A complaint submitted to the US District Court for the Southern District of Florida claims the exposed personal data belongs to a public records data provider named National Public Data, which specializes in background checks and fraud prevention.
What’s with these companies nobody has heard of causing massive fuck ups?
Because companies you’ve never heard of are the ones doing the infrastructure and data warehousing for the public-facing companies you have heard of.
The personal data of 2.9 billion people, which includes full names, former and complete addresses going back 30 years, Social Security Numbers, and more, was stolen from National Public Data by a cybercriminal group that goes by the name USDoD. The complaint goes on to explain that the hackers then tried to sell this huge collection of personal data on the dark web to the tune of $3.5 million. It’s worth noting that due to the sheer number of people affected, this data likely comes from both the U.S. and other countries around the world.
What makes the way National Public Data did this more concerning is that the firm scraped personally identifiable information (PII) of billions of people from non-public sources. As a result, many of the people who are now involved in the class action lawsuit did not provide their data to the company willingly.
What exactly makes this company so different from the hacking group that breached them? Why should they be treated differently?
I feel like that might be bad phrasing on the part of the article. They mainly aggregate public records, like legal document style public records, and they also scrapped data from not-(public record) data, which isn’t the same as (not-public) record data.
I feel like I would want more details to be sure though, but scrapping usually refers to “generally available” data.
That all depends. If they’re pulling that private data for use in questionnaires, the terms may not allow them to save it, but they scrape it from the form.
Oh well I feel at this point every man woman and child already had this done to them in United States and our government not doing shit about it.
Just got this bullshit offer from Ticketmaster for one of their breaches and they are only offering 1 year free credit monitoring.
I read “free credit monitoring” as allowing your name to get on another list to be sold.
With a breach of this size, I think we’re officially at the point where the data about enough people is out there and knowledge based questions for security should be considered unsafe. We need to come up with different authentication methods.
You get a private key! And you get a private key! And you get a private key!
We have different authentication methods. The hard bit is persuading people to use them.
Tying a password to a browser or device isn’t going to make it any easier. Use a password manager and set unique string passwords for everything. If the app supports it, use FIDO physical keys instead of Passkeys
Even better would be to use certificates instead of passwords. What if every website gave you a certificate signed by them, and you store that in your password manager automatically.
Maybe that’s what passkeys are… Haven’t read up on them at all.
… passkeys basically do all this without you having to know how. Your device /is/ the physical key and /you/ are the secondary auth. It honestly doesn’t get any easier for the user.
Pirate keys for sure. Not using one is just asking for a stranger to grab your booty.
And again they will fail to punish the company responsible for protecting this data for their criminal neglience.
