News 2.9 billion hit in one of largest data breaches ever — full names, addresses and SSNs exposed

[admin]

Class action lawsuit in Florida has revealed that hackers stole a database full of sensitive information on 2.9 billion people before they tried selling it on the dark web.

2.9 billion hit in one of largest data breaches ever — full names, addresses and SSNs exposed : Read more

 

[Fox Tread3]

August 6, 2024 - First of all, I think the way National Public Data goes about getting data. Should be considered illegal, and stopped immediately. They are invading the privacy of BILLIONS of people without their knowledge. I think the Credit reporting companies ("agencies"🤨 😏) are far too powerful as it is. So why is it necessary for a company like National Public Data to exist in the first place? U.S. and foreign countries' regulatory agencies are all over companies like Google and Microsoft for invading the public's privacy and using the personal data they collect to sell to other companies. These companies get their data in a fairly "transparent" way. However, National Public Data gets the data it sells in complete secrecy, and I believe violates existing privacy laws. I fortunately can limit to some degree my exposure online, and the data collected by companies and services I deal with. However, I do not use options offered by companies and services to have "convenience" payments like Auto-pay etc. Companies and corporations of every stripe have proven that they are incapable of keeping the important data of their customers safe. I pay my ISP extra every month to get a bill in the mail, and to pay by check. Lastly, I think it is almost criminal for various services to demand that customers that want to use their services. Have to have a credit/debit cards that the company can automatically charge every payment date. There is no reason why, a customer cannot make a payment via card upon the request of the servicing or streaming company. This is an example of government regulators ignoring the egregious business models of many large companies and corporations.

 

[CyberHunk]

August 6, 2024 - First of all, I think the way National Public Data goes about getting data. Should be considered illegal, and stopped immediately. They are invading the privacy of BILLIONS of people without their knowledge. I think the Credit reporting companies ("agencies"🤨 😏) are far too powerful as it is. So why is it necessary for a company like National Public Data to exist in the first place? U.S. and foreign countries' regulatory agencies are all over companies like Google and Microsoft for invading the public's privacy and using the personal data they collect to sell to other companies. These companies get their data in a fairly "transparent" way. However, National Public Data gets the data it sells in complete secrecy, and I believe violates existing privacy laws. I fortunately can limit to some degree my exposure online, and the data collected by companies and services I deal with. However, I do not use options offered by companies and services to have "convenience" payments like Auto-pay etc. Companies and corporations of every stripe have proven that they are incapable of keeping the important data of their customers safe. I pay my ISP extra every month to get a bill in the mail, and to pay by check. Lastly, I think it is almost criminal for various services to demand that customers that want to use their services. Have to have a credit/debit cards that the company can automatically charge every payment date. There is no reason why, a customer cannot make a payment via card upon the request of the servicing or streaming company. This is an example of government regulators ignoring the egregious business models of many large companies and corporations.

Exactly this. These companies are no different than the hackers who steal people's personal information.

 

[Big Willie!]

Until the penalties for allowing these hacks are severe, these data aggregators will never have the same care and concern for our data as we do. But, as always, business donors and lobbyists are the primary constituents of our elected leaders, and laws and regulations will always favor businesses over individuals.

 

[say what boy]

Class action lawsuit in Florida has revealed that hackers stole a database full of sensitive information on 2.9 billion people before they tried selling it on the dark web.

2.9 billion hit in one of largest data breaches ever — full names, addresses and SSNs exposed : Read more

Where do you come up with that number pull it out of rabbit's ass that would be the population of China and India and maybe another small country we only have 400 million in this country

 

[rgd1101]

if you read the article , it is from the source on bloomberglaw

 

[COLGeek]

Where do you come up with that number pull it out of rabbit's ass that would be the population of China and India and maybe another small country we only have 400 million in this country

Explained in article..."The personal data of 2.9 billion people, which includes full names, former and complete addresses going back 30 years..."

The big take away here is that internet connected entities, across the board, do not protect user data. Else, it wouldn't be so easily accessible for such aggregators.

People leave a digital footprint, no matter how diligent they are, those we do business with are NOT. Scraping that exposed data has become almost trivial, unfortunately.

Rules must change if this is going to improve.

 

[TheWerewolf]

Explained in article..."The personal data of 2.9 billion people, which includes full names, former and complete addresses going back 30 years..."

The big take away here is that internet connected entities, across the board, do not protect user data. Else, it wouldn't be so easily accessible for such aggregators.

People leave a digital footprint, no matter how diligent they are, those we do business with are NOT. Scraping that exposed data has become almost trivial, unfortunately.

Rules must change if this is going to improve.

That's not actually an explanation relevant to his question.

SSNs are unique to the US. Canada has SINs and the UK has NI numbers, for example. There are only 340M people in the US and so even taking into account 30 years of data, 2.9B is almost nine times the entire population of the US.

If the article had said 2.9 billion distinct records, that would be possible, with multiple records per person (although, again nine records per person?).

Alternatively, this is world data, but then why mention SSNs repeatedly when that's not relevant for most of the records (ie: 2.5B of the 2.9B, more or less?)

Moreso, if the data includes past addresses for people going back 30 years, while this has its own issues, that data is less dangerous.

In any case, other countries DO have laws against this sort of thing. That's what the GPDR and the EU data privacy laws are about. If this company has scraped data for Europeans, then they're going to get railed by the EU. The main problem is the US which is so protective of businesses' rights over citizens' rights that they'll never bring in that strict a set of laws to protect the public from this kind of infringement of privacy.

 

[JaniceIce]

That's not actually an explanation relevant to his question.

SSNs are unique to the US. Canada has SINs and the UK has NI numbers, for example. There are only 340M people in the US and so even taking into account 30 years of data, 2.9B is almost nine times the entire population of the US.

If the article had said 2.9 billion distinct records, that would be possible, with multiple records per person (although, again nine records per person?).

Alternatively, this is world data, but then why mention SSNs repeatedly when that's not relevant for most of the records (ie: 2.5B of the 2.9B, more or less?)

Moreso, if the data includes past addresses for people going back 30 years, while this has its own issues, that data is less dangerous.

In any case, other countries DO have laws against this sort of thing. That's what the GPDR and the EU data privacy laws are about. If this company has scraped data for Europeans, then they're going to get railed by the EU. The main problem is the US which is so protective of businesses' rights over citizens' rights that they'll never bring in that strict a set of laws to protect the public from this kind of infringement of privacy.

Since 1936, about 500 million SSNs have been issued. This 2.9B click-bait article is WAY over exaggerated.

 

[COLGeek]

Since 1936, about 500 million SSNs have been issued. This 2.9B click-bate article is WAY over exaggerated.

Source? That number would seem low.

A lot of people have existed over the last thirty years, more than the existing population at one given time.

Even if 2.9B is over the mark, the impact of this latest hack is massive and highlights the poor data protection mechanisms (added to outright selling of data) in place. Correlating all that data is trivial (in a manner of speaking) given the tools available to sift through all of this data.

From personal experience, I have been notified via multiple monitoring services (all provided free due to previous incidents) about my own personal data being in this pile. Much of it is very dated and wrong. Some is correct and that is indeed worrisome.

 

[Enkimoré]

A data breach is the best way to launder money with fake political, faith, and countless ways of donation using your information. We can debate who's to blame but the real reason is for money laundering.

 

[Anthony Spadafora]

Where do you come up with that number pull it out of rabbit's ass that would be the population of China and India and maybe another small country we only have 400 million in this country

I get that 2.9 billion might sound a bit ridiculous. However, that figure is straight from the complaint which I linked out to in the first section. Unlike when hackers break into companies and steal their data, scraping companies like this have the whole internet to collect data from. What makes this case worse than usual is that National Public Data was collecting data from both public and non-public sources online.

 

[Anthony Spadafora]

Since 1936, about 500 million SSNs have been issued. This 2.9B click-bait article is WAY over exaggerated.

A large operation like this one would be collecting data on people from all around the world and not just the US. That's why more people are affected than there are SSNs for.

 

[USAFRet]

1. Approx 450 million SSNs have been issued.
https://en.wikipedia.org/wiki/Social_Security_number

2. "It's worth noting that due to the sheer number of people affected, this data likely comes from both the U.S. and other countries around the world."

3. Nowhere does it say every record includes a SSN.

4. "The personal data of 2.9 billion people, which includes full names, former and complete addresses going back 30 years, Social Security Numbers, and more,

John Smith, 123 Main Street, 123-45-6789
John Smith, 47 Elm St, 123-45-6789

Same person, 2 database entries.

 

[Fox Tread3]

Exactly this. These companies are no different than the hackers who steal people's personal information.

Thank you for your comments. I'm old, so I won't be around long, but I hope more people that are affected by these onerous business practices. Will demand major changes in the business models of companies who just barely operate within the law. People have to educate themselves, be less complacent , and less reliant on the "good will" of companies and corporations hoping that they will act responsibly.

 

[Fox Tread3]

Until the penalties for allowing these hacks are severe, these data aggregators will never have the same care and concern for our data as we do. But, as always, business donors and lobbyists are the primary constituents of our elected leaders, and laws and regulations will always favor businesses over individuals.

"our elected leaders, and laws and regulations will always favor businesses over individuals." My hope is that more people will become concerned enough to demand a change in the "business as usual" model here in the states. I'm not a big fan of the unelected bureaucrats in the E.U. But they are definitely doing God's work in addressing illegal and unfair business practices, that the U.S. Congress can't ignore forever. There will hopefully be more people saying things like.. "Hey.. that's illegal in the E.U.... why isn't here?!" I do think that the E.U. can go overboard with some of its regulations and laws, especially when it comes to what appears to be anti-American business bias. However, they are doing something. It can happen in the U.S. also, and I am particularly fond of "Class action lawsuits" for the right reasons of course. Stay well.

 

[Tim Eckel]

Since 1936, about 500 million SSNs have been issued. This 2.9B click-bait article is WAY over exaggerated.

My info was part of this data breach. I have 6 different records containing my information. Each has a variation of details (different address, different email, different name). So it's quite possible there's an average of 9 records per person in this database. The database just isn't de-duped, which is very common for this kind of information, as the goal is to collect as much as possible, not necessarily the most accurate. It's also good for selling this information (either as a "legit" validation service or on the dark web) as it commands a higher value and there's more matches.

It's really not that hard to understand how there could be 2. 9 billion records with onky 500 million social security numbers.