A new lawsuit is claiming hackers have gained access to the personal information of “billions of individuals,” including their Social Security numbers, current and past addresses and the names of siblings and parents — personal data that could allow fraudsters to infiltrate financial accounts or take out loans in their names.

The allegation arose in a lawsuit filed earlier this month by Christopher Hofmann, a California resident who claims his identity theft protection service alerted him that his personal information had been leaked to the dark web by the “nationalpublicdata.com” breach. The lawsuit was earlier reported by Bloomberg Law.

The breach allegedly occurred around April 2024, with a hacker group called USDoD exfiltrating the unencrypted personal information of billions of individuals from a company called National Public Data (NPD), a background check company, according to the lawsuit. Earlier this month, a hacker leaked a version of the stolen NPD data for free on a hacking forum, tech site Bleeping Computer reported.

  • Zorsith@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    12
    ·
    3 months ago

    And yet we have multiple of them now. Drivers license, SSN, and if you/your parent are/were military, EDIPI/DoDID.

    • brianary@startrek.website
      link
      fedilink
      arrow-up
      9
      ·
      3 months ago

      Military, sure, but driver’s licenses are state-level, not federal. Health care has been using birthdate like a password (one that is largely publicly available) for way too long now. At least financial institutions can use account numbers and financial history and code words, but even all that isn’t great.

      It’s a messy patchwork, but I think at the time of the creation of the SSA, the US may have still thought of itself as a land of second chances. IBM numbering Holocaust victims probably didn’t help the idea of a national ID, nor did the victim narrative of groups like the NRA.

      I’m not sure if it’s possible not to have a national ID anymore, so denial of it just forces a terribly kludgy implementation from whatever is around.