ALLEGEDLY.
An alleged hack at a background check company grabbed headlines this week for potentially exposing billions of social security numbers. Don’t panic, though — this incident is par for the course as companies amass data on consumers, cybersecurity experts say.
The data in question appeared on hacker forums in April and contains millions of rows of data, some of which are authentic names and social security numbers, multiple cybersecurity researchers told The Washington Post. Still, the scale and severity of the alleged breach has been overstated in some reports, they said. It’s still unclear how much of the data is genuine and whether it all really came from hacking a company, as opposed to scraping publicly available sources.
Posters in hacking forums claimed responsibility for the breach and offered to sell or share the data, which they said included personal information from billions of people across the United States, the United Kingdom and Canada. While researchers have confirmed the authenticity of some data, the set is large enough to suggest some fake or reused data, security expert Troy Hunt told The Washington Post
James E. Lee, chief operating officer at Identity Theft Resource Center, a nonprofit that helps consumers deal with fraud, said that there is “nothing new” about this particular data haul and that SSNs already circulate online.
“The steps you need to take today are the steps you needed to be taking for years,” Lee said.