Thu. Nov 21st, 2024
Occasional Digest - a story for you

Good morning, and welcome to the Essential California newsletter. It’s Sunday, Aug. 18. I’m your host, Andrew J. Campa. Here’s what you need to know to start your weekend:

Millions of Americans may have had sensitive information leaked

The company whose data breach may have jeopardized every American’s Social Security number and left them vulnerable to identity theft recently made two public admissions about the incident.

The first was an acknowledgment the data theft actually happened, something National Public Data, a Florida-based company that collects personal information for background checks, resisted doing for months.

The company posted a “Security Incident” notice on its site to report “potential leaks of certain data in April 2024 and summer 2024.” The company said the breach appeared to involve a third party “that was trying to hack into data in late December 2023.”

National Public Data also recognized that more personal data may have been released than was previously reported, leaving those affected at graver risk of potential fraud.

What happened?

The hacking group USDoD claimed in April to have stolen personal records of 2.9 billion people from National Public Data, according to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Fla.

Posting in a forum popular among hackers, the group offered to sell the data for $3.5 million, a cybersecurity expert said in a post on X.

A purported member of USDoD said last week they were offering “the full NPD database,” according to a screenshot taken by BleepingComputer.

The information consists of about 2.7 billion records. Each includes a person’s full name, address, date of birth, Social Security number and phone number, along with alternate names and birth dates, the member claimed.

What’s new?

National Public Data acknowledged the breach also included email addresses — a crucial piece for identity thieves and fraudsters.

Having a person’s email address makes it easier to target them with phishing attacks, which try to dupe people into revealing passwords to financial accounts or downloading malware that can extract sensitive personal information from devices.

In addition, because many people use their email address to log into online accounts, it could be used to try to hijack those accounts through password resets.

Finding out who was hacked

A free tool from the cybersecurity company Pentester found that other personal data purportedly exposed by the breach, including Social Security numbers, were on the dark web.

National Public Data said on its website that it will notify individuals if there are “further significant developments” applicable to them.

At this point, it appears that the only notice provided by National Public Data is the page on its website, which states, “We are notifying you so that you can take action which will assist to minimize or eliminate potential harm. We strongly advise you to take preventive measures to help prevent and detect any misuse of your information.”

How to protect yourself

The steps recommended by National Public Data include checking your financial accounts for unauthorized activity and placing a free fraud alert on your accounts at the three major credit bureaus, Equifax, Experian and TransUnion.

Once you’ve placed a fraud alert on your accounts, the company advised, ask for a free credit report, then check it for accounts and inquiries that you don’t recognize. “These can be signs of identity theft.”

Security experts also advise putting a freeze on your credit files at the three major credit bureaus. You can do so for free, and it will prevent criminals from taking out loans, signing up for credit cards and opening financial accounts under your name.

The catch is that you’ll need to remember to lift the freeze temporarily if you are obtaining or applying for something that requires a credit check.

In the meantime, security experts say, make sure all of your online accounts use two-factor authentication to make them harder to hijack.

For more on the hack and on tips to protect yourself, check out the latest from editor Jon Healey.

The week’s biggest stories

Exterior of a business building with rounded archways.

Crime, courts and policing

Election 2024

In memoriam

Climate California

City and state news

More big stories

Get unlimited access to the Los Angeles Times. Subscribe here.

Column One

Column One is The Times’ home for narrative and longform journalism. Here’s a great piece from this week:

Animation of various buildings shaking

(Jim Cooke / Los Angeles Times)

For nearly a decade, Los Angeles has touted its sweeping earthquake safety ordinance — the nation’s toughest, which requires thousands of buildings to be evaluated and strengthened if necessary. But city officials never made it easy for Angelenos to look up retrofit information about their building.

More great reads

How can we make this newsletter more useful? Send comments to [email protected].

For your weekend

Photo of comedian and actress Awkwafina surrounded by illustrations of a karaoke machine, smoothie, wine, pizza and more

(Illustration by Lindsey Made This; photo by Evan Agostini/Invision/AP)

Going out

Staying in

L.A. Affairs

Get wrapped up in tantalizing stories about dating, relationships and marriage.

The guy from the 9th floor and the thrill of a requited flirtation

( Illustration by Holly Farndell / For the Times for Leslee Komaiko essay)

A few days later, we met up at Teaspoon, one of the many boba spots on Sawtelle Boulevard. Toward the end of our time together, he put his elbow on the table and raised his open palm. I thought maybe he was challenging me to arm wrestle. Did he know I used to beat all the boys in elementary school? He asked me to put my palm to his. He made sure I was OK with it. I didn’t hesitate. It felt good.

Have a great weekend, from the Essential California team

Andrew J. Campa, reporter
Carlos Lozano, news editor

Check our top stories, topics and the latest articles on latimes.com.

Source link