything is done through the websites.
Also what ever email you use, enable 2 factor authentication. I think using OTA is better because people have had their numbers sim swapped.
I tried w equifax recently and kept saying not available at this time
No. I never opted into this system. They can opt me out.
Unfortunately the US doesn’t work that way. Unless you want to continue living under a rock, you have to deal with your credit.
I’ve never had an account with these. Do I need to create an account with them to freeze my credits? And what kinds of information should I give / not give when I do?
If they have your records, then you can request a freeze in a variety of ways. Online is just the easiest way to manage all that.