Another data breech

hank

Identity Guard notified me last week my Social Security number has been found circulating on the dark web - apparently from this incident:

National Public Data (NPD)
Aug 11, 2024

They recommend locking my credit files, which I already do to the greatest extent possible. I went a step further and locked all my debit and / or credit cards held through Fidelity, plus one other provider. I’ll unlock the cards only for major purchases and / or travel. I’ll rely mainly for small incidental purchases on my local credit union account (no credit line) which typically holds only $300-$500. I wasn’t too surprised my SS number is out there, having been a victim of identity theft 15-20 years ago (traced back to somewhere in Russia).

One fly in the above ointment is that waiting to unlock a card until you arrive at a hotel to check in somewhere would involve logging in to your account with a less secure wifi connection than at home.

Wonder if maybe the government needs to join the 21st Century and find a better way to securely identify citizens rather than this archaic method? Simply changing the number routinely every few years would be a huge improvement. (Something Pete Buttigieg would be able to figure out were he given the responsibility.) In the referenced incident, I believe the data was stolen from a large Michigan health care provider where I have been treated on occasion over the years.

So it goes.

Anna

Yep, anyone already under a previous watch will get this about the NPD breach if they were in the database. I have been under the OPM breach and have a long-term (since 2015) ongoing watch as a result. The only warnings I have gotten before this week have been new child predator in the neighborhood type. This week I got a warning that my SS number was found and was advised to freeze and fraud-alert the three main credit bureaus. People already part of a breach probably have secured the credit bureaus but, when I received the warning, it occurred to me that this was, presumably, over a billion personal records and not all of them would have a preexisting watch.

And - it does seem that government data stores and other nationwide encompassing data stores (Heathcare) are especially attractive to the breachmasters.

Observant1

It's unfortunate these breaches are now routine.
Freezing one's credit is often a good idea to prevent criminals from opening new credit lines in your name.

Many credit card companies offer zero-liability fraud protection if fraudulent charges are reported within 30 days. The Fair Credit Billing Act limits liability to $50 if fraudulent charges are reported within 60 days of receiving your statement.

Debit card protections are not as strong.
"If you notify your bank or credit union within two business days of discovering the loss or theft of the card, the bank or credit union can’t hold you responsible for more than the amount of any unauthorized transactions or $50, whichever is less. If you notify your bank or credit union after two business days, you could be responsible for up to $500 in unauthorized transactions."

"Also, if your bank or credit union sends your statement that shows an unauthorized withdrawal, you should notify them within 60 days. If you wait longer, you could also have to pay the full amount of any transactions that occurred after the 60-day period and before you notify your bank or credit union."

Consumer Financial Protection Bureau

Crash

Hackers = lower than whale feces on the bottom of the ocean. I checked, and a fellow with a different initial is the closest that could be found exposed. Lucky this time.

a2z

for SS# breaches :
anyone try fraud watch instead of credit freeze? 26 weeks where near impossible to get new CC, leases, etc...
probably just as hard to sign up for any gov services, like IRS, SS logins.
seems some cards also let you change max charge allowed as often as needed.