What New Yorkers should do after the recent Social Security number data breach
NEW YORK -- New York Rep. Ritchie Torres says his Social Security number was included in a massive breach that involved billions of personal data records being leaked.
Back in April, a group of hackers reportedly stole over 2.9 billion records from a background check company called National Public Data.
"The information that was suspected of being breached contained name, email address, phone number, Social Security number, and mailing address(es)," NPD said. "We cooperated with law enforcement and governmental investigators and conducted a review of the potentially affected records and will try to notify you if there are further significant developments applicable to you."
A leaked version of the stolen NPD data was reportedly posted on a free hacking forum.
Following the breach, a class action lawsuit was filed against the company.
"The Social Security data breach serves as a painful reminder that America has no federal data privacy law to protect the American people. When it comes to cyberspace, there is no law and order, only lawlessness and disorder," Torres said Wednesday. "We live in a cyber world, where your most sensitive data can be collected without your knowledge or consent by a private company and then stolen by a cyber criminal, leaving you wide open to identity theft."
"It is fair to say that cyberspace is the most lawless place on earth," he added.
Torres said people can check to see if their Social Security was leaked by using this website.
Cybersecurity expert offers tips
"I think what's interesting about this is we really didn't know about this breach until the lawsuit, which kind of says something about breaches in general, which is there's so many of them and they're happening so often that we don't even notice them anymore," cybersecurity expert Andrew Plato said.
Plato said at this point assume your data is probably already out there. He said to protect yourself going forward get what's called a password vault program.
"They're a simple way to create really complex passwords for all the different websites you log into," Plato said. "Use a different password on each website. This will contain any breach that happens of your personal data. So if hackers do get your data from one particular website you wouldn't necessarily give them access to all the other websites you have."
To put it simply, using the same password for different websites is a bad idea.
"I know a lot of security people look down on the people who write their passwords down on a little notebook. You know, if that's what works for you, as long as you're using a different password on each website, go for it. Because it's a lot harder to steal that notebook than your password at this point," Plato said.
What you can do if you've been impacted
NPD says people have been impacted by the breach should:
- Monitor their financial accounts for unauthorized activity
- Contact Equifax, Experian and TransUnion credit reporting agencies to obtain a free credit report at 877-322-8228 or by clicking here
- Place a free fraud alert on your credit file, which means creditors will contact you before any new accounts are opened in your name, or changes are made to your existing accounts. You can reach Equifax at 800.685.1111, Experian at 888-397-3742 and TransUnion at 888.909.8872
- Review your free credit report for accounts and inquiries that you don't recognize, which may be signs of identity theft
- In the event of identity theft, contact the FTC
- You may consider a free credit freeze, which would make potential creditors can't get your credit report, making opening new accounts in your name less likely to be able to opened. You can temporarily lift or remove any such freeze.