Just freeze your credit. It is the simplest and easiest solution. It sucks, but it seems to be the best utensil to eat the shit sandwich we’ve been fed.
It doesn’t even suck that bad. Last time I had to unlock mine, I saw that the previous unlocking had been two years earlier. Each time I have to do it, I set an end date and it automatically relocks. Whole process takes maybe 10 minutes for the big 3 credit bureaus.
It’s better than the previous class action which got you nothing but a slight discount on a future Ticketmaster purchase to a very select number of concerts.
A complaint submitted to the US District Court for the Southern District of Florida claims the exposed personal data belongs to a public records data provider named National Public Data, which specializes in background checks and fraud prevention.
What’s with these companies nobody has heard of causing massive fuck ups?
The personal data of 2.9 billion people, which includes full names, former and complete addresses going back 30 years, Social Security Numbers, and more, was stolen from National Public Data by a cybercriminal group that goes by the name USDoD. The complaint goes on to explain that the hackers then tried to sell this huge collection of personal data on the dark web to the tune of $3.5 million. It’s worth noting that due to the sheer number of people affected, this data likely comes from both the U.S. and other countries around the world.
What makes the way National Public Data did this more concerning is that the firm scraped personally identifiable information (PII) of billions of people from non-public sources. As a result, many of the people who are now involved in the class action lawsuit did not provide their data to the company willingly.
What exactly makes this company so different from the hacking group that breached them? Why should they be treated differently?
I feel like that might be bad phrasing on the part of the article. They mainly aggregate public records, like legal document style public records, and they also scrapped data from not-(public record) data, which isn’t the same as (not-public) record data.
I feel like I would want more details to be sure though, but scrapping usually refers to “generally available” data.
With a breach of this size, I think we’re officially at the point where the data about enough people is out there and knowledge based questions for security should be considered unsafe. We need to come up with different authentication methods.
Tying a password to a browser or device isn’t going to make it any easier. Use a password manager and set unique string passwords for everything. If the app supports it, use FIDO physical keys instead of Passkeys
Even better would be to use certificates instead of passwords. What if every website gave you a certificate signed by them, and you store that in your password manager automatically.
Maybe that’s what passkeys are… Haven’t read up on them at all.
There are only 1 billion SSNs possible with 9 digits, and at most around 350M living people who have them (the US population). This breach is international but SSN is a US thing.
And not all 9-digit numbers are used, so there are fewer than a billion. It sucks when organizations store them because the search space is so small it’s relatively easy to unhash them in a stolen database.
A lot of businesses use the last 4 digits separately for some purposes, which means that even if it’s salted, you are only getting 110,000 total options, which is trivial to run through.
9 digit social security number specifically might be, but a unique number tied to you that is often used as identification when it really shouldn’t isn’t, it’s a shitshow that has been implemented in many countries around the world.
The Finnish version was called an SSN originally for example, though now its a “henkilötunnus”, personal identity code.
I tried freezing my credit but I think transunion and equifax wouldn’t let me create an account for some reason. Asking me to call them. Anybody else running into the same issue?
Are you proxying or using a VPN to access their site. I often see IP blocks, even if that proxy is a simple socks proxy to a VPS i own. Many VPS subnets are blocked/restricted wholesale, as are many of the big VPN endpoint ips.
I know Ticketmaster just sent out millions of “sorry we got hacked, freeze your credit for free with this code” letters. Maybe they’re struggling to keep up with demand.