“If you spend more on coffee than on IT security, you will be hacked.” ~ Richard Clarke


Happy September!!

Let’s start with the big news:  In mid-August it became public knowledge that National Public Data exposed personal data of 2.9 Billion (yes! Billion, with a “B”) people.  The exposure was actually found on the dark web four months earlier.  On April 8 the cybercriminal group (USDoD) posted the data for sale for a measly $3.5 million.  (https://news.bloomberglaw.com/privacy-and-data-security/background-check-data-of-3-billion-stolen-in-breach-suit-says)  Unfortunately, no one anted up with the $3.5 million and the cybercriminals had a change of heart.  They started giving the data away for free!  (https://www.komando.com/news/security/national-public-data-breach-how-to-protect-yourself-and-your-ssn/

On a side note, inquiring minds would like to know:  Did the criminals remove their personal data and that of their loved ones from the list before giving it away?  Do cyber criminals have loved ones?  If they did scrub the data, can we use AI to reverse the list and figure out who is missing from the list (and then arrest them)?  Just curious!

After reading numerous trusted sites, I have learned the breach was a result of accidentally posting a list of usernames and passwords for administrative access to the database on the internet.  (https://krebsonsecurity.com/2024/08/national-public-data-published-its-own-passwords/) Note to everyone:  This is why we use password managers.  Keeping spreadsheets with passwords is very risky!  Need a password manager?  Call me.  I’ll give you the first month for free!

What has been exposed?  Full name, current and past addresses, social security numbers, some email addresses and information about relatives, including some who have been deceased for years.  Having your social security number exposed is the largest of threats.

Want to see if you are on the list?   Check out https://npd.pentester.com/search  Full disclosure:  I have not hired pentester.com to scrub my data.  I’m not certain anyone can remove data from the dark web.  Pentester can tell you if you are exposed.

The most important step to protection is freeze your credit.  This is a pain in the rump, but trust me, this pain is way more enjoyable than trying to reclaim your credit history after someone fraudulently pretends to be you.  Kim Komando did a really nice job of laying out how to contact the three credit bureaus here:  https://www.komando.com/tips/money/instructions-to-freeze-your-credit/

Other Things to Watch For:
Watch your bank and credit card statements like a hawk. Change your passwords.  While you are at it, change the passwords on your email accounts too!

Medical Explanation of Benefits (EOB):  Watch for services you did not receive and notify health care facilities and insurance companies immediately if you see false charges.

Urgent Emails: Double check and then triple check the sending address.  If you are replying, verify the address before you hit send. It is easy to spoof an email address and even easier to modify a signature line.    If there is any doubt, manually lookup the address and/or phone number and call them.  DO NOT trust the signature line!

If you have loved ones,  please share this!

Until Next Month,
Stay Safe,

Janet