Your Social Security Number was probably hacked. Here’s what to do.

As if this prodigious year couldn’t get any loonier, right on the heels of the last disastrous computer failure, USA Today ran a consumer-interest story yesterday headlined, “2.9 billion records, including Social Security numbers, stolen in data hack: What to know.” As if that weren’t sufficiently alarming, the sub-headline piled on: “Every American’s Social Security number, address may have been stolen in hack.”

As always, there is much we don’t know. The breach allegedly occurred in April, and we are only finding out now because of a private class-action lawsuit filed sixteen days ago in the Southern District of Florida. The lawsuit claimed that a Dark Web hacking group has been selling a giant database of “personally identifiable information” (PII) including American addresses and social security numbers:

A ‘watchdog’ group, VX-Underground, reportedly requested and received a copy of the breached file, and confirmed its contents:

In mild good news, VX-Underground also said, “The database DOES NOT contain information from individuals who use data opt-out services. Every person who used some sort of data opt-out service was not present.” But it was not clear what those ‘opt-out services’ were.

Citing Bleeping Computer, whatever that is, USA Today reported that a hacker known as “Fenice” leaked the most complete version of the data for free on a forum in August. So although corporate media carefully used the word ‘may,’ it probably is out there. All over.

It didn’t come from the Social Security Administration. The data was allegedly stolen from National Public Data, a ‘criminal-background-checking’ company headquartered in Coral Springs, Florida. But the government is nevertheless involved. State and federal laws require background checks for all sorts of reasons, like for contractors entering public school properties.

Government created the market for background checking, and after that, a breach like this became inevitable, just a matter of time. Nor did government alert us; we had to wait for a lawsuit.

You should immediately freeze your credit score. Here’s a link explaining how to do it. The three credit-reporting agencies are required to offer the service for free. You can temporarily lift the freezes whenever you need to. It is occasionally inconvenient, but it forecloses the immediate risk of a bad actor secretly taking out a loan in your name. I’ve used it for years.

And for Heaven’s sake, don’t click links in texts or emails from people you don’t know, or even from companies you do know, because the hackers are getting very good at impersonations. Just go on the website yourself and do whatever you need to do. Who knows what else they can do with our social security numbers? Maybe we should just abolish them, and go back to whatever we were doing before, because this isn’t working.

Jeff Childers

Jeff Childers is the president and founder of the Childers Law firm. Jeff interned at the Federal Bankruptcy Court in Orlando, where he helped write several widely-cited opinions. He then worked as an associate with the prestigious firm of Winderweedle, Haines, Ward & Woodman in Orlando and Winter Park, Florida before moving back to Gainesville and founding Childers Law. Jeff served for three years on the Board of Directors of the Central Florida Bankruptcy Law Association. He has also served on the Board of Directors of the Eighth Judicial Bar Association, and on the Rules Committee for the Northern District of Florida Bankruptcy Court. Jeff has published several articles as co-author with Professor William Page of the Levin College of Law (University of Florida) on the topic of anti-trust in the Microsoft case. He also is the author of an article on the topic of Product Liability in the Software Context. Jeff focuses his area of practice on commercial litigation, elections law, and constitutional issues. He is a skilled trial litigator and appellate advocate. http://www.coffeeandcovid.com/

You may also like

Comments

Post Your Comment

Your email address will not be published. Required fields are marked *