A new lawsuit is claiming hackers have gained access to the personal information of “billions of individuals,” including their Social Security numbers, current and past addresses and the names of siblings and parents — personal data that could allow fraudsters to infiltrate financial accounts or take out loans in their names.

The allegation arose in a lawsuit filed earlier this month by Christopher Hofmann, a California resident who claims his identity theft protection service alerted him that his personal information had been leaked to the dark web by the “nationalpublicdata.com” breach. The lawsuit was earlier reported by Bloomberg Law.

The breach allegedly occurred around April 2024, with a hacker group called USDoD exfiltrating the unencrypted personal information of billions of individuals from a company called National Public Data (NPD), a background check company, according to the lawsuit. Earlier this month, a hacker leaked a version of the stolen NPD data for free on a hacking forum, tech site Bleeping Computer reported.

  • @chrischryse
    link
    73 months ago

    But how exactly does it work when applying for something like a credit card or going to a doctors office and filling out a form? Because here in the US those ask for SSN

    • @[email protected]
      link
      fedilink
      443 months ago

      They ask for SSN because there is no other form of national ID in the US (by design). SSNs were not introduced with this use in mind in fact they were explicitly meant to not be used this way, but society has slowly twisted it into a de facto national ID.

        • srasmus
          link
          English
          253 months ago

          To track contributions and withdrawals to the social security system. Pretty much everyone in enrolled, so pretty much everyone has an SSN.

          • @Psychodelic
            link
            223 months ago

            We really are kinda fuckin dumb in the US. It’s like we’re equally deeply suspicious of our government but too dumb to understand how it works so we ends up with blind, ignorant cynicism

          • @[email protected]
            link
            fedilink
            English
            113 months ago

            And yet we have multiple of them now. Drivers license, SSN, and if you/your parent are/were military, EDIPI/DoDID.

            • @[email protected]
              link
              fedilink
              93 months ago

              Military, sure, but driver’s licenses are state-level, not federal. Health care has been using birthdate like a password (one that is largely publicly available) for way too long now. At least financial institutions can use account numbers and financial history and code words, but even all that isn’t great.

              It’s a messy patchwork, but I think at the time of the creation of the SSA, the US may have still thought of itself as a land of second chances. IBM numbering Holocaust victims probably didn’t help the idea of a national ID, nor did the victim narrative of groups like the NRA.

              I’m not sure if it’s possible not to have a national ID anymore, so denial of it just forces a terribly kludgy implementation from whatever is around.

              • @[email protected]
                link
                fedilink
                English
                83 months ago

                drivers licenses are state-level

                Are they though, with RealID requirements for new licenses now?

                • @FireTower
                  link
                  33 months ago

                  RealID is option there’s no Federal mandate for it.

                  • @[email protected]
                    link
                    fedilink
                    English
                    13 months ago

                    Sure. As long as you don’t need to

                    • access any federal buildings
                    • fly domestically
                    • exist after May 7 2025
                    • have a non-expired drivers license

                    Then it’s optional. Non-RealID isn’t offered anymore in Ohio as far as I’m aware, I’d imagine other states are the same.

                • @RestrictedAccount
                  link
                  13 months ago

                  My number did not change after Real ID. I guess it could work if you added the state postal code to it.

          • @[email protected]
            link
            fedilink
            English
            23 months ago

            I think there should be an amendment allowing the creation of a Unique Population Registry Key that uses numeric and alphabetic characters.

    • @[email protected]
      link
      fedilink
      7
      edit-2
      3 months ago

      Nordics have resolved this by having the strong digital authentication. Services like banks and tele operators work as identity providers for individuals/companies.either through mobile network or app on your phone, and these is a central service that links these together.

      This way third parties can safely identify you, and also it follows same OpenID/OAuth2.0/MFA principles, which are industry standards.

      • @untorquer
        link
        43 months ago

        Having experienced both systems the Nordic ones are well thought out, streamlined and feel extremely secure.

        The US system feels so absurdly predatory and intentionally insecure. It’s often slower, non-standardized, and glitchy(e.g. student loan stuff).

        In general, fraud is much easier in the US which is is by design as stated elsewhere in the thread.

    • The Pantser
      link
      33 months ago

      You don’t have to give anyone your SSN, especially for medical. There are ways to bill without SSN.