This piece was first published in the SM Daily Journal.
In the first half of 2024, there were 1,571 data breaches reported, which is a 14% increase to the same time period in 2023.
On July 2, 2024, what is believed to be the largest password compilation of 10 billion records was leaked.
Now that there’s a class action lawsuit against the company, last week background check data aggregating company National Public Data in the most nonchalant way possible announced that “there appears to have been a data incident that may have involved some of your personal data…” which first appeared for sale on the dark web in April 2024.
The file of nearly 3 billion records is 277 gigabytes uncompressed and contains information on people in the US, UK, and Canada. The file includes full name, date of birth, phone number, and social security number. There are also lots of records for previous addresses, which is why there are 3 billion records but only 453 million social security numbers have been issued to-date.
Guess what happens when smarty pants you already enabled two-factor authentication for that extra layer of security but your cell phone number is stolen via sim-swap because your cell carrier asks for now-compromised information as verification?
Cybersecurity company Pentester has created a free way for you to verify if and how much of your information has been leaked at http://npd.pentester.com.
How to freeze your credit
There are three credit bureaus you need to take action with: Experian, Equifax, and TransUnion. It’s free to do and the only downside is that if you are trying to get your credit checked to take out a loan or get a new credit card, you have to temporarily unfreeze your credit. Trust me, it’s worth the extra step.
Experian
1-800-397-3742
Equifax
1-800-916-8800
TransUnion
1-800-298-0045
Freezing your credit is easier to do online than calling in, but you’ll need to create an account with each credit bureau if you don’t already have one. You can also download their apps to your smartphone to easily manage freezing/unfreezing.
I haven’t yet been able to confirm that information from minors is showing up in the data breach, but regardless you should freeze your childrens’ credit as well. I wrote about this back in May, but it’s important enough to use my word count in this column to repeat as minor identity theft can go unnoticed for years and can be financially devastating:
“Go to your internet browser and type “freeze minor credit report Experian” (or TransUnion or Equifax – you will have to make each request separately). Make sure you are clicking on the actual domain URL of the credit bureau you are searching for and not some other website.”
Here’s what to do next.
Next, turn on two-factor authentication (2FA) for all of the online accounts that have this feature (almost all online companies will require it soon enough anyway). Ideally you use a multi-factor authentication app as opposed to receiving a text message due to the next item below. Use a password manager so you don’t repeat passwords.
Then, call your mobile carrier and enable their security measure that prevents SIM swapping so your phone number doesn’t get stolen. Carriers call this feature different things so you’ll want to talk to someone directly. It could be “port freezing”, “number lock”, “port-out protection”, “setting up your SIM security pin”, or “account lock”. Phone numbers were never designed to be records of identity, and most people have not implemented protections on their cell numbers – but when it’s stolen, you very quickly see how much you relied on your phone number as an identifier.
Lastly, check https://haveibeenpwned.com/ and see what other personal information of yours has been leaked and change all of those passwords. Until Senator Becker’s (D-San Mateo) DELETE Act (SB 362, passed January 2024) is implemented in August 2026, use tools like https://joindeleteme.com or https://www.privacybee.com which proactively remove your personal information from data brokers. Since late 2022, DeleteMe has removed my information 2,610 times from data brokers. What do you think your number will be?
These are the minimum steps you should take in order to protect your identity online. Unraveling identity theft is extremely arduous, painful, and expensive and can take years to recover from. The FTC logged over 1 million identity fraud cases in 2023, costing Americans $43 billion – do this bare minimum to minimize the probability that you are a part of 2024’s numbers.
Annie Tsai 
Comment On This Post: