Latest news with #NationalPublicData
CNBC
05-05-2025
- Business
- CNBC
Your Social Security card will soon be available digitally. What to know
For many Americans, a Social Security number is the first form of identification they receive, mailed as a paper card a few weeks after birth. Now, the Social Security Administration is looking to give that form of ID an update by enabling secure digital access to Social Security numbers that will provide an alternative to the traditional Social Security card. Experts are cautiously optimistic about the idea, but have some security concerns. The new digital feature will allow individuals who have either forgotten their Social Security number or who have lost their Social Security cards to access their personal number online through the agency's My Social Security website. They will also be able to access their Social Security numbers through digital devices and display them as identification for "reasons other than handling Social Security matters," according to the agency. More from Personal Finance:Social Security reduces benefit clawback rateTrump administration restarts student loan collectionsWhat experts say about claiming Social Security benefits early With the new effort, the Social Security Administration aims to reduce the inconveniences caused by lost or stolen cards, which currently requires individuals to apply for replacements either online or in person. "We believe that this modern approach will meet the needs of our constituents in a more efficient manner," Social Security Administration acting commissioner Lee Dudek said in a statement. The agency declined to provide more details the rollout, which is scheduled to become available early this summer. Experts are cautiously optimistic about the change. "Generally, anything that is a new avenue for accessing your account or in an interaction with Social Security is a good thing, so long as it's easy and secure," said Richard Fiesta, executive director at the Alliance for Retired Americans. However, the risk is that some individuals, particularly those who are older or disabled, may be left without access if they are not as tech savvy and have difficulty using the internet or mobile phones, he said. My Social Security is "not the most customer friendly website," Fiesta said, despite efforts to improve it over the years. The move toward digital Social Security identification is "certainly a step in the right direction," said Eva Velasquez, CEO of the Identity Theft Resource Center. If implemented properly, the digital Social Security numbers may provide more security than paper cards, she said. "But it really doesn't solve the problem of identity misuse," Velasquez said. Every adult's Social Security number has likely already been breached, according to Velasquez. The size of the 2024 National Public Data breach prompted some experts to speculate every American could have been affected. The 2017 Equifax breach was estimated to have affected roughly half the U.S. population. The new process will raise questions as to how to protect both the Social Security numbers and the devices on which they are accessed, she said. Ultimately, the U.S. in the future will likely move toward a federated identity system, where a user's identity can be verified with biometric data like fingerprints and facial recognition that is linked across multiple systems, said Cliff Steinhauer, director of information security and engagement at The National Cybersecurity Alliance. "There's going to be a future where there's a clean internet, where everyone that uses it has authenticated with this federated, proven identity so that nobody can pretend to be anybody else," Steinhauer said. The Social Security Administration's move is a first step toward digital identification, though it does not appear to include biometric authentication, he said. Because there will be risk for fraud, it will be important for the Social Security Administration to make sure its systems are properly protected, Steinhauer said. There should also be phishing-resistant authentication installed to ensure that only authorized individuals access the accounts, he said. It will be important for individuals to verify that any messages that allegedly come from the Social Security Administration do, in fact, take them to a verified Social Security website. Any messages the agency sends out, such as a reminder to log in and check an account, could be copied for phishing purposes, Steinhauer said.
Mid East Info
22-04-2025
- Business
- Mid East Info
Kiteworks Releases 2024 Top 11 Data Breaches Report Using Risk Exposure Index to Reveal True Breach Impact - Middle East Business News and Information
Proprietary Risk Scoring Shows Data Sensitivity Outweighs Record Count in Breach Severity—National Public Data Breach Tops Risk Score at 8.93, While Change Healthcare's Supply Chain Impact Scores Perfect 10.0 Kiteworks, which empowers organisations to effectively manage risk in every send, share, receive, and save of sensitive data, today releases its 'Top 11 Data Breaches of 2024' report. The research applies Kiteworks' Risk Exposure Index (REI), a proprietary methodology introduced in summer 2024, to quantify and compare the severity of the year's most significant breach events. The REI assessment reveals that raw numbers of records exposed, while important, tell only part of the story. By analysing factors including data sensitivity, financial impact, regulatory implications, and attack sophistication, the report provides a nuanced measurement of organizational and consumer risk far beyond traditional metrics. 'Our Risk Exposure Index assessment of these breaches demonstrates what traditional reporting often misses,' says Tim Freestone, Chief Marketing Officer at Kiteworks. 'When we look beyond headline figures, we see that data sensitivity outranks all other factors in determining breach severity, confirming that what was stolen matters more than how much was taken. This insight enables organisations to more effectively prioritize their security investments.' Key Risk Exposure Index Findings Supply Chain Impact Reaches Perfect Score: The Change Healthcare breach received a 10.0 Supply Chain Impact score, the highest possible rating, reflecting the catastrophic downstream effects on thousands of healthcare providers nationwide. By comparison, the National Public Data breach scored 8.5 for Supply Chain Impact, illustrating how our methodology quantifies ecosystem-wide risk. Attack Vector Sophistication Varies Significantly: The report's analysis shows significant variation in Attack Vector Sophistication scores, ranging from 5.4 (DemandScience) to 8.4 (National Public Data). This variance highlights how some breaches exploit advanced persistent techniques while others leverage basic misconfigurations. Risk Score Rankings Reveal True Impact: The National Public Data breach achieved the highest overall risk score (8.93) due to its unprecedented scale, while the Change Healthcare breach ranked second (8.7) despite affecting fewer records. Hot Topic (7.7), LoanDepot (7.6), and Kaiser Foundation Health Plan (7.6) demonstrate how breaches of varying sizes can pose similar risk levels when analyzed comprehensively. Data Sensitivity Drives Risk: Multi-factor analysis across all breaches indicates that the three most influential factors in determining breach severity are: Data Sensitivity (24% influence): The nature of compromised information proved the single most important factor in determining real-world impact, with financial and health data breaches creating the most significant individual harm. Financial Impact (22% influence): The economic consequences for the breached organisation and affected individuals strongly influenced overall risk assessment, with ecosystem disruption creating particularly severe impacts. Regulatory Compliance (18% influence): The regulatory environment significantly shaped breach outcomes, with highly regulated industries facing more substantial consequences and response requirements. This correlation between data sensitivity and risk score (r=0.78) was particularly strong in healthcare and financial services breaches. 'What makes our Risk Exposure Index particularly valuable is its ability to quantify factors that typically defy measurement,' says Patrick Spencer, VP of Corporate Marketing and Research at Kiteworks. 'Our multi-factor analysis reveals that data sensitivity is the single most influential factor in determining breach severity, accounting for 24% of the overall risk impact. This indicates that what was stolen matters more than how much was taken. Organisations must prioritise protecting their most sensitive data throughout its life cycle, especially in an environment where third-party risk management remains the least mature security domain in 2024, creating systematic vulnerabilities that threat actors increasingly target.' Rank Data Breach Supply Chain Impact Attack Vector Sophistication Risk Score 1 National Public Data 8.5 8.4 8.9 2 Change Healthcare 10.0 8.2 8.7 3 Ticketmaster Entertainment 6.8 8.2 8.7 4 AT&T 5.4 6.5 8.5 5 Hot Topic 8.2 7.8 7.7 6 LoanDepot 4.2 7.1 7.6 7 Kaiser Foundation Health Plan 7.8 6.9 7.6 8 DemandScience by Pure Incubation 6.9 5.4 7.1 9 Dell Technologies 5.9 7.4 7.2 10 MC2 Data 5.2 5.7 6.9 11 U.S. Environmental Protection Agency 4.2 6.8 6.2 Risk Exposure Score of Top 11 Data Breaches in 2024 The full 'Top 11 Data Breaches of 2024' report can be downloaded here.
Yahoo
24-03-2025
- Business
- Yahoo
The Social Security data breach compromised 'billions' of accounts. Here's how to protect yourself.
In early 2024, background checking service National Public Data was hit by a massive cyberattack that potentially compromised the sensitive, personal information of millions, or possibly even billions, of people around the world, including U.S. residents. A year later, new security threats have gained traction. While artificial intelligence has transformed the ability to prevent, detect, and rapidly respond to cyberattacks, the malicious use of AI has also exploited new vulnerabilities. As AI systems evolve, so does the sophistication and scope of cyberattacks. In the hands of bad actors, AI capabilities have increased the scale and efficiency of attacks, including identity theft, fraud, and data privacy violations, according to a 2025 World Economic Forum report on AI and cybersecurity. In the financial sector, for instance, deploying a form of algorithmic manipulation known as data poisoning to increasingly sophisticated machine learning models could significantly impact AI. That, in turn, can lead to biased or harmful results, undermining fraud detection or credit scoring models. Heimdal analyzed resources from the Federal Trade Commission and the three credit bureaus to compile tips on how to secure your identity in the aftermath of last year's unprecedented data breach and prepare for potential threats in the future. The group taking credit for the breach targeting NPD calls itself USDoD, a moniker that mirrors the name of the federal government agency responsible for the country's security. The group reportedly sold the vast trove of user data on the dark web for $3.5 million. In a letter to the owner of Jerico Pictures Inc., which does business as National Public Data, the House Committee on Oversight and Accountability said the attack "likely represents one of the largest cyberattacks ever in terms of impacted individuals." The letter was sent to request a hearing and alert the owner to the committee's investigation of the security event, alleging that the company failed to notify consumers of the breach in a timely and detailed manner. The breach is concerning not only because of its possible scope but also because of the information compromised, which includes Social Security numbers. A Social Security number can be used to steal someone else's identity. This allows criminals to fraudulently open new lines of credit, apply for loans, and even receive government benefits, which happened during the COVID-19 pandemic when states were providing additional unemployment pay. If you don't already pay for an identity theft monitoring service, you can still take advantage of free tools offered by the main credit bureaus to prevent criminals from defrauding you. The process is called freezing your credit. While it is the most secure option to prevent fraud, industry surveys estimate that only a small percentage of Americans use the service. Depending on the scope and circumstances, consumers could benefit from freezing their credit after a major data breach. Read on to learn more about how to protect your information and set up a credit freeze. The simple fact that a person hasn't experienced the repercussions of identity theft, like credit card fraud, isn't always a sign that their personal data wasn't compromised. Personal info can sit in public spaces for some time before it's purchased or found and used by someone with criminal intent. Every U.S. state and multiple territories have laws that require that businesses notify stakeholders when their data has been accessed by an unauthorized actor. However, not every company is forthright about breaches. NPD is now facing a class action lawsuit in which at least one victim claims they didn't know about the breach until their own identity theft service notified them. Many identity theft services will notify you when your personal info is found in public or on marketplaces used by criminals. For the NPD breach, specifically, cybersecurity firm Pentester has released a free web tool that allows you to search the breached records by only providing your name, state, and birth year. After you've confirmed any exposure, a credit freeze can help protect you from future fraud attempts. A credit freeze is a free service that restricts access to your credit report through the major credit bureaus. You can temporarily pause the freeze when needed, such as when applying for a loan or credit card. A credit lock can similarly block access to your credit information, but it usually comes with a monthly fee and offers additional features, such as immediate deactivation and reactivation of the lock. When you turn on a credit freeze, all credit report requests will be denied, even if it's a legitimate lender processing your application for a loan or credit card. This simultaneously secures your information but also adds an extra step for you to remember when applying for new credit. (More on that later.) The three credit bureaus—Experian, Equifax, and TransUnion—all provide the service for free. Create an account on each bureau's website and turn on fraud alerts. Be wary of offers for paid tiers of services from each of these companies—you may want to purchase their additional services or a credit lock, but you should not need to pay to freeze a credit file. Comb through accounts tied to your personal information within each bureau's credit report, and be on the lookout for credit cards and other items you didn't personally apply for. The presence of an unrecognizable account could be evidence of identity theft. Then, request that each bureau place a freeze on the credit file. This can also be done by phone at: Experian: 1-888-397-3742 TransUnion: 1-888-909-8872 Equifax: 1-800-685-1111 NPD and the FTC also encourage consumers to report identity theft when they're alerted to it at or call 1-877-438-4338. The freeze stays in place until the owner of the credit file requests to lift it temporarily or permanently. A freeze might be lifted for a few days if the person anticipates applying for a mortgage or credit card within a specific set time. The process provides peace of mind that the window for fraud is limited should they forget to request a freeze again. Though freezing your credit is an easy and effective step to prevent fraud, it only protects against the creation of new, fraudulent accounts. Any existing credit account can still be compromised, so keep an eye out for your monthly statements and any suspicious charges. Experts also recommend securing all other types of online accounts in today's age of near-constant cyber threats. Aside from bank accounts, platforms like social media and even streaming service accounts can provide criminals with access to your credit card information and ways to impersonate you. Most websites offer a security service called multifactor authentication that works similarly to a credit freeze, pinging the user via a secure channel like a personal phone number to confirm the login activity is coming from them and not an impersonator. Story editing by Carren Jao. Additional editing by Kelly Glass. Copy editing by Tim Bruns. Photo selection by Ania Antecka. This story originally appeared on Heimdal® and was produced and distributed in partnership with Stacker Studio.
Yahoo
18-03-2025
- Business
- Yahoo
Does a doctor really need my Social Security number? Here's how to not give up your data
Data breaches have delivered so many passwords, birthdates and Social Security numbers to the dark web, the whole idea of protecting your identity might feel like a lost cause. But experts say there's still good reason to fight for your data privacy. And here's one way to start: Resist giving it up in the first place. That big-box retailer does not really need your birthdate to enroll you in its loyalty program. That doctor can treat you without knowing your Social Security number. Your favorite pizza place might want to store your credit card number, but you could also just type it in. 'We're often asked for our data in situations where it's not needed,' said Kimberly Palmer, personal finance expert at NerdWallet. The problem with repeatedly sharing your data, experts say, is that each time you do, you potentially heighten the risk of falling prey to identity thieves. Last August, a little-known Florida company called National Public Data acknowledged the theft of 2.9 billion records, including names, addresses and Social Security numbers dating back decades. And that wasn't even the biggest breach. Back in 2013, hackers compromised 3 billion Yahoo accounts, stealing names, email addresses, telephone numbers, dates of birth and other data. Hackers have breached some of the most secure networks in America. In 2017, thieves swiped the data of nearly 150 million Americans from Equifax, the credit reporting agency. More recently, Elon Musk's Department of Government Efficiency has gained access to innumerable government records, raising fresh fears of a breach. 'One thing that is underscored repeatedly is that you just can't control where your data goes,' said Derek Kravitz, deputy editor for special projects at Consumer Reports. 'Every expert will say it's unrealistic to think you can control all of the PII,' or personally identifiable information, 'that's out there.' But that's not a reason to give up. Here are some tips, from Kravitz and other experts. A credit card number can be changed. A birthdate cannot. In safeguarding your data, prioritize data that cannot be easily replaced, said Steve Grobman, chief technology officer at McAfee. 'If you lose your credit card, you can cancel your credit card,' he said. By contrast, 'once your Social Security number is in the wrong hands, there's not an easy way to take it back,' he said. 'Not all valuable data should be treated equally,' Grobman said. With each data point, ask this question: 'If it does fall into the wrong hands, is it something that you can mitigate completely?' Consumers should be most careful with immutable data, like Social Security numbers, birthdates and driver's license numbers, which are difficult or impossible to change. A government agency or lender might have a legitimate reason to ask for a Social Security number or date of birth, and you may have a compelling reason to supply it: Maybe you need a new passport, or a mortgage. But you may also be asked for a date of birth or driver's license number at the return counter at the mall, or in an application for a discount program. Think hard, Grobman said, 'before you give your Social Security number to Bob's Pizza to join their pizza club.' We tend to fill out forms 'on autopilot,' Palmer said, handing over personal data on request to just about anyone. One recent morning, Palmer was filling out a form for a medical practice. The form asked for a Social Security number. She left it blank. 'I've always left it blank, and I've never had any problems,' she said. 'I would definitely encourage people to question whenever they're asked for data that doesn't seem necessary.' If someone requests a high-stakes piece of personal information, find out if the requester really needs it. 'It's a mindset: Only giving information out that is required,' Kravitz said. In the world of data scams, unsolicited phone calls, emails and text messages are red flags, experts say. If someone contacts you for personal data, it's probably never wise to give it up. If you think the request may be genuine, and it comes from a familiar source, then go to the bookmarked website and initiate contact yourself, or call the number on your statement. 'Never engage with somebody who makes the contact to you,' Grobman said. 'Don't click on the links in the email.' If the communication sounds urgent, all the more reason to assume it's a scam. 'When you're in these situations, step one is just to stop,' Grobman said. 'There's almost nothing in this world where acting instantly is required.' In the spirit of data privacy, here are two more boilerplate rules to follow if you want to stay safe. You probably do this already: When you sign in to your bank, your 401(k) account or any other site that's reasonably secure, you endure the mild tedium of entering a PIN that's been sent to your cellphone. Multifactor authentication 'can keep identity thieves from accessing your accounts if they only have your username and password,' said Margaret Poe, head of consumer credit education at TransUnion. Scam victims often report that they neglected to enable two-step authentication on their plundered accounts, Kravitz said. If it's an option, he said, you should activate it. Simple, predictable passwords are easily hacked. Overused passwords tend to wind up on the dark web. 'It's best practice to update your passwords regularly, and use complex, unique passwords or passphrases for all of your accounts,' Poe said. That gets easier if you use a password manager, which can generate endless numbers of unique, complex passwords and keep track of them for you. Google, Apple and Microsoft all offer password managers, along with such well-regarded services as Bitwarden and 1Password. This article originally appeared on USA TODAY: Afraid of a data breach? Don't give it up in the first place.
USA Today
18-03-2025
- Business
- USA Today
Does a doctor really need my Social Security number? Here's how to not give up your data
Data breaches have delivered so many passwords, birthdates and Social Security numbers to the dark web, the whole idea of protecting your identity might feel like a lost cause. But experts say there's still good reason to fight for your data privacy. And here's one way to start: Resist giving it up in the first place. That big-box retailer does not really need your birthdate to enroll you in its loyalty program. That doctor can treat you without knowing your Social Security number. Your favorite pizza place might want to store your credit card number, but you could also just type it in. 'We're often asked for our data in situations where it's not needed,' said Kimberly Palmer, personal finance expert at NerdWallet. The problem with repeatedly sharing your data, experts say, is that each time you do, you potentially heighten the risk of falling prey to identity thieves. Need a break? Play the USA TODAY Daily Crossword Puzzle. Last August, a little-known Florida company called National Public Data acknowledged the theft of 2.9 billion records, including names, addresses and Social Security numbers dating back decades. And that wasn't even the biggest breach. Back in 2013, hackers compromised 3 billion Yahoo accounts, stealing names, email addresses, telephone numbers, dates of birth and other data. Hackers have breached some of the most secure networks in America. In 2017, thieves swiped the data of nearly 150 million Americans from Equifax, the credit reporting agency. More recently, Elon Musk's Department of Government Efficiency has gained access to innumerable government records, raising fresh fears of a breach. 'One thing that is underscored repeatedly is that you just can't control where your data goes,' said Derek Kravitz, deputy editor for special projects at Consumer Reports. 'Every expert will say it's unrealistic to think you can control all of the PII,' or personally identifiable information, 'that's out there.' But that's not a reason to give up. Here are some tips, from Kravitz and other experts. Prioritize your data A credit card number can be changed. A birthdate cannot. In safeguarding your data, prioritize data that cannot be easily replaced, said Steve Grobman, chief technology officer at McAfee. 'If you lose your credit card, you can cancel your credit card,' he said. By contrast, 'once your Social Security number is in the wrong hands, there's not an easy way to take it back,' he said. 'Not all valuable data should be treated equally,' Grobman said. With each data point, ask this question: 'If it does fall into the wrong hands, is it something that you can mitigate completely?' Consumers should be most careful with immutable data, like Social Security numbers, birthdates and driver's license numbers, which are difficult or impossible to change. Think about who wants your data A government agency or lender might have a legitimate reason to ask for a Social Security number or date of birth, and you may have a compelling reason to supply it: Maybe you need a new passport, or a mortgage. But you may also be asked for a date of birth or driver's license number at the return counter at the mall, or in an application for a discount program. Think hard, Grobman said, 'before you give your Social Security number to Bob's Pizza to join their pizza club.' Give up data on a need-to-know basis We tend to fill out forms 'on autopilot,' Palmer said, handing over personal data on request to just about anyone. One recent morning, Palmer was filling out a form for a medical practice. The form asked for a Social Security number. She left it blank. 'I've always left it blank, and I've never had any problems,' she said. 'I would definitely encourage people to question whenever they're asked for data that doesn't seem necessary.' If someone requests a high-stakes piece of personal information, find out if the requester really needs it. 'It's a mindset: Only giving information out that is required,' Kravitz said. Beware of unsolicited calls or texts In the world of data scams, unsolicited phone calls, emails and text messages are red flags, experts say. If someone contacts you for personal data, it's probably never wise to give it up. If you think the request may be genuine, and it comes from a familiar source, then go to the bookmarked website and initiate contact yourself, or call the number on your statement. 'Never engage with somebody who makes the contact to you,' Grobman said. 'Don't click on the links in the email.' If the communication sounds urgent, all the more reason to assume it's a scam. 'When you're in these situations, step one is just to stop,' Grobman said. 'There's almost nothing in this world where acting instantly is required.' In the spirit of data privacy, here are two more boilerplate rules to follow if you want to stay safe. Use multifactor authentication You probably do this already: When you sign in to your bank, your 401(k) account or any other site that's reasonably secure, you endure the mild tedium of entering a PIN that's been sent to your cellphone. Multifactor authentication 'can keep identity thieves from accessing your accounts if they only have your username and password,' said Margaret Poe, head of consumer credit education at TransUnion. Scam victims often report that they neglected to enable two-step authentication on their plundered accounts, Kravitz said. If it's an option, he said, you should activate it. Get a password manager Simple, predictable passwords are easily hacked. Overused passwords tend to wind up on the dark web. 'It's best practice to update your passwords regularly, and use complex, unique passwords or passphrases for all of your accounts,' Poe said. That gets easier if you use a password manager, which can generate endless numbers of unique, complex passwords and keep track of them for you. Google, Apple and Microsoft all offer password managers, along with such well-regarded services as Bitwarden and 1Password.
