There Was A Massive SSN Leak, But Reports of ‘Every American’ Affected May Be Massively Overblown

Approximately 2.7 billion records containing personal information of individuals in the United States have been leaked on a dark web hacking forum. 

The exposed data includes names, social security numbers, known physical addresses, and possible aliases. Contrary to some initial reports, this breach does not necessarily affect every American or contain information on 2.7 billion unique individuals.

The data is believed to originate from National Public Data, a company that collects and sells access to personal information for background checks, criminal record searches, and private investigations. National Public Data reportedly scrapes this information from public sources to compile individual user profiles.

The breach first came to light in April when a threat actor known as USDoD claimed to be selling 2.9 billion records of personal data from the US, UK, and Canada for $3.5 million. However, on August 6th, a different threat actor named “Fenice” leaked what appears to be the most complete version of the stolen data for free on the Breached hacking forum. Fenice attributes the actual data theft to another actor called “SXUL.”

Source: BleepingComputer

The leaked dataset consists of two text files totaling 277GB, containing nearly 2.7 billion plaintext records. Each record typically includes a person’s name, mailing addresses, and social security number, with some entries containing additional information such as associated names. It’s important to note that individuals may have multiple records, one for each known address, which explains the high number of total records.

While many individuals have confirmed finding their legitimate information in the leak, including data on deceased family members, there are indications that some of the data may be inaccurate or outdated. The Verge has called it “the weirdest ‘3 billion people’ data breach ever.” Some people have reported finding their social security numbers associated with unknown individuals, and current addresses are often missing from the records.

Troy Hunt of Have I Been Pwned (his tweet mentioned above) noted that “there were no email addresses in the social security number files. If you find yourself in this data breach via HIBP, there’s no evidence your SSN was leaked, and if you’re in the same boat as me, the data next to your record may not even be correct.”

Cybersecurity experts advise those potentially affected to monitor their credit reports for fraudulent activity and remain vigilant against phishing attempts. The breach has already sparked class action lawsuits (like this one) against Jerico Pictures, believed to be operating as National Public Data, for allegedly failing to adequately protect personal information.


Information for this story was found via the sources and companies mentioned. The author has no securities or affiliations related to the organizations discussed. Not a recommendation to buy or sell. Always do additional research and consult a professional before purchasing a security. The author holds no licenses.

Video Articles

Baselode Energy To Acquire Forum Energy: The Merger Of Equals Deal

TriStar Gold: The Revised Castelo de Sonhos Prefeasibility Study

Gold is Up 30%, But the Real Bull Market is Only Starting Now! | Adrian Day

Recommended

ESGold To Expand Mine Building At Montauban In Advance Of Gold & Silver Production

Goliath Resources Expands 2025 Drill Program To 60,000 Metres

Related News

US Meat Plant JBS Suffers Cyberattack, Threatening to Send Food Prices Even Higher

The world’s largest meat producer has been forced to shut down operations across North America...

Wednesday, June 2, 2021, 05:41:00 PM

Leading Firm In German Cybersecurity Council Reportedly Backed By Russian Intelligence

Apparently, it took a comedian to highlight the weakest links of Germany’s cybersecurity. German satirical...

Monday, October 17, 2022, 11:08:00 AM

Joe Sexton: Enhancing Plurilock’s Vision with Decades of Experience

Cybersecurity is not an every man's game, and understandably so. Wrong moves in this space...
Wednesday, July 17, 2024, 11:44:00 AM

Colonial Pipeline Hackers Allegedly Received $90 Million In Bitcoin Before Shutting Down

DarkSide, the hacker group responsible for the US Colonial pipeline cyberattack that decimated vital fuel-carrying...

Tuesday, May 18, 2021, 04:15:00 PM

Cyber Attack Targets One Of The Pentagon’s Largest IT Service Providers

Hackers have leaked internal documents stolen from Leidos Holdings Inc., one of the largest IT...

Wednesday, July 24, 2024, 03:58:00 PM