Good morning, and welcome to the Essential California newsletter. It’s Sunday, Aug. 18. I’m your host, Andrew J. Campa. Here’s what you need to know to start your weekend:
Newsletter
Sign up for Essential California
The most important California stories and recommendations in your inbox every morning.
You may occasionally receive promotional content from the Los Angeles Times.
Millions of Americans may have had sensitive information leaked
The company whose data breach may have jeopardized every American’s Social Security number and left them vulnerable to identity theft recently made two public admissions about the incident.
The first was an acknowledgment the data theft actually happened, something National Public Data, a Florida-based company that collects personal information for background checks, resisted doing for months.
The company posted a “Security Incident” notice on its site to report “potential leaks of certain data in April 2024 and summer 2024.” The company said the breach appeared to involve a third party “that was trying to hack into data in late December 2023.”
National Public Data also recognized that more personal data may have been released than was previously reported, leaving those affected at graver risk of potential fraud.
What happened?
The hacking group USDoD claimed in April to have stolen personal records of 2.9 billion people from National Public Data, according to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Fla.
Posting in a forum popular among hackers, the group offered to sell the data for $3.5 million, a cybersecurity expert said in a post on X.
A purported member of USDoD said last week they were offering “the full NPD database,” according to a screenshot taken by BleepingComputer.
The information consists of about 2.7 billion records. Each includes a person’s full name, address, date of birth, Social Security number and phone number, along with alternate names and birth dates, the member claimed.
What’s new?
National Public Data acknowledged the breach also included email addresses — a crucial piece for identity thieves and fraudsters.
Having a person’s email address makes it easier to target them with phishing attacks, which try to dupe people into revealing passwords to financial accounts or downloading malware that can extract sensitive personal information from devices.
In addition, because many people use their email address to log into online accounts, it could be used to try to hijack those accounts through password resets.
Finding out who was hacked
A free tool from the cybersecurity company Pentester found that other personal data purportedly exposed by the breach, including Social Security numbers, were on the dark web.
National Public Data said on its website that it will notify individuals if there are “further significant developments” applicable to them.
At this point, it appears that the only notice provided by National Public Data is the page on its website, which states, “We are notifying you so that you can take action which will assist to minimize or eliminate potential harm. We strongly advise you to take preventive measures to help prevent and detect any misuse of your information.”
How to protect yourself
The steps recommended by National Public Data include checking your financial accounts for unauthorized activity and placing a free fraud alert on your accounts at the three major credit bureaus, Equifax, Experian and TransUnion.
Once you’ve placed a fraud alert on your accounts, the company advised, ask for a free credit report, then check it for accounts and inquiries that you don’t recognize. “These can be signs of identity theft.”
Security experts also advise putting a freeze on your credit files at the three major credit bureaus. You can do so for free, and it will prevent criminals from taking out loans, signing up for credit cards and opening financial accounts under your name.
The catch is that you’ll need to remember to lift the freeze temporarily if you are obtaining or applying for something that requires a credit check.
In the meantime, security experts say, make sure all of your online accounts use two-factor authentication to make them harder to hijack.
For more on the hack and on tips to protect yourself, check out the latest from editor Jon Healey.
The week’s biggest stories
Crime, courts and policing
Election 2024
In memoriam
- BeatKing, the Houston rapper also known as Club Godzilla, dies at 39.
- Maurice Williams, writer and lead singer of ‘Stay,’ dies at 86.
- Maxie Solters, entertainment publicist who joined a family business, dies at 37.
- Wally Amos, founder of Famous Amos cookies and its famous L.A. store on Sunset, has died.
- Jack Russell, Great White frontman who survived deadly nightclub fire, dies at 63.
Climate California
City and state news
More big stories
Get unlimited access to the Los Angeles Times. Subscribe here.
Column One
Column One is The Times’ home for narrative and longform journalism. Here’s a great piece from this week:
For nearly a decade, Los Angeles has touted its sweeping earthquake safety ordinance — the nation’s toughest, which requires thousands of buildings to be evaluated and strengthened if necessary. But city officials never made it easy for Angelenos to look up retrofit information about their building.
More great reads
How can we make this newsletter more useful? Send comments to [email protected].
For your weekend
Going out
Staying in
L.A. Affairs
Get wrapped up in tantalizing stories about dating, relationships and marriage.
A few days later, we met up at Teaspoon, one of the many boba spots on Sawtelle Boulevard. Toward the end of our time together, he put his elbow on the table and raised his open palm. I thought maybe he was challenging me to arm wrestle. Did he know I used to beat all the boys in elementary school? He asked me to put my palm to his. He made sure I was OK with it. I didn’t hesitate. It felt good.
Have a great weekend, from the Essential California team
Andrew J. Campa, reporter
Carlos Lozano, news editor
Check our top stories, topics and the latest articles on latimes.com.