Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Third Party Data. Show all posts

National Public Data Hacked: Personal Information of Millions at Risk

 


National Public Data, a company specializing in background checks and fraud prevention, has experienced a significant data breach. The data collected by the company has reportedly fallen into the hands of a hacking group known as "USDoD," which began selling access to the stolen information in April. The stolen data is said to include details of users from the US, UK, and Canada.

The company is now facing a class-action lawsuit, as reported by Bloomberg Law. The lawsuit was filed by Christopher Hoffman, a resident of California, after his identity protection service alerted him that his personal data had been compromised in the breach.

The scope of the data leak could be one of the largest ever recorded, though the full extent is still unconfirmed. National Public Data has not yet responded to requests for comment. However, in June, malware repository VX Underground reviewed the stolen data, which was initially on sale for $3.5 million.

VX Underground confirmed the authenticity of the massive 277.1GB uncompressed file, noting that the data included real and accurate information. They verified several individuals' details, who consented to the search of their information. According to VX Underground, the stolen data encompasses Social Security numbers, full names, and user address history spanning over three decades. It appears that the personal information of users who opted out of data collection was not included. USDoD acted as a broker for the sale, while a mysterious individual known as "SXUL" was behind the breach.

Although USDoD intended to sell the data to private buyers, it has reportedly been circulating freely on a popular hacker forum, posing a significant risk of identity theft. The archive is said to include dates of birth and phone numbers, though users who have downloaded the 277GB file report numerous duplicates. Some entries pertain to the same individual at different addresses, and others cover deceased persons. As a result, the actual number of affected individuals is estimated to be closer to 225 million, rather than the initially believed 2.9 billion.

National Public Data had previously advertised its People Finder tool, claiming access to over 2.2 billion merged records covering the entire adult population of the USA and its territories. In response to the breach, some identity protection services have already begun analyzing the stolen data and notifying affected consumers whose Social Security numbers were found in the archive. Hoffman's class-action lawsuit demands that National Public Data pay damages and implement several IT security changes, including the deletion of stored data on US users unless a reasonable justification is provided.

HealthEquity Data Breach Exposes Personal Information

 

HealthEquity, a leading provider of Health Savings Accounts (HSAs), has confirmed a significant data breach affecting potentially 4.3 million customers. The breach, discovered in March but only confirmed in June, involved unauthorized access to a data repository containing sensitive personal information.

The compromised data may include names, addresses, phone numbers, Social Security numbers, employment details, and partial payment card information. However, HealthEquity emphasizes that the specific data exposed varies for each individual.   

In response to the breach, HealthEquity has taken steps to secure the affected data repository and implemented a global password reset for the third-party vendor involved. The company will be notifying impacted individuals in early August about the incident and providing details on the actions they are taking.   

To help protect customers, HealthEquity is offering two years of free credit monitoring and identity theft protection through Equifax. Impacted individuals will receive a notification letter with instructions on how to enroll in this service.   

While no hacker group has claimed responsibility for the breach and no data has been leaked publicly thus far, experts advise affected individuals to remain vigilant. Monitor bank statements, credit reports, and watch for suspicious emails or text messages.

This ongoing situation highlights the importance of protecting personal information and underscores the need for robust security measures by companies handling sensitive data.

Balancing Privacy and Authenticity in the Digital Age

The ubiquitous nature of online platforms has led to an increased risk of privacy breaches and data exploitation. While providing false information can serve as a protective measure against unwanted intrusions, it is essential to discern when such a strategy is appropriate. 

There are specific scenarios where employing fake information can mitigate privacy risks:

  • Advertising Platforms: Many advertising platforms collect user data for targeted advertising. Using fabricated information can reduce exposure to unsolicited advertisements and potentially prevent data breaches.
  • Public Wi-Fi Networks: Public Wi-Fi hotspots are often susceptible to cyberattacks. Providing personal information on these networks can compromise sensitive data.
  • Online Surveys and Quizzes: These platforms frequently harvest user data for marketing purposes. To safeguard personal information, it is advisable to use fictitious details.
  • Online Forums and Communities: While online forums offer a platform for interaction, they also pose risks to privacy. Employing pseudonyms and fake information can protect identity and prevent unwanted contact.
  • Low-Trust E-commerce Platforms: For one-time purchases from less reputable online retailers, particularly those not requiring physical product delivery, providing fake information can minimize data exposure.
  • Free Trial Sign-ups: Many free trial offers require personal information. To avoid subsequent spam and potential data misuse, using fabricated details is recommended.

Essential Platforms Requiring Authentic Information

Despite the benefits of using fake information in certain contexts, it is crucial to provide accurate details on platforms that demand authenticity:

  • Government Websites: Government platforms often require verified personal information for various services and processes.
  • Financial Institutions: Financial platforms, including banks and investment platforms, necessitate accurate information for account management and security purposes.
  • Professional Networking Sites: Professional networking platforms like Linkedin and job application portals require authentic details for professional networking and employment opportunities.
  • Healthcare and Medical Websites: Medical and healthcare platforms necessitate accurate information for diagnosis, treatment, and medical records.

By carefully considering the nature of online platforms and the potential risks involved, individuals can effectively balance privacy protection with the need for authentic information.

Moreoever, while using fake information can offer certain advantages, it is essential to comply with relevant laws and regulations. Misrepresenting oneself can have legal consequences.


Hacker Alleges Theft of Piramal Group’s Employee Data; Company Denies Breach as "Erroneous and Misleading"

 


Recent reports have suggested that employee data belonging to Piramal Group, including names and email addresses of both current and former staff members, may have been compromised and offered for sale on the dark web. These allegations have understandably raised concerns regarding the security of sensitive information within the organization. 

However, Piramal Group has firmly denied any breach, attributing the purported data leak to a third-party platform. The Indian government's Computer Emergency Response Team (CERT-In) was also notified of the situation and has confirmed that there was no compromise in Piramal Group's systems.

The controversy arose when a hacker reportedly posted a small portion of the stolen data on a prominent cybercrime forum last week. The publication that brought this issue to light claims to have accessed a larger sample of data from the alleged hacker and validated it using a job listing portal. This development has highlighted the importance of robust data security measures and has led to widespread speculation about the integrity of Piramal Group's systems.

In response to these allegations, a spokesperson for Piramal Group provided a detailed statement to the Times of India, emphasizing, "As mentioned earlier, we can confirm that there has been no data breach at Piramal Group.The suspicious activity on the dark web was evaluated and confirmed by our cybersecurity team as a false claim.

As per our investigation, the sample data shared is not Piramal Organization data and has no relevance to us. On further investigation we have also found that the information in question seems to have originated from a third-party platform, Mailinator and not any of the systems at Piramal. Mailinator is not associated with Piramal Group in any form

We have also shared the same feedback with regulatory authority, CERT IN and kept them informed.

We reiterate that there has been no breach of our data and any assertion to this effect is erroneous and misleading."

The detailed response from Piramal Group underscores their commitment to data security and transparency. As the investigation continues, the company remains vigilant in protecting the personal information of its employees and upholding the trust placed in them by their stakeholders.