The details are murky. In April, Hackmanac, a cybersecurity company, posted on X that about 2.9 billion records of personal data were for sale, from people in the United States, Canada and Britain. The data was supposedly stolen from National Public Data, a company that does background checks.
That company became the target of a class-action suit, which Bloomberg Law recently reported, contending that thieves got Social Security numbers in the breach. Bleeping Computer, a technology and security publication, rounded up reports of hackers leaking batches of the data.
We may never know the extent of the breach and the subsequent leak. But I’m not sure the details matter much.
Security breaches happen all the time. Thieves frequently find vulnerabilities in large systems and exploit them.
Our lack of data privacy and security is intensely hateful, but in the short and medium term, the only thing we can do is lock ourselves down as best we can.
Here are some reminders about how to do it.
Control Anxiety
Remember, some thieves steal simply because they can. If they don’t try to use stolen information, you don’t have a problem.
More nefarious crooks need to know how to use the data against whatever aggressive defenses exist at, say, a bank. Often, they fail.
Or they may try to sell the data. A market may not exist, so the stolen information languishes. If a sale does happen, the data might turn out to be outdated.
Also, the buyers may be state actors. If you’re not a likely target of blackmail or in possession of interesting secrets, they may have the goods on you but not want to use them.
Freeze Your Credit
The kind of identity theft where someone pretends to be you and uses your Social Security number to open new accounts can be damaging. One good defense is to freeze your credit files with the three big consumer credit reporting agencies, Equifax, Experian and TransUnion.
Credit card issuers, mobile phone companies and the like generally won’t open new accounts if they can’t check your credit. If you have frozen your credit, someone trying to open an account in your name at a new company won’t be able to proceed.
And if you need to open a new account yourself? You get a PIN when you freeze your file with each of the three companies and use it to thaw the file when someone needs to examine it. Don’t lose the PIN or chaos can ensue.
This is a pain, but I’ve done it for years and have only heard sporadic tales of people being unable to thaw their files when they need to. I’ve also set freezes up for my minor children.
Other Measures
Set up two-factor authentication on as many online accounts as possible, or use an authentication app to secure your online accounts. If thieves haven’t intercepted your email, text messages or phone then it’s going to be hard for them to break in.
Account alerts are your friend. Depending on your bank or card company, you can set them up for many things, including any charge outside of your home country, any (or all) A.T.M. withdrawals or transactions over a certain amount.
If you get an alert you didn’t expect — or even one you did — don’t click links or call phone numbers in the alert. Instead, log into the account in question and find a contact number there. That will keep thieves from redirecting you to their own operations.
Take the Compensation
I’m not confident we’ll ever live in a fraud-free world. Until one exists, I take some joy in accepting compensation from companies that have messed up.
I have cashed settlement checks from various class-action suits. The offers come so fast and furious in the mail these days that I can’t even remember them a week later. What did I send off earlier this month? A request to join the fight against Ticketmaster? Quest Diagnostics? There have been many recently.
Thieves don’t want us to gum up the works. Credit bureaus don’t like to slow down the system either. Counteracting them and cashing in when money is on the table is some measure of revenge, or at least a way to protest the absurd security status quo.