MILWAUKEE — Billions of records containing Americans’ private information have been exposed on the dark web.
The cybercriminal group ‘USDoD’ claimed it stole the records back in April from National Public Data, a background-checking company. NPD collects data from public record databases, national and state databases, and court records.
Information stolen includes names, address histories, social security numbers, birthdays, and aliases.
“Initially, this data was put on the dark web for sale for $3.5 million, and then just a couple days later, the bad guys gave it away for free, so this information will be used and abused many different times,” said Alex Holden, Chief Information Security Officer for Hold Security.
He said over 200 million people might be impacted by this breach.
According to their website, NPD services are used by private investigators, consumer public record sites, human resources, staffing agencies, and more.
“This is one of the biggest by volume exposure for us Americans and our data,” said Holden.
Watch: Social security numbers exposed, cybersecurity expert weighs in
National Public Data acknowledged the security incident on its website.
Those affected could be at risk of identity theft and financial fraud.
“The fact that this information was stolen and the fact that this information was not properly encrypted and protected is what disturbs me quite a bit,” said Holden.
A class-action lawsuit was filed in U.S. District Court in Fort Lauderdale.
Holden showed TMJ4 News just how easy it was to get on the dark web and access the data.
It’s the latest in a series of high-profile hacking cases.
Previous Coverage: 'We’re just stuck waiting’: no end in sight for Ascension system outage (tmj4.com)
Previous Coverage: Cybersecurity expert looks at what might be behind Ascension cyberattack (tmj4.com)
“I’m concerned but also aware that I really can't do anything about it because the powers that be won't do anything about it,” said Shannon.
TMJ4 News went to the Milwaukee Public Market to gauge the level of concern among people following this major breach.
“It's been something that's been in the back of my mind, but it's definitely in the front of my mind now,” said Darius.
Cybersecurity experts like Holden started noticing messages on the dark web a few weeks ago regarding the breach.
An investigation is underway into how the data was stolen and why it wasn’t better protected.
“I think in the coming weeks we'll get more guidance, including from the government and appropriate agencies, giving us, hopefully, more peace of mind on how we can be safeguarded because the investigation is still pending,” said Holden.
Holden recommended people be vigilant and use good cybersecurity hygiene. That means changing passwords, not clicking on suspicious links, and keeping your devices up-to-date.
He also said it was a good idea to lock up your credit with all three credit agencies and sign up for credit and ID protection.
“Go on with your daily life, but be more cognizant about cybersecurity and its impact,” said Holden. “Protect your identity through the available tools.”
NPD said it will try to notify those impacted by the breach.
Equifax: equifax.com/personal/credit-report-services or 1-800-685-1111
Experian: experian.com/help or 1-888-397-3742
TransUnion: transunion.com/credit-help or 1-888-909-8872
It’s about time to watch on your time. Stream local news and weather 24/7 by searching for “TMJ4” on your device.
Available for download on Roku, Apple TV, Amazon Fire TV, and more.