Latest news with #NationalPublicData
Tom's Guide
7 days ago
- Tom's Guide
National Public Data is giving out your address and phone number — here's how to stop them
Though it has been dormant for most of the year, the website National Public Data has reemerged with new owners. As reported by PCMag, the website was well known for a major data breach that occurred last year in which millions of Social Security numbers were leaked online, resulting in a barrage of lawsuits against the former site owners, Jericho Pictures. The breach exposed at least 272 million Social Security numbers and 600 million phone numbers and after the lawsuits were filed, the site went dormant until recently when it went live again as a people finder site. Although there is nearly no information about the new owners of the domain aside from it being registered to a Florida-based VPN service called 'Perfect Privacy,' it's acting as a free search engine to let people search for information on others. The new National Public Data lets users look up anyone's personal information including addresses, phone numbers, birthdates, relatives, location, age, workplace and criminal records – all for free. While the new site claims to have no affiliation with the previous owners, they're also not very forthcoming about where they're gathering their data aside from stating that it's being collected 'from publicly available sources including federal, state and local government agencies, social media pages, property ownership databases and other reliable platforms. After the data is in our hands, we verify and filter it to make sure it is indeed accurate and up-to-date.' Now, just because they may be getting the data from legitimate sources and verifying it doesn't mean that you want them to have it or be make it readily accessible and easy to find online. If you would like National Public Data to remove your data from its site, you have that option as there is an opt out form you can use to delete your profile data. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. When PCMag tried it, they reported that it seemed as though their data was immediately removed from the site. However, it does appear that many users would likely be unaware of this option, which makes it easy for sites like this to continue posting their information online. Additionally. there are certainly data removal services like Incogni that can help you delete your online data as well as identity monitoring services that can help you monitor where you data appears online. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
The Hill
30-07-2025
- Business
- The Hill
‘Freeze by default' can help fight credit fraud
Every year, millions of Americans become victims of credit fraud. Most victims don't know their identity has likely already been compromised. Identity fraud cost Americans more than $42.9 billion in 2023 and affected more than 15 million people. These aren't isolated incidents. They reflect a serious security issue: a credit reporting infrastructure built for a different era, operating on outdated identity verification and an open-by-default trust model. At the center of this crisis is the Social Security number, still the primary credential used to apply for credit. But it has been compromised beyond repair. Originally designed for Social Security benefits, not identity verification, the number is now the key to our financial world, despite being widely leaked online and nearly impossible to change. In just the first half of 2023, 69 percent of U.S. data breaches exposed Social Security numbers, according to Security Magazine. A massive 2024 breach of the company National Public Data leaked nearly 272 million unique Social Security numbers, which are now widely available on criminal marketplaces. AT&T disclosed a separate breach that exposed 44 million of them. This means credit bureaus are frequently verifying applicants using data already possessed by criminals. Beyond stealing identities, fraudsters are now fabricating entirely new ones. ' Synthetic identity fraud,' which combines real and fake personal data to create convincing false identities, has surged in recent years. And thanks to generative AI, crafting synthetic identities that evade detection is easier than ever. With all this, consumers have little knowledge of or control over what information credit reporting agencies collect about them. Laws like the Fair Credit Reporting Act and the Fair and Accurate Credit Transactions Act allow consumers to check and freeze their credit, but do not require credit reporting agencies to freeze by default. Consumers bear the burden of manually freezing and unfreezing their credit with each of the three major credit reporting agencies, a cumbersome process with a steep learning curve. Many people, especially seniors or those unfamiliar with how to manage their records with credit reporting agencies, don't know how to protect their identities. The alternative is paying a third-party service to manage it for them. All of this puts the burden of identity security on the shoulders of those least capable of managing it. There's a better way: a 'frozen by default' model for consumer credit reports. This concept, rooted in 'zero trust' cybersecurity principles, flips the model. Instead of trusting by default, it locks credit reports unless the consumer explicitly authorizes access. Two main policy frameworks have been proposed by data security and privacy professionals that would remove most of the burden from consumers. First is tokenized pre-authorization. Under this system, consumers generate a one-time-use code to authorize a specific lender or other business to pull their credit. This token would allow only the authorized company to pull credit and would expire after a set amount of time. It is simple, secure and trackable. Second, real-time inquiry notifications. When a credit pull is attempted, consumers receive an email or text alert prompting them to approve or deny access instantly. While real-time approval offers maximum control, it comes with challenges such as missed alerts, spoofing, communication expenses and accessibility barriers. Tokenized authorization, in contrast, offers strong protection with better usability and is easier to scale. A modernized system would apply default credit freezes to all consumer credit files. It would also require multifactor authentication on credit reporting sites for any consumer login, dispute or unfreeze action. Each hard credit inquiry would require explicit consumer authorization. And consumers should receive timely notifications whenever their credit report is accessed. Some in the credit reporting industry will resist these reforms, fearing disruption to revenue models built on passive data sales. Reasonable exceptions can be made for soft inquiries used for marketing or monitoring. But hard inquiries, which can be used to establish new credit, should be frozen by default. Credit fraud is on the rise, and ignoring this growing threat is not sustainable. In 2023 alone, the FTC logged 5.4 million identity theft reports. Elder fraud complaints rose 14 percent and reached $3.4 billion, up from $2.9 billion in 2022 and $1.7 billion in 2021, a troubling trend. Seniors over 60 accounted for 58 percent of losses. These are people toward the end of their careers, and many have retired on a fixed income. They can't recover from major financial loss. Congress can act by updating our credit reporting laws with new 'frozen by default' regulations. The Consumer Financial Protection Bureau and Federal Trade Commission already hold partial authority and should strengthen oversight. These agencies should not be weakened. States like California and New York can also lead the way with pilot programs. America's credit system was built for a world where personal data was scarce and hard to steal. That world no longer exists. A zero-trust, freeze-by-default framework would go a long way toward protecting those who cannot protect themselves from becoming victims of credit or identity fraud. Daniel Hoffman is a cybersecurity consultant and Certified Information Systems Security Professional with over 20 years of experience information technology and data security.
New York Post
13-06-2025
- New York Post
Major data breach exposes 86M AT&T customer records, including social security numbers — here's how to know if you were affected
AT&T has experienced a massive personal data breach, so if you're one of the more than 100 million people who use the company, you'll want to be on guard. According to a report from Hack Read, more than 86 million customers have been affected with leaked details ranging from full names to dates of birth, phone numbers, email addresses and physical addresses. It's reported that more than 44 million Social Security Numbers were also included in the data leak. Advertisement While each of these data sets poses privacy risks on their own, together they could create full identity profiles that could be exploited for fraud or identity theft. The stolen data is reportedly fully decrypted and was first posted to a Russian cybercrime forum on May 15 before being re-uploaded on the same forum on June 3. Hackers reportedly accessed data by getting into accounts that lacked multi-factor authentication, and this leak appears to be linked to an original hack by the ShinyHunters group in April 2024. Advertisement 'It is not uncommon for cybercriminals to re-package previously disclosed data for financial gain,' an AT&T spokesperson told Hack Read in a statement. 'We just learned about claims that AT&T data is being made available for sale on dark web forums, and we are conducting a full investigation.' The original seller of the exposed data claimed that this leak is 'originally one of the databases from the Snowflake breach' — but according to Hack Reads analysis, there are about 16 million more records in this breach than the previous one. The leak reportedly included full names, dates of birth, phone numbers, email addresses, physical addresses and social security numbers. AFP via Getty Images Advertisement AT&T also acknowledged the security researchers' doubts that this breach was linked to the original 2024 breach. 'After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web in March 2024,' the company said in a statement. 'Affected customers were notified at that time. We have notified law enforcement of this latest development.' If you're an AT&T customer, it's possible your personal and private data could be part of the leak. Though if your data was leaked in this hack, it's likely because it was already unprotected in the August 2024 National Public Data breach, which exposed 'three decades' worth of Social Security numbers on the online black market.' Advertisement 'After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web in March 2024,' AT&T said in a statement. LightRocket via Getty Images To check if your information was leaked in that breach, you can check through Pentester, a cybersecurity firm, by going to and entering your information, which will allow you to see a list of your breached accounts. Security experts are also urging customers to keep an eye on their credit reports. AT&T said it 'offered credit monitoring and identity theft protection to those customers whose sensitive personal information was compromised as part of the notice in 2024.'
New York Post
10-06-2025
- New York Post
Major data breach exposes 86 million AT&T customer records, sparking identity theft fears: SSNs among details breached by hackers
AT&T has experienced a massive personal data breach, so if you're one of the more than 100 million people who use the company, you'll want to be on guard. According to a new report from Hack Read, more than 86 million customers have been affected with leaked details ranging from full names to dates of birth, phone numbers, email addresses and physical addresses. It's reported that more than 44 million Social Security Numbers were also included in the data leak. While each of these data sets poses privacy risks on their own, together they could create full identity profiles that could be exploited for fraud or identity theft. The stolen data is reportedly fully decrypted and was first posted to a Russian cybercrime forum on May 15 before being re-uploaded on the same forum on June 3. Hackers reportedly accessed data by getting into accounts that lacked multi-factor authentication, and this leak appears to be linked to an original hack by the ShinyHunters group in April 2024. 'It is not uncommon for cybercriminals to re-package previously disclosed data for financial gain,' an AT&T spokesperson told Hack Read in a statement. 'We just learned about claims that AT&T data is being made available for sale on dark web forums, and we are conducting a full investigation.' The original seller of the exposed data claimed that this leak is 'originally one of the databases from the Snowflake breach' — but according to Hack Reads analysis, there are about 16 million more records in this breach than the previous one. The leak reportedly included full names, dates of birth, phone numbers, email addresses, physical addresses and social security numbers. AFP via Getty Images AT&T also acknowledged the security researchers' doubts that this breach was linked to the original 2024 breach. 'After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web in March 2024,' the company said in a statement. 'Affected customers were notified at that time. We have notified law enforcement of this latest development.' If you're an AT&T customer, it's possible your personal and private data could be part of the new leak. Though if your data was leaked in this hack, it's likely because it was already unprotected in the August 2024 National Public Data breach, which exposed 'three decades' worth of Social Security numbers on the online black market.' 'After analysis by our internal teams as well as external data consultants, we are confident this is repackaged data previously released on the dark web in March 2024,' AT&T said in a statement. LightRocket via Getty Images To check if your information was leaked in that breach, you can check through Pentester, a cybersecurity firm, by going to and entering your information, which will allow you to see a list of your breached accounts. Security experts are also urging customers to keep an eye on their credit reports.
Fast Company
10-06-2025
- Business
- Fast Company
Data breach victims: Here's how your personal information is sold to criminals
Every year, massive data breaches harm the public. The targets are email service providers, retailers and government agencies that store information about people. Each breach includes sensitive personal information such as credit and debit card numbers, home addresses, and account usernames and passwords from hundreds of thousands—and sometimes millions—of people. When National Public Data, a company that does online background checks, was breached in 2024, criminals gained the names, addresses, dates of birth, and national identification numbers such as Social Security numbers of 170 million people in the U.S., U.K., and Canada. The same year, hackers who targeted Ticketmaster stole the financial information and personal data of more than 560 million customers. As a criminologist who researches cybercrime, I study the ways that hackers and cybercriminals steal and use people's personal information. Understanding the people involved helps us to better recognize the ways that hacking and data breaches are intertwined. In so-called stolen data markets, hackers sell personal information they illegally obtain to others, who then use the data to engage in fraud and theft for profit. The quantity problem Every piece of personal data captured in a data breach —a passport number, Social Security number, or login for a shopping service—has inherent value. Offenders can use the information in different ways. They can assume someone else's identity, make a fraudulent purchase, or steal services such as streaming media or music. The sale of data, also known as carding, references the misuse of stolen credit card numbers or identity details. These illicit data markets began in the mid-1990s through the use of credit card number generators used by hackers. They shared programs that randomly generated credit card numbers and details and then checked to see whether the fake account details matched active cards that could then be used for fraudulent transactions. As more financial services were created and banks allowed customers to access their accounts through the internet, it became easier for hackers and cybercriminals to steal personal information through data breaches and phishing. Phishing involves sending convincing emails or SMS text messages to people to trick them into giving up sensitive information such as logins and passwords, often by clicking a false link that seems legitimate. One of the first phishing schemes targeted America Online users to get their account information to use their internet service at no charge. Selling stolen data online The large amount of information criminals were able to steal from such schemes led to more vendors offering stolen data to others through different online platforms. In the late 1990s and early 2000s, offenders used Internet Relay Chat, or IRC channels, to sell data. IRC was effectively like modern instant messaging systems, letting people communicate in real time through specialized software. Criminals used these channels to sell data and hacking services in an efficient place. In the early 2000s, vendors transitioned to web forums where individuals advertised their services to other users. Forums quickly gained popularity and became successful businesses with vendors selling stolen credit cards, malware, and related goods and services to misuse personal information and enable fraud. One of the more prominent forums from this time was ShadowCrew, which formed in 2002 and operated until being taken down by a joint law enforcement operation in 2004. Their members trafficked more than 1.7 million credit cards in less than three years. Forums continue to be popular, though vendors transitioned to running their own web-based shops on the open internet and dark web, which is an encrypted portion of the web that can be accessed only through specialized browsers like TOR, starting in the early 2010s. These shops have their own web addresses and distinct branding to attract customers, and they work in the same way as other e-commerce stores. More recently, vendors of stolen data have also begun to operate on messaging platforms such as Telegram and Signal to quickly connect with customers. Cybercriminals and customers Many of the people who supply and operate the markets appear to be cybercriminals from Eastern Europe and Russia who steal data and then sell it to others. Markets have also been observed in Vietnam and other parts of the world, though they do not get the same visibility in the global cybersecurity landscape. The customers of stolen data markets may reside anywhere in the world, and their demands for specific data or services may drive data breaches and cybercrime to provide the supply. The goods Stolen data is usually available in individual lots, such as a person's credit or debit card and all the information associated with the account. These pieces are individually priced, with costs differing depending on the type of card, the victim's location and the amount of data available related to the affected account. Vendors frequently offer discounts and promotions to buyers to attract customers and keep them loyal. This is often done with credit or debit cards that are about to expire. Some vendors also offer distinct products such as credit reports, Social Security numbers and login details for different paid services. The price for pieces of information varies. A recent analysis found credit card data sold for $50 on average, while Walmart logins sold for $9. However, the pricing can vary widely across vendors and markets. Illicit payments Vendors typically accept payment through cryptocurrencies such as Bitcoin that are difficult for law enforcement to trace. Once payment is received, the vendor releases the data to the customer. Customers take on a great deal of the risk in this market because they cannot go to the police or a market regulator to complain about a fraudulent sale. Vendors may send customers dead accounts that are unable to be used or give no data at all. Such scams are common in a market where buyers can depend only on signals of vendor trust to increase the odds that the data they purchase will be delivered, and if it is, that it pays off. If the data they buy is functional, they can use it to make fraudulent purchases or financial transactions for profit. The rate of return can be exceptional. An offender who buys 100 cards for $500 can recoup costs if only 20 of those cards are active and can be used to make an average purchase of $30. The result is that data breaches are likely to continue as long as there is demand for illicit, profitable data.
