© 2024 CoolTechZone - Latest tech news,
product reviews, and analyses.

2.7 billion social security numbers emerge on the dark web


Almost 2.7 billion names, social security numbers, and other personally identifiable information (PII) was published on the dark web last week.

Allegedly, the data was stolen from National Public Data, a background check company that collects and sells access to people’s personal information when they apply for a job, or are subjected to an investigation by a private investigator.

The data was collected by scraping public sources from people living in the United Kingdom, United States, and Canada.

The data first presented itself in April, when a threat actor called ‘USDoD’ offered them for sale for $ 3.5 million. Since then, the dataset has been offered multiple times , each time by a different hacker.

BleepingComputer found out that a threat actor with the moniker ‘Fenice’ provided the most extensive version of the stolen data from National Public Data on a hacking forum on the dark web. He claims that the dataset has been breached by a hacker called ‘SXUL’ rather than USDoD.

The dataset is 277 GB in size and contains approximately 2.7 billion plaintext records. It consists of full names, email addresses, post addresses, social security numbers, and in some cases additional information.

However, there are doubts about the legitimacy of the dataset. Several people confirmed to BleepingComputer that their social security number was associated with other people they don’t know. In some cases, the social security number belonged to a deceased person.

Lastly, at least a part of the leaked information is outdated, because it doesn’t contain the current address of all people. That could mean the data was taken from an old backup.

The data breach has led to a class-action lawsuit against Jerico Pictures, who’s doing business as National Public Data. According to the filing, the complaint is launched against the defendant “for its failure to properly secure and safeguard the personally identifiable information that it collected and maintained as part of its regular business practices”.


Leave a Reply

Your email address will not be published. Required fields are marked