Okay, I admit I'm spooked. For years, I thought about freezing my credit reports and miscellaneous parts of my identity has been posted on the dark webz. I was concerned, but not overly concerned. I keep tabs on my report and get alerts on credit report changes through many sources including Experian and numerous lenders.
Last night, I was reviewing my AMEX credit reporting for dark web activity. I don't scour all my various credit report sources regularly, but I do sometimes. I was alarmed to see three new entries with my full name, Social Security Number, Date of Birth, and three addresses I have used in the past 25 years. One of my primary email addresses has also been released in several data breaches. The combination of aggregated data made me almost literally sick to my stomach.
Apparently, I'm part of the National Public Data Breach that was just publicized which could be impacting up to 3 BILLION consumers. 
In the past 24 hours, I have frozen all three credit reports. I had accounts at two of the bureaus, and created a third. I had to find my login information and make sure it was current.
Fortunately, I have separate email address I use for financial data which appears not to have been leaked.
I found a free link to check your exposed data in the leak and was shocked to find myself listed (14) times including my current street address, current mailing address (PO Box which I used for financial data security), SSN, full name, and all prior addresses from recent history. If you want to check yours, go to: https://npd.pentester.com/
I'm planning to change my financial data and email passwords again, as it's been awhile since I did that. I'm also debating whether changing my phone number, mailing address, and email address would be a good idea. The tech industry needs to come up with better safeguards to prevent the ability of cyber thiefs to access our private data and perpetrate fraud. This is becoming far too common and dangerous.
I also just renewed my passwords at IRS.gov and Social Security (SSA.gov).
I think those may be the two most important government websites to secure for fraud purposes.
I authorized and created a PIN to file my income taxes since there has been fraud related to that in recent years.
And I verified there were no social security benefits paid or applications pending by selecting the "Verification Letter" link on my dashboard.
I got alerts last week about stuff that included some old addresses too, as well as email, SSN, etc..
It would be nice if the National Public Data breach lead to some legislation stomping on the faces of some of these legal data brokers that keep having breaches, but probably won't.
Credit reports were already locked, probably should change some passwords.
I'm migrating all of my financial stuff to new email addresses.
I have my own domain, so can create as many new addresses as I want.
I was part of this latest data breach where my cell phone number was released. My reports are all frozen but about a week ago, or so I get a phone call from a blocked (private caller) number.
Her: (speaking broken English) Hello, I'm agent Sarah Johnson from U.S. Customs and Border Patrol, your phone number has been linked to an illegal shipment from Mexico we intercepted. Were you expecting a shipment from Mexico sir?
Me: No
Her: Well sir, we'll need to verify some information. Are you prepared to help us verify that information?
Me: No
Her: Sir, this is a serious matter. If you're refusing to cooperate we'll have no choice but to issue a warrant for your arrest. Are you going to cooperate or not?
Me: No I'm not going to cooperate so please send the agents, and send that package with them as I have, you know... customers anxiously awaiting it's arrival.
Her: hangs up phone
In addition to trying to outright steal identities to steal money, they'll also use this information to try to scam people out of money by either gaining more information from them directly to steal from you, or to get you to willingly give them money.
@Aim_High wrote:I'm planning to change my financial data and email passwords again, as it's been awhile since I did that. I'm also debating whether changing my phone number, mailing address, and email address would be a good idea. The tech industry needs to come up with better safeguards to prevent the ability of cyber thiefs to access our private data and perpetrate fraud. This is becoming far too common and dangerous.
Changing phone number, email, and so on will only help until the next breach is revealed. As the saying goes "there are two kinds of companies. those who know they've been hacked and those who don't yet know they've been hacked."
With that said, there are some things you can do that will harden you against fraud. First, strong and unique random passwords for each site. A trusted password manager such as Bitwarden is invaluable for this. Second, use two-factor whenever available, and if possible the one-time password option (requires a password manager or google authenticator). Third, start using passkeys for sites that offer them.
@JoeRockhead wrote:I was part of this latest data breach where my cell phone number was released. My reports are all frozen but about a week ago, or so I get a phone call from a blocked (private caller) number.
Her: (speaking broken English) Hello, I'm agent Sarah Johnson from U.S. Customs and Border Patrol, your phone number has been linked to an illegal shipment from Mexico we intercepted. Were you expecting a shipment from Mexico sir?
Me: No
Her: Well sir, we'll need to verify some information. Are you prepared to help us verify that information?
Me: No
Her: Sir, this is a serious matter. If you're refusing to cooperate we'll have no choice but to issue a warrant for your arrest. Are you going to cooperate or not?
Me: No I'm not going to cooperate so please send the agents, and send that package with them as I have, you know... customers anxiously awaiting it's arrival.
Her: hangs up phone
In addition to trying to outright steal identities to steal money, they'll also use this information to try to scam people out of money by either gaining more information from them directly to steal from you, or to get you to willingly give them money.
Com'mon Joe ... the caller is just trying to earn a living? 
A little side trip ... two bank systems where I live were both off line and dealing with some vary strange happenings (you could access the bank externally) but the internal staff had no phones, computer access or software to use and it took them three week days to fix). The other bank had strange problems with part of the banking software ... really strange and it took them three days. No one can admit what happened for security reasons but strange. This all happened last week.
As an extended side trip, external access to various utilities is getting nebulous due to the ramifications of software intruders. Presently, I sit on a utility board and it is almost to the point of no external access. Will need to use a "pony express" rider to carry the needed information around.
Finally the modern age got us
@JoeRockhead wrote:
Me: No I'm not going to cooperate so please send the agents, and send that package with them as I have, you know... customers anxiously awaiting it's arrival.
LMAO ... That's awesome @JoeRockhead !!! 
