Author: admin

News of a major data breach that could affect nearly three billion people comes to light from a somewhat unusual source — a class-action complaint filed in Florida.

Even as details come to light, we advise people to act as if this is indeed a large and significant breach.

The National Public Data (NPD) breach

First, the details. The filed complaint concerns National Public Data (NPD), a company that provides background checks. Per their website, “[NPD obtains] information from various public record databases, court records, state and national databases, and other repositories nationwide.”

The complaint alleges that NPD was hit by a data breach in or around April 2024. [i] The complaint filed in the U.S. District Court further alleges:

• The company had sensitive info breached, such as full names; current and past addresses spanning at least the last three decades; Social Security numbers; info about parents, siblings, and other relatives (including some who have been deceased for nearly 20 years); and other personal info.
• The company “scraped” this info from non-public sources. This info was collected without the consent of the person who filed the complaint and the billions of others who might qualify to join in the class action complaint.
• The company “assumed legal and equitable duties to those individuals to protect and safeguard that information from unauthorized access and intrusion.”

How did the NPD breach come to light?

Typically, companies self-report these breaches, thanks to regulations and legislation that require them to report them in a timely manner. That way, initial word of breaches reaches customers through emails, news reports, and sometimes through notifications to certain state attorney generals.

In this case, it appears that no notices were sent to potential victims. Further, we were unable to find any filings with state attorney generals.

As to how the primary plaintiff discovered the breach, he “received a notification from his identity theft protection service provider notifying him that his [personal info] was compromised as a direct result of the ‘nationalpublicdata.com’ breach …” (And you can certainly add online protection software to the list of ways you can find out about a data breach before a company notifies you.)

Further, in June, The Register reported that a hacker group by the name of USDoD claimed it hacked the records of 2.9 billion people and put them up for sale on the dark web.[ii] The price tag, U.S. $3.5 million. The group further claimed that the records include U.S., Canadian, and British citizens.

From an online protection standpoint, this alleged breach could contain highly sensitive info that, if true, would put three billion people at risk of identity theft. The mere possibility of breached Social Security numbers alone makes it something worth acting on.

How to protect yourself against data breaches

This breach shows the risks and frustrations that we, as consumers, face in the wake of such attacks. It often takes months before we receive any kind of notification. And of course, that gap gives hackers plenty of time to do their damage. They might use stolen info to commit identity crimes, or they might sell it to others who’ll do the same. Either way, we’re often in the dark until we get hit with a case of identity theft ourselves.

Indeed, word of an attack that affects you might take some time to reach you. With that, a mix of measures offer the strongest protection from data breaches.

To fully cover yourself, we suggest the following:

Check your credit, consider a security freeze, and get ID theft protection.

With your personal info potentially on the dark web, strongly consider taking preventive measures now. Checking your credit and getting identity theft protection can help keep you safer in the aftermath of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:

• Credit monitoring keeps an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
• Security freeze protects you proactively by stopping unauthorized access to existing credit card, bank, and utility accounts or from new ones being opened in your name. And it won’t affect your credit score.
• ID Theft & Restoration Coverage gives you $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft.​ This way, you can cover losses and repair your credit and identity with a licensed recovery expert.

Monitor your identity and transactions.

Breaches and leaks can lead to exposure, particularly on dark web marketplaces where personal info gets bought and sold. Our Identity Monitoring can help notify you quickly if that happens. It keeps tabs on everything from email addresses to IDs and phone numbers for signs of breaches. If spotted, it offers advice that can help secure your accounts before they’re used for identity theft.​

Also in our McAfee+ plans, you’ll find several types of transaction monitoring that can spot unusual activity. These features track transactions on credit cards and bank accounts — along with retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.

Keep an eye out for phishing attacks.

With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info — either by tricking you into providing it or by stealing it without your knowledge. So look out for phishing attacks, particularly after breaches.

If you are contacted by a company, make certain the communication is legitimate. Bad actors might pose as them to steal personal info. Don’t click or tap on links sent in emails, texts, or messages. Instead, go straight to the appropriate website or contact them by phone directly.

For even more security, you can use our new Text Scam Detector. It puts a stop to scams before you click by detecting any suspicious links and sending you an alert. And if you accidentally tap a bad link, it blocks the sketchy sites they can take you to.

Update your passwords and use two-factor authentication.

Changing your password is a strong preventative measure. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you keep on top of it all, while also storing your passwords securely.

While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts helps your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone.

Remove your personal info from data broker sites.

According to the filed complaint, National Public Data “scrapes” personal info from non-public sources. Further, the home page of the website mentions that it gathers info “from various public record databases, court records, state and national databases, and other repositories nationwide.” While we can’t confirm this ourselves, we can cautiously call out that these sources might include data broker sites.

While any damage here has already been done, we recommend removing your personal info from these data broker sites. This can prevent further exposure in the event of future breaches elsewhere. Our Personal Data Cleanup can do this work for you. It scans data broker sites and shows you which ones sell your personal info. From there, it shows how you can remove your data. And our McAfee+ Advanced and Ultimate plans come with full-service Personal Data Cleanup, which sends requests to remove your data automatically.

[i]https://www.bloomberglaw.com/public/desktop/document/HofmannvJericoPicturesIncDocketNo024cv61383SDFlaAug012024CourtDoc?doc_id=X6S27DVM6H69DSQO6MTRAQRIVBS

[ii] https://www.theregister.com/2024/06/03/usdod_data_dump/

 

The post Data Breach Exposes 3 Billion Personal Information Records appeared first on McAfee Blog.

With a buzz, your phone lets you know you got a text. You take a peek. It’s from the U.S. Postal Service with a message about your package. Or is it? You might be looking at a smishing scam.

“Smishing” takes its form from two terms: SMS messaging and phishing. Effectively, smishing is a phishing attack on your phone. Scammers love these attacks year-round, and particularly so during holiday shopping rushes. The fact remains that we ship plenty of packages plenty often, and scammers use that to their advantage.

Smishing attacks try to slip into the other legitimate messages you get about shipments. The idea is that you might have a couple on the way and might mistake the smishing attack for a proper message. Scammers make them look and sound legit, posing as the U.S. Postal Service or other carriers like UPS, DHL, and FedEx.

Let’s dive into the details of this scheme and what you can do to protect yourself from SMS phishing.

Special delivery: suspicious text messages

To pull off these attacks, scammers send out text messages from random numbers saying that a delivery has an urgent transit issue. When a victim taps on the link in the text, it takes them to a form page that asks them to fill in their personal and financial info to “verify their purchase delivery.” With the form completed, the scammer can then exploit that info for financial gain.

However, scammers also use this phishing scheme to infect people’s devices with malware. For example, some users received links claiming to provide access to a supposed postal shipment. Instead, they were led to a domain that did nothing but infect their browser or phone with malware. Regardless of what route the hacker takes, these scams leave the user in a situation that compromises their smartphone and personal data.

You don’t have to fall for delivery scams

While delivery alerts are a convenient way to track packages, it’s important to familiarize yourself with the signs of smishing scams. Doing so will help you safeguard your online security without sacrificing the convenience of your smartphone. To do just that, take these straightforward steps.

Go directly to the source.

Be skeptical of text messages from companies with peculiar requests or info that seems too good to be true. Be even more skeptical if the link looks different from what you’d expect from that sender — like a shortened link or a kit-bashed name like “fed-ex-delivery dot-com.” Instead of clicking on a link within the text, it’s best to go straight to the organization’s website to check on your delivery status or contact customer service.

Enable the feature on your mobile device that blocks certain texts.

Many spammers send texts from an internet service to hide their identities. You can combat this by using the feature on your mobile device that blocks texts sent from the internet or unknown users. For example, you can disable all potential spam messages from the Messages app on an Android device. Head to “Settings,” tap on “Spam protection,” and then enable it. On iPhones, head to “Settings” > “Messages” and flip the switch next to “Filter Unknown Senders.”

One caveat, though. This can block legitimate messages just as easily. Say you’re getting your car serviced. If you don’t have the shop’s number stored on your phone, their updates on your repair progress will get blocked as well.

Block smishing texts with AI.

Our new AI-powered Text Scam Detector puts up a great defense. It automatically detects scams by scanning URLs in your text messages. If you accidentally tap? Don’t worry, it can block risky sites if you tap on a suspicious link in texts, emails, social media, and more.

Protect your privacy and identity all around.

While McAfee+ plans include Scam Protection, our plans offer strong protection for your identity, privacy, and finances. All the things those smishers are after. It includes credit and identity monitoring, social privacy management, and a VPN, plus several transaction monitoring features. Together, they spot scams and give you the tools to stop them dead in their tracks.

And if the unfortunate happens, our Identity Theft Coverage & Restoration can get you on the path to recovery. It offers up to $2 million in coverage for legal fees, travel, and funds lost because of identity theft. Further, a licensed recovery pro can do the work for you, taking the necessary steps to repair your identity and credit.

The post How Not to Fall for Smishing Scams appeared first on McAfee Blog.

NIST has formalized three post-quantum cryptographic algorithms, with organizations urged to start the transition to quantum-secure encryption immediately

Microsoft’s August Patch Tuesday saw the tech giant address nine zero-day vulnerabilities

In a Monday filing with the ASX, Evolution Mining stated that the incident was contained

The UK’s National Cyber Security Centre wants to test the effectiveness of cyber-deception tactics

The FBI and other law enforcers claim to have disrupted the Radar/Dispossessor ransomware group

South Korea’s People Power Party calls for new legislation after data on spy planes and tanks is hacked by North Korea

Belarusian national Maksim Silnikau, who was operating under the ‘J.P. Morgan’ moniker, is believed to be one of the world’s most prolific Russian-speaking cybercriminals

The EVIT breach exposed the data of 208,717 individuals, including students, faculty and parents