About 2.9 billion people may have had their personal information stolen, according to lawsuit documents.
A federal class-action lawsuit claims a hacking group gained access to the network of National Public Data — a company that performs background checks — stole unencrypted information and released most of that data on the dark web.
Steve Grobman, chief technology officer at McAfee, believes this may be one of the worst data breaches ever.
"We know that National Public Data had a large breach earlier this year, and what really makes this one stand out is the quantity of the data. It was close to 3 billion records, and that's an astounding number," Grobman said. "There's only 330 million people living in the U.S., so 3 billion records related to personal information, previous places of work, or residence, sensitive personal data like Social Security numbers — it's really an astounding data leak."
National Public Data has confirmed the hack, claiming a "third-party bad actor" leaked data in April and over the summer.
The stolen information includes Social Security numbers, home addresses, phone numbers, and dates of birth.
RELATED STORY | Lawsuit filed in potential data breach impacting billions
"What makes this breach a little bit different is some of the data is also about relationships — so who are your family members, who are people that you've worked with — and this makes consumers susceptible to all sorts of other types of attacks," Grobman said.
And the tech expert says the advancement and use of artificial intelligence make this even more worrisome, such as if a cybercriminal can use the data to help them impersonate a loved one. With AI generation, you could receive a call from someone claiming to be a relative asking for money, and Grobman said the hackers can then use this data to track family ties and put more scams together.
"The exact same thing is true for work. So because it's such a massive data dump with things including where people work and have previously worked, you can get an email from what comes across as a former colleague saying that they're on hard times, asking for money or asking for you to be a reference for a job, but the reference company needs additional information," Grobman said. "So it's all of these different scenarios that consumers need to be on their guard."
While it's unclear at this point exactly how many Americans were impacted, cybersecurity experts believe it's possible millions of Social Security numbers could have been leaked.
Grobman urges people to start monitoring their credit, financial history and transactions now.
RELATED STORY | Nearly all AT&T customers' text, phone records impacted by massive data breach
"Just having that constant vigilance of always having those good digital street smarts, taking advantage of the best technology that's available, including things like dark-web monitoring — so signing up for services that monitor if your information has been leaked to the dark web where it can be used by cybercriminals for some of these different attacks," Grobman said.
Besides using a service to monitor your personal information online, experts stress the importance of tightening up your online security. This could mean using multi-factor authentication, changing your passwords as an extra precaution and using different passwords for different websites.
"When a password is part of a data breach, what the cybercriminals will do is they'll try that email password combination on all sorts of other sites. So if you're sharing passwords between different sites, you need to stop doing that," Grobman said.
Although this information was recently leaked, cybercriminals may not use it for a while, so experts recommend people stay vigilant for the coming months.
This story was originally by Larissa Scott at Scripps News Tampa Bay.