By now, you have most likely heard about the massive data breach of National Public Data (NPD), leaking close to 3 billion people's personally identifiable information (PII), including full legal names, dates of birth, social security numbers, and more. While experts are working to figure out the full scale of the breach, cybercriminals already have access to the information and are able to use it for nefarious purposes.
So, what can you do to protect yourself? The first thing you should do right away is freeze your credit, which you can do for free by going to one of the big three credit tracking organizations' websites (Equifax, Experian, and TransUnion), creating an account, and then simply clicking the button (or submitting a request) to freeze your credit. If you want to feel extra safe, you can freeze your credit at all three in order to ensure scammers aren't able to open new lines of credit in your name, but doing so on one should work. The three credit tracking organizations should relay your credit freeze between each organization.
We found a tool that allows you to look up if your information has been leaked: https://npd.pentester.com
Please note, we cannot ensure the integrity of this tool, but it was referred to us by industry peers. Please use at your own risk.
While there are methods of removing your PII from databases like NPD, unfortunately, for any of your data that has already been leaked to the dark web, there is no reliable way to remove it. While that can be scary, it is not the end of the world, and there are still ways you can protect yourself. As stated earlier, freezing your credit is one of the best ways to protect yourself from identity theft. Once that is done, it is simply a matter of staying alert and knowing who to report to if scammers end up using your info. Some nefarious activity to look out for is new accounts being opened with your info and changes in the settings and security of your existing accounts. It is good policy to enable alerts on any accounts you have to inform you whenever changes are made, or they are accessed from unusual devices or locations.
One more critical detail to keep in mind is that identity theft isn't the only way scammers can use stolen data, as they will frequently use stolen data to create phishing attacks. Having a person's PII can enable scammers to make much more convincing phishing attacks to try and trick victims into sending them money or more data. Make sure you practice proper cybersecurity and stay vigilant for phishing attacks.
If you want to hear our own Matthew Almendinger talk about this in much more detail, have a listen to our podcast episode where we discuss this breach:
PII of 3 Billion Leaked, Google Monopoly, & CrowdStrike's Fail Award
Stay cybersafe out there!