How to Tell If Your Social Security Number Was Compromised in Massive Data Breach

At least two websites have been set up to allow Americans to check if they’ve been compromised.
How to Tell If Your Social Security Number Was Compromised in Massive Data Breach
A Social Security card sits alongside checks from the U.S. Treasury in Washington on Oct. 14, 2021. Kevin Dietsch/Getty Images
Jack Phillips
Updated:
0:00

After a data protection company confirmed that numerous Social Security numbers were hacked, several websites have appeared this week allowing people to check if they’ve been compromised in the data breach.

A lawsuit filed in a Florida court against National Public Data alleged that cybercrime organization USDoD hacked the firm and that hackers then put the database for sale on the dark web for $3.5 million. The suit claimed that about 2.9 billion records, including names and Social Security numbers, span at least the last three decades.

The plaintiff, listed as Christopher Hoffman on behalf of others affected, has accused National Public Data of failing to “properly secure and safeguard the personally identifiable information that it collected and maintained as part of its regular business practices.”

National Public Data, in a letter and in an online statement, confirmed a data breach, although it did not say that 2.9 billion records were compromised. In a filing with the Maine Attorney General’s office, the firm said that 1.3 million people were potentially exposed.

“The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024,” stated the letter from National Public Data, a background check company.

It further confirmed that personal information such as Social Security numbers, mailing addresses, email addresses, names, phone numbers, and other data were compromised in the incident.

And in an undated statement published last week on its website, the firm confirmed the data breach and advised consumers that they should try to mitigate any potential harm associated with Social Security numbers being used for nefarious purposes. That included contacting the three major U.S. credit reporting agencies, Equifax, TransUnion, and Experian, to get a credit report.

How to Check

Since details of the incident surfaced this month, at least two third-party websites have been established to tell whether one’s Social Security number has been compromised in the breach.
One is operated by Pentester, a cybersecurity testing service, which allows a person to type their first name, last name, state, and date of birth.

A spokesman for the company, Richard Glaser, told The Epoch Times on Friday that “this data was originally for sale months ago” on the dark web.

“We are displaying a redacted version for people to know if they were affected, and if so, is the information correct that was shown about them. Many times it is not. Also, we do not store their searches on npd.pentester.com,” he said.

He also urged people whose Social Security numbers have been compromised to “protect themselves” and “be prepared” for future data breaches, adding that some websites have appeared in the wake of the data breach that may be scams.

“Use a trusted source such as pentester.com where we display information about our company and give real advice on next steps. There are some other ‘fully redacted’ sites out there storing data, compiling lists, and don’t even have a service in place. Be careful where you search. We are transparent about who exactly we are,” Glaser stated.

Another site that appeared in the past week or so is www.npdbreach.com, operated by Atlas Privacy, another cybersecurity company. The Epoch Times contacted Atlas for comment earlier this week but received no response by publication time.

That site allows a person to search via his or her first name, last name, and ZIP code. Or, it allows one to search using his or her Social Security number or phone number.

“To help keep you anonymous, your search query is hashed locally and then sent to our servers to search against the NationalPublicData.com. We do not store any search data,” the site states.

The site also highlights on the page that some media outlets have made reference to it.

In a statement after the breach, National Public Data said it is cooperating with law enforcement and government officials. The company said it will try to notify users “if there are further significant developments applicable” to them and recommends people monitor their financial accounts for unusual activity.
Jack Phillips
Jack Phillips
Breaking News Reporter
Jack Phillips is a breaking news reporter who covers a range of topics, including politics, U.S., and health news. A father of two, Jack grew up in California's Central Valley. Follow him on X: https://twitter.com/jackphillips5
twitter