Personal Finance
Was my Social Security number stolen? National Public Data breach questions
Glowimages | Getty Images
You may have never heard of National Public Data, yet your personal information may have been compromised in the company’s recent massive data breach.
The background check company, which is owned by Jerico Pictures Inc., recently released details of the breach after a proposed class action lawsuit alleged 2.9 billion personal records may have been exposed. Other reports suggest the amount of records leaked may have been more than 2.7 billion.
In an official data breach notice filed in Maine, National Public Data indicated 1.3 million records may have been breached, said James E. Lee, chief operating officer at Identity Theft Resource Center, a non-profit organization focused on mitigating risks of identity breaches and theft.
“It is entirely possible that it is that low; it’s also entirely possible it’s higher,” Lee said of the number of people affected.
More from Personal Finance:
Social Security cost-of-living adjustment may be 2.6% in 2025
Here’s the inflation breakdown for July 2024
A U.S. construction boom is sending rents lower
The information breached may have included Social Security numbers, names, email addresses, phone numbers and mailing addresses, National Public Data states on its website.
A third-party bad actor may have hacked into the data in December, with potential leaks of the information in April and over this summer, the company said on its website. National Public Data did not return a request for comment by press time.
As cyber professionals dig into the breached data, they’re finding that not all of it is accurate and much of the information was already available. “The reality is there’s nothing new in this data,” Lee said.
Still, experts say news of the breach is a great reminder to take steps to protect your personal information. Here’s a roundup of answers to common consumers are asking now.
Can you be affected even if you’ve never heard of National Public Data?
Yes. National Public Data is a background check company that provides information either through legitimate sources or by scraping it off the web, Lee said. Because the data is collected more casually, it can be gathered without consumers’ permission and outside of certain regulations. As a result, it may be inaccurate or outdated, he said.
Certain information, such as when you buy a house or pay property taxes, technically is public record, said Cliff Steinhauer, director of information security and engagement at The National Cybersecurity Alliance, a nonprofit focused on cybersecurity awareness and education. Companies can collect and aggregate that publicly available data to gather a picture of who someone is, he said.
“You have varying levels of companies’ ability to protect the data that they’re collecting, and they may not fall under any regulation to do so because it’s like public data to begin with,” Steinhauer said.
Is there a way to know if your Social Security number has been affected?
Certain cyber groups have set up websites to enable individuals to search to see if their personal data was affected by the breach, Lee said. One site — NPDBreach.com — allows for a search by full name and zip code, Social Security number or phone number. Another site — NPD.pentester.com — allows for search based on first name, last name, state and birth year.
“I certainly don’t recommend anybody enter their Social Security number” in the sites, Lee said.
By entering your name, you may get a sense of what information, if any, has been shared. The good news is most people are finding information that has been leaked is inaccurate, Lee said.
What is the best way to protect your personal information?
If you find you’re included in the breach, the steps you should take are not necessarily new.
“There’s nothing additional you should do that you haven’t hopefully have already done, or you know now to do,” Lee said.
Freezing your credit should be at the top of that list. Be sure to submit requests to each of the three major credit bureaus — Equifax, Experian and TransUnion.
A freeze will help block access to your records by bad actors. However, keep in mind you will need to either temporarily or permanently unfreeze your credit if you want to apply for a new credit card or auto loan, for example.
As you freeze your credit, be extra vigilant that you are on the legitimate websites of the credit bureaus, and not look-alike sites aimed at stealing your personal information.
Additionally, you should change all your passwords, particularly if you have repeated passwords among multiple websites. Ideally, you should enable multi-factor authentication for personal websites to help keep your financial data secure. Also, never share your personal information while using public internet.
Is it worthwhile to pay for extra protection?
In addition to freezing your credit, there are ways to purchase additional protection.
Sites like National Public Data may allow for individuals to opt out of being included in their data collections. However, because there are so many data brokers, it can be time consuming for consumers to contact each one, Steinhauer said. To help, consumers can pay for a data broker removal service that will contact the websites on their behalf.
Additionally, identity theft monitoring tools will let you know if someone tries to open an account using your personal information.
Dark web monitoring services can let you know if your information was found in a data breach that was published on the dark web.
Can you be entitled to money damages if you’re affected by the breach?
While legal organizations may tout the idea that money damages may be available to people affected by the breach, any sums that are eventually paid likely won’t be meaningful, Lee said.
“You’re not going to get a lot of money,” Lee said.
After the 2017 Equifax breach affecting more than 147 million consumers, for example, people reported receiving lawsuit payouts in late 2022 of less than $3 in some cases, while other said they got around $40.
The goal of the solicitations is often to build a multi-state, multi-jurisdiction class action lawsuit, which may consolidate multiple lawsuits.
However, they will need to prove actual harm came from this specific data breach, Lee said. Because there have been so many data breaches, it can be difficult to tie a specific piece of data to this one event, he said.
The Social Security Administration office in Brownsville, Texas.
Robert Daemmrich Photography Inc | Corbis Historical | Getty Images
The Social Security Administration plans to shed 7,000 employees as the Trump administration looks for ways to cut federal spending.
The agency on Friday confirmed the figure — which will bring its total staff down to 50,000 from 57,000.
Previous reports that the Social Security Administration planned for a 50% reduction to its headcount are “false,” the agency said.
Nevertheless, the aim of 7,000 job cuts has prompted concerns about the agency’s ability to continue to provide services, particularly benefit payments, to tens of millions of older Americans when its staff is already at a 50-year low.
“It’s going to extend the amount of time that it takes for them to have their claim processed,” said Greg Senden, a paralegal analyst who has worked at the Social Security Administration for 27 years.
“It’s going to extend the amount of time that they have to wait to get benefits,” said Senden, who also helps the American Federation of Government Employees oversee Social Security employees in six central states.
Officials at the White House and the Social Security Administration were not available for comment at press time.
More from Personal Finance:
Trump, DOGE job cuts may be biggest in history
Funding freeze stymies Biden-era consumer energy rebates
Trump, Musk float idea of $5,000 ‘DOGE dividend’ checks
The Social Security Administration on Friday said it anticipates “much of” the staff reductions needed to reach its target will come from resignations, retirement and offers for Voluntary Separation Incentive Payments, or VSIP.
More reductions could come from “reduction-in-force actions that could include abolishment of organizations and positions” or reassignments to other positions, the agency said. Federal agencies must submit their reduction-in-force plans by March 13 to the Office of Personnel Management for approval.
Cuts may affect benefit payments, experts say
Former Social Security Administration Commissioner Martin O’Malley last week told CNBC.com that the continuity of benefit payments could be at risk for the first time in the program’s history.
“Ultimately, you’re going to see the system collapse and an interruption of benefits,” O’Malley said. “I believe you will see that within the next 30 to 90 days.”
Other experts say the changes could affect benefits, though it remains to be seen exactly how.
“It’s unclear to me whether the staff cuts are more likely to result in an interruption of benefits, or an increase in improper payments,” said Charles Blahous, senior research strategist at the Mercatus Center at George Mason University and a former public trustee for Social Security and Medicare.
Improper payments happen when the agency either overpays or underpays benefits due to inaccurate information.
With fewer staff, the Social Security Administration will have to choose between making sure all claims are processed, which may lead to more improper payments, or avoiding those errors, which could lead to processing delays, Blahous said.
Disability benefits, which require more agency staff attention both to process initial claims and to continue to verify beneficiaries are eligible, may be more susceptible to errors compared to retirement benefits, he added.
Cuts may have minimal impact on trust funds
Under the Trump administration, Social Security also plans to consolidate its geographic footprint to four regions down from 10 regional offices, the agency said on Friday.
Ultimately, it remains to be seen how much savings the overall reforms will generate.
The Social Security Administration’s funding for administrative costs comes out of its trust funds, which are also used to pay benefits. Based on current projections, the trust funds will be depleted in the next decade and Social Security will not be able to pay full benefits at that time, unless Congress acts sooner.
The efforts to cut costs at the Social Security Administration would likely only help the trust fund solvency “in some miniscule way,” said Andrew Biggs, senior fellow at the American Enterprise Institute and former principal deputy commissioner of the Social Security Administration.
What President Donald Trump is likely looking to do broadly is reset the baseline on government spending and employment, he said.
“I’m not disagreeing with the idea that the agency could be more efficient,” Biggs said. “I just wonder whether you can come up with that by cutting the positions first and figuring out how to have the efficiencies later.”
The US Treasury building in Washington, DC, US, on Monday, Jan. 27, 2025.
Stefani Reynolds | Bloomberg | Getty Images
The U.S. Department of the Treasury on Sunday announced it won’t enforce the penalties or fines associated with the Biden-era “beneficial ownership information,” or BOI, reporting requirements for millions of domestic businesses.
Enacted via the Corporate Transparency Act in 2021 to fight illicit finance and shell company formation, BOI reporting requires small businesses to identify who directly or indirectly owns or controls the company to the Treasury’s Financial Crimes Enforcement Network, known as FinCEN.
After previous court delays, the Treasury in late February set a March 21 deadline to comply or risk civil penalties of up to $591 a day, adjusted for inflation, or criminal fines of up to $10,000 and up to two years in prison. The reporting requirements could apply to roughly 32.6 million businesses, according to federal estimates.
More from Personal Finance:
Tax breaks, free college: How a Kansas town is enticing people to move there
Social Security may see ‘interruption of benefits’ due to DOGE: ex-commissioner
You can still lower your 2024 tax bill or boost your refund with these moves
The rule was enacted to “make it harder for bad actors to hide or benefit from their ill-gotten gains through shell companies or other opaque ownership structures,” according to FinCEN.
In addition to not enforcing BOI penalties and fines, the Treasury said it would issue a proposed regulation to apply the rule to foreign reporting companies only.
President Donald Trump praised the news in a Truth Social post on Sunday night, describing the reporting rule as “outrageous and invasive” and “an absolute disaster” for small businesses.
Other experts say the Treasury’s decision could have ramifications for national security.
“This decision threatens to make the United States a magnet for foreign criminals, from drug cartels to fraudsters to terrorist organizations,” Scott Greytak, director of advocacy for anticorruption organization Transparency International U.S., said in a statement.
Greg Iacurci contributed to this reporting.
CBOE’s volatility expert gives tariff warning
Andrew Cuomo plots a comeback in New York City
Tax advantages of life insurance for wealthy families
New 2023 K-1 instructions stir the CAMT pot for partnerships and corporations
The Essential Practice of Bank and Credit Card Statement Reconciliation
Are American progressives making themselves sad?
-
Blog Post1 week agoCritical Role of Bookkeeping in a Small Business Success
-
Blog Post1 week agoBudgeting Basics for Small Businesses
-
Economics1 week agoElon Musk’s outfit is running into opposition from Donald Trump’s appointees
-
Finance1 week agoWalmart sell-off bizarre, buy stock despite tariff risks: Bill Simon
-
Economics1 week agoDonald Trump sacks America’s top military brass
-
Personal Finance1 week agoWhat to know about selecting health plans
-
Personal Finance1 week agoHere’s how to qualify for the retirement savings contributions credit
-
Finance1 week agoThe Fed is stuck in neutral as it watches how Trump’s policies play out