Gary Perkins, Chief Information Security Officer, CISO Global

October 11, 2024

While the scale of this data breach is alarming – with 277 gigabytes of data reportedly stolen – it’s important not to panic. Instead, focus on taking concrete steps to protect yourself. Stay informed, be proactive in safeguarding your personal information, and remain
vigilant for any signs of suspicious activity.

Recent reports indicate that cybercriminals have stolen and publicly released a significant number of Social Security numbers, claiming to have obtained records of 2.9 billion people from National Public Data. While some reports suggest the actual number of unique records may be closer to 272 million, this still represents a massive data breach affecting a substantial portion of the population. In light of this serious cybersecurity incident, it is imperative for individuals to take proactive steps to protect their personal information and financial well-being.

Taking the First Steps

The first step for anyone concerned about this breach is to determine what they have to lose. Consider what personal information may have been compromised and how it could potentially be misused. Would you know if your information was being used fraudulently? Many people don’t regularly monitor their accounts or credit reports, which can allow criminal activity to go undetected for extended periods.

One of the most important actions you can take is to check your credit report regularly – at least annually, but preferably more often in the wake of major data breaches. Look for any suspicious activity, unauthorized accounts, or inquiries you don’t recognize. If you contact the major credit bureaus (Equifax, TransUnion, Experian) and jump through enough hoops, you can access regular, free credit reports. Other sites also purport to offer such services but make sure you are dealing with a reputable provider. Remember that even major credit reporting agencies like Equifax and TransUnion were also breached in recent years.

Consider signing up for credit monitoring services, which can alert you to potential fraudulent activity. Many banks and credit card companies offer free or low-cost monitoring services to their customers. Additionally, you may place fraud alerts on your credit reports or other controls which require businesses to verify your identity before issuing credit in your name.

If you decide to check whether your information was affected by the breach, ensure you’re using a reputable source. Be cautious about entering personal details on unfamiliar websites, as this could potentially expose you to further risk. If you believe your information has been compromised, report it to the aforementioned credit bureaus and relevant authorities. The Internal Revenue Service (IRS) has specific procedures for reporting potential tax-related identity theft. The Federal Trade Commission’s IdentityTheft.gov website is an excellent resource for reporting identity theft and creating a recovery plan.

The Best Offense is a Good Defense

Strengthening your online security is crucial. Use strong, unique passwords for all your accounts, especially financial and email accounts. Better yet, implement multi-factor authentication (or MFA) wherever possible. This adds an extra layer of security by requiring a second form of verification beyond just a password.

Be aware that cybercriminals often exploit large-scale data breaches by launching phishing campaigns. They may send emails or text messages claiming to offer information about the breach or assistance in protecting your identity. Always be skeptical of unsolicited communications, especially those that ask for personal information or to click on a link or attachment. Be particularly wary of social engineering attacks, where the bad actor presents themselves as a friend, relative, or person of authority like law enforcement or an agent from the IRS. These can be executed in phishing emails, but also via text messages and even phone calls. These often rely on creating a false sense of urgency to prompt hasty actions. Given the widespread coverage of this breach, many people are understandably concerned and may be more susceptible to scams offering quick solutions or information. Remember: the IRS will never call you prompting you to take urgent action for tax-related issues.

Maintain vigilant oversight of your financial accounts. Regular monitoring can help you quickly identify any unauthorized transactions or suspicious activity. Many financial institutions offer real-time alerts for account activity, which can be a valuable tool for early detection of fraud. These services are often available at no cost to the consumer, and are worth considering following the data breach.

All is Not Lost

While the scale of this data breach is alarming – with 277 gigabytes of data reportedly stolen – it’s important not to panic. Instead, focus on taking concrete steps to protect yourself. If you have any easily guessed passwords, update them immediately. While you’re at it, set up MFA on any site you use where your financial information might be stored. Always pause and think critically before clicking on links in emails or text messages, even if they appear to be from trusted sources.

Remember, all is not lost. While data breaches are serious, there are many steps you can take to protect yourself and mitigate potential damage. Stay informed, be proactive in safeguarding your personal information, and remain vigilant for any signs of suspicious activity. By taking these precautions and staying alert, you can significantly reduce your risk of becoming a victim of identity theft or financial fraud. If you do notice anything unusual, act swiftly to report it and take steps to secure your accounts. With diligence and prompt action, you can navigate the aftermath of this data breach and maintain control over your personal information and financial security.

About the Author

Gary Perkins is the Chief Information Security Officer at CISO Global. With 20+ years of industry leadership, Gary’s experience spans both the public and private sectors. Most recently, he served as the Chief Information Security Officer for all of British Columbia. Previously, he served as Chief of Staff for the Chief Security Office at Canadian multinational publicly traded holding company and conglomerate, Telus.

As CISO, Gary drives cybersecurity strategies and risk management initiatives. He holds a Master of Business Administration (MBA) in the Management of Technology and Bachelor of Arts in Psychology from Simon Fraser University in British Columbia, as well as a Diploma in Criminology from Kwantlen Polytechnic University. Additionally, Gary has earned more than 22 industry-related certifications and awards and serves on numerous boards and councils.

The post Identity Under Siege: Responding to the National Public Data Breach appeared first on CISO Global.

*** This is a Security Bloggers Network syndicated blog from CISO Global authored by hmeyers. Read the original post at: https://www.ciso.inc/blog-posts/identity-under-siege/