Microsoft Releases Guide on National Data Breach Involving SSNs, Addresses, and More

Earlier today, we posted an update on Defender definitions concerning Windows installation images.

This incident represents a significant data breach resulting from a cyber-attack executed by the USDoD, a cybercriminal organization, affecting over 150 million individuals. Close to 3 million personal records, including sensitive information like social security numbers (SSNs), home addresses, names, and more, have been compromised.

The U.S. Committee on Oversight and Accountability has confirmed that it is conducting an investigation to ascertain how and why this breach occurred.

For those unfamiliar with the matter, National Public Data (NPD) collects information from public records, national and state databases, and court documents, including some non-public sources. This private data is subsequently sold to various entities, including background check websites, investigators, app developers, and data resellers.

In a support document, Microsoft elaborated on the situation:

In early 2024, National Public Data, a service for background checks and fraud prevention, suffered a major data breach. More than 2.7 billion records containing highly sensitive personal data of approximately 170 million individuals were exposed.

As reported by National Public Data, a malicious entity gained unauthorized access to their systems in December 2023, leaking sensitive data onto the dark web from April 2024 until the summer of 2024. The exposed data included:

• Full names
• Social Security Numbers
• Mailing addresses
• Email addresses
• Phone numbers

Consequently, the technology giant from Redmond has issued a list of recommended actions users can take to minimize their risk exposure:

Considering the type of information that has been exposed, it is advisable for consumers to undertake the following steps to mitigate risks. Unless you are fully aware of what specific data was compromised, you should assume that all types of the personal information listed were exposed. Hence, we recommend the following actions:

• For Social Security Numbers:

  • Consider placing a credit freeze with the major credit bureaus. For more information on credit freezes, refer to: How You Can Help Us Protect Your Social Security Number and Keep Your Information Safe? (ssa.gov).

  • Regularly review your credit report (annual credit report) and request free weekly credit reports (annual credit report).

  • Place a fraud alert with the major credit bureaus:

    • Transunion fraud alerts

    • Equifax fraud alerts

    • Experian fraud alerts

  • If you are aware that your social security number was compromised, reach out to the Social Security Administration at https://www.ssa.gov/agency/contact/.

  • Keep an eye on your financial accounts (banks, credit cards, lines of credit, etc.) for any suspicious activities.

• For Phone Numbers:

  • Be vigilant for phishing attempts via texts and calls. Never disclose personal information to unknown contacts.

  • Ignore messages from untrusted sources.

  • Avoid clicking on links in unexpected text messages, regardless of the sender.

• For Emails:

  • Change your email password and activate two-factor authentication.

  • Update security questions and passwords for other accounts linked to this email address.

  • Avoid opening unsolicited messages or clicking links in messages from suspicious senders.

For more details, visit the support article here on Microsoft’s official website.

Source