as every single Social Security Number gets leaked 
SUMMARY
In April, hacking group USDoD attempted to sell 2.9 billion records which included personal data on everyone in the US, UK and Canada. Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases.
The data allegedly comes from National Public Data, a company that collects and sells access to personal data for use in background checks, to obtain criminal records, and for private investigators.
National Public Data is believed to scrape this information from public sources to compile individual user profiles for people in the US and other countries.
In April, a threat actor known as USDoD claimed to be selling 2.9 billion records containing the personal data of people in the US, UK, and Canada that was stolen from National Public Data.
At the time, the threat actor attempted to sell the data for $3.5 million and claimed it contained records for every person in the three countries.
USDoD is a known threat actor who was previously linked to an attempted sale of InfraGard's user database in December 2023 for $50,000.
Since then, various threat actors have released partial copies of the data, with each leak sharing a different number of records and, in some cases, different data.
On August 6th, a threat actor known as "Fenice" leaked the most complete version of the stolen National Public Data data for free on the Breached hacking forum.
However, Fenice says the data breach was conducted by another threat actor named "SXUL," rather than USDoD.
The leaked data consists of two text files totaling 277GB and containing nearly 2.7 billion plaintext records, rather than the original 2.9 billion number originally shared by USDoD.
While BleepingComputer can't confirm if this leak contains the data for every person in the US, numerous people have confirmed to us that it included their and family members' legitimate information, including those who are deceased.
Each record consists of the following information - a person's name, mailing addresses, and social security number, with some records including additional information, like other names associated with the person. None of this data is encrypted.
Previously leaked samples of this data also included phone numbers and email addresses, but these are not included in this 2.7 billion record leak.
It is important to note that a person will have multiple records, one for each address they are known to have lived. This also means that this data breach did not impact 3 billion people as has been erroneously reported in many articles that did not properly research the data.
Some people have also told BleepingComputer that their social security numbers were associated with other people they don't know, so not all the information is accurate.
Finally, this data may be outdated, as it does not contain the current address for any of the people we checked, potentially indicating that the data was taken from an old backup.
The data breach has led to multiple class action lawsuits against Jerico Pictures, which is believed to be doing business as National Public Data, for not adequately protecting people's data.
If you live in the US, this data breach has likely leaked some of your personal information.
As the data contains hundreds of millions of social security numbers, it is suggested that you monitor your credit report for fraudulent activity and report it to the credit bureaus if detected.
Furthermore, as previously leaked samples also contained email addresses and phone numbers, you should be vigilant against phishing and SMS texts attempting to trick you into providing additional sensitive information.
Jump in the discussion.
No email address required.
3 billion records / 330 million people = 10 records per person
name, an expired email address, an old phone number, five old addresses, and teh wrong social security number or whatever, and it's all publicly available already anyway?
Jump in the discussion.
No email address required.
SSNs shouldn't be public.
Jump in the discussion.
No email address required.
It's the only way to uniquely designate a US citizen, though?
Jump in the discussion.
No email address required.
Nonsense, there's plenty of other ways they could do it. They could come up with their own ID number for their systems (and likely already do), plus I'm sure with all your other identifying info you're probably pretty darned unique (full name + address for example).
They use your SSN purely out of convenience and for literally no other reason. IMO it should be restricted to the social security bureau and it should be literally illegal for any non-government agency to ever require it.
Our lawmakers are unfortunately such kitties they'll never do it but we'd be fine.
Jump in the discussion.
No email address required.
Sure but if two independent entities want to compare notes about you they need to be sure they're talking about the same person
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context
There should be no harm in having your SSN public because it was never intended to identify you.
Jump in the discussion.
No email address required.
Jump in the discussion.
No email address required.
More options
Context
More options
Context
they got the wrong ssn for the people who checked according to the article
Jump in the discussion.
No email address required.
More options
Context
More options
Context
More options
Context