CBS News
Hackers may have stolen the Social Security numbers of all Americans. Here’s what to know.
A new lawsuit is claiming hackers have gained access to the personal information of “billions of individuals,” including their Social Security numbers, current and past addresses and the names of siblings and parents — personal data that could allow fraudsters to infiltrate financial accounts or take out loans in their names.
The allegation arose in a lawsuit filed earlier this month by Christopher Hofmann, a California resident who claims his identity theft protection service alerted him that his personal information had been leaked to the dark web by the “nationalpublicdata.com” breach. The lawsuit was earlier reported by Bloomberg Law.
The breach allegedly occurred around April 2024, with a hacker group called USDoD exfiltrating the unencrypted personal information of billions of individuals from a company called National Public Data (NPD), a background check company, according to the lawsuit. Earlier this month, a hacker leaked a version of the stolen NPD data for free on a hacking forum, tech site Bleeping Computer reported.
That hacker claimed the stolen files include 2.7 billion records, with each listing a person’s full name, address, date of birth, Social Security number and phone number, Bleeping Computer said.
NPD didn’t immediately respond to a request for comment.
Here’s what to know about the alleged hack.
What is National Public Data?
National Public Data is a data company based in Coral Springs, Florida, that provides background checks for employers, investigators and other businesses that want to check people’s backgrounds. Its searches include criminal records, vital records, SSN traces and more information, its website says.
What happened with the USDoD hack?
According to the new lawsuit, USDoD on April 8 posted a database called “National Public Data” on the dark web, claiming to have records for about 2.9 billion individuals. It was asking for a purchase price of $3.5 million, the lawsuit claims.
However, Bleeping Computer reported that the file was later leaked for free on a hacker forum, as noted above.
Did NPD alert individuals about the hack?
It’s unclear, although the lawsuit claims that NPD “has still not provided any notice or warning” to Hoffman or other people affected by the breach.
“In fact, upon information and belief, the vast majority of Class Members were unaware that their sensitive [personal information] had been compromised, and that they were, and continue to be, at significant risk of identity theft and various other forms of personal, social, and financial harm,” the lawsuit claims.
Information security company McAfee reported that it hasn’t found any filings with state attorney generals. Some states require companies that have experienced data breaches to file reports with their AG offices.
What should I do to protect my information?
Security experts recommend that consumers put freezes on their credit files at the three big credit bureaus, Experian, Equifax and TransUnion.
Freezing your credit is free, and it will stop bad actors from taking out loans or opening credit cards in your name.
You can also get a tracking service that will alert you if your data appears on the dark web. And you should make sure to enroll in two-factor authentication, which will make it tougher for hackers to get access to your accounts.
Watch CBS News
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.
Watch CBS News
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.
CBS News
Yellowstone hiker burned when she falls into scalding water near Old Faithful, park officials say
Yellowstone National Park, Wyo. — A New Hampshire woman suffered severe burns on her leg after hiking off-trail in Yellowstone National Park and falling into scalding water in a thermal area near the Old Faithful geyser, park officials said.
The 60-year-old woman from Windsor, New Hampshire, along with her husband and their leashed dog were walking off a designated trail near the Mallard Lake Trailhead on Monday afternoon when she broke through a thin crust over the water and suffered second- and third-degree burns to her lower leg, park officials said. Her husband and the dog weren’t injured.
The woman was flown to Eastern Idaho Regional Medical Center in Idaho Falls, Idaho for treatment.
National Park Service / Jacob W. Frank
Park visitors are reminded to stay on boardwalks and trails in hydrothermal areas and exercise extreme caution. The ground in those areas is fragile and thin and there’s scalding water just below the surface, park officials said.
Pets are allowed in limited, developed areas of Yellowstone park but are prohibited on boardwalks, hiking trails, in the backcountry and in thermal areas.
The incident is under investigation. The woman’s name wasn’t made public.
This is the first known thermal injury in Yellowstone in 2024, park officials said in a statement. The park had recorded 3.5 million visitors through August this year.
Hot springs have injured and killed more people in Yellowstone National Park than any other natural feature, the National Park Service said. At least 22 people have died from hot spring-related injuries in and around the 3,471-square-mile national park since 1890, park officials have said.