What to Know About the Social Security Number Breach

Recently, news came out about a data breach that has reportedly put billions of people around the globe at risk of having their personal data stolen. A lawsuit, which we’ll discuss more in a moment, says that billions of people have had their data stolen.

With such a high number of potential victims, it’s important that you know how to find out if your data has been accessed illegally, what to do if it was, and how to proceed, even if it wasn’t. Fortunately, we’ve put together everything that you need to know about this most recent data breach.

What Do We Know About the Breach?

There’s still more information out about the data breach in question, but what we do know is that in April 2024, a hacker who goes by USDoD managed to gain access to the personal information of billions of people around the world called National Public Data (NPD). According to Bleeping Computer, a tech site, USDoD leaked at least some of this data on a website where hackers congregate.

This illegal action has raised a number of questions, some of which we have the answers to and many more that we don’t. Let’s start with the basics.

Hackers on the internet are a very secretive society, as the things that they do are typically illegal. Hackers work relentlessly to get into the computer systems of banks, governments, and other entities around the globe, typically in an effort to extort money from people or to steal it outright.

USDoD has become one of the most infamous hackers in recent years, a title that people who operate in the nefarious regions of the “dark web” wear proudly. USDoD has become a sort of folk hero around cybercriminals in recent years, and it is believed that he has accessed billions of Social Security Numbers over the years. In fact, his reach has been so powerful that some cybersecurity experts believed USDoD was a large ring of hackers, not a single individual. We now know that this is not the case, and USDoD is one man who has an astounding knowledge of how to use the internet for evil.

USDoD has gone so far as to do interviews with websites and podcasts, during which his face and voice were completely obstructed or changed to protect his identity. However, after this most recent breach.

Crowdstrike, a huge cybersecurity firm that works with multiple businesses and government entities on a global scale, recently doxed USDoD in a move that many had assumed was impossible. To “dox” someone online means that you figure out who they are while they’re using a fake or anonymous identity.

According to Crowdstrike, USDoD is a man named Luan G, a 33-year-old male from Brazil. In recent days, this has been confirmed by the man himself, as Luan has acknowledged that he was behind the breach and that Crowdstrike figured out who he was. He’s expected to turn himself in to the Brazilian authorities before the end of August 2024, but that remains to be seen.

In an interview, after he was outed, Luan said that now that he’s been caught, he would like to leave the world of cybercrime behind and focus on doing something that would benefit his home nation of Brazil. That too remains to be seen, as experts claim that many hackers who get caught try to offer their services to their governments in exchange for leniency. Ultimately, the decision about how Luan G will be prosecuted for his crimes might be to the Brazilian government, even though billions of people around the world were affected by his actions. However, there is a possibility that the US may be involved.

The Brazilian government and the government of the United States have an extradition treaty in place, which means the US may request that Brazil send him to the States to stand trial for his crimes. This is not expected to be the case, though, as Brazil has a long history of refusing to extradite its own citizens.

What is National Public Data?

Now that we know who the hacker was, let’s take a look at the company that he targeted. National Public Data (NPD), is a company that offers extensive background checks to businesses around the world. Luan G has acknowledged that of the nearly 3 billion files that he hacked from NPD, all of them had the full name, address, phone number, date of birth, and social security number of the person who the company had checked on.

NPD is based in Florida, which has opened the floodgates for Americans to file lawsuits against the company. In August 2024, NPD acknowledged on its website that there had been a breach of its security systems and that data was accessed. According to NPD, the hack actually took place in December 2023, and some of the data was leaked in April 2024.

Per NPD, the information that was obtained in December 2023 was put on the dark web in April 2024 and the hacker wanted to sell it for $3.5 million. This is a common occurrence among hackers, as they usually have two strategies when it comes to the information that they illegally obtain. They’ll either hold the information for ransom, or they’ll sell it to the highest bidder. It appears that Luan chose to sell the data.

Investigative reporters have uncovered more details, some of which include negligence from NPD. According to multiple sources, NPD made the hack much easier by having passwords posted online. This reported negligence is why the lawsuits are piling up for the Florida-based company.

What Should You Do About the Social Security Number Breach?
With 2.9 billion people having their records accessed illegally, it means that more than 25% of the Earth’s population is impacted by this breach. While that sounds terrifying, it does mean that 75% of the population isn’t affected at all. With that in mind, you should find out if you’re affected by this breach before you worry about it.

Atlas Privacy, one of the biggest names in the cybersecurity industry, has set up a website at www.npdbreach.com where you can find out if you’re one of the 2.9 billion people impacted by the breach. Pentester, another company has set up a similar website at www.npd.pentester.com. You can go to either of those sites, input some of your data, and find out if your information is at risk.

If you find that your data was part of the breach, you can call 877-438-4337 or visit IdentityTheft.gov. If you visit the website, you can fill out a form that will allow you to receive a personal recovery plan.

Additionally, there are multiple class action suits being filed around the nation, so if you believe that you should receive some sort of financial compensation for your data being leaked, you can find more information about joining those suits online.

Data Security Matters

In our digital world, protecting your data online is crucial. While there’s nothing you can to do prevent breaches like this one, you can make sure that you’re using strong passwords and only sharing personal information with official, high-quality websites. Remember, data security is more important than it’s ever been before, and you have more power than you realize.