Personal Finance

Was my Social Security number stolen? National Public Data breach questions

Published

7 months ago

August 23, 2024

Glowimages | Getty Images

You may have never heard of National Public Data, yet your personal information may have been compromised in the company’s recent massive data breach.

The background check company, which is owned by Jerico Pictures Inc., recently released details of the breach after a proposed class action lawsuit alleged 2.9 billion personal records may have been exposed. Other reports suggest the amount of records leaked may have been more than 2.7 billion.

In an official data breach notice filed in Maine, National Public Data indicated 1.3 million records may have been breached, said James E. Lee, chief operating officer at Identity Theft Resource Center, a non-profit organization focused on mitigating risks of identity breaches and theft.

“It is entirely possible that it is that low; it’s also entirely possible it’s higher,” Lee said of the number of people affected.

The information breached may have included Social Security numbers, names, email addresses, phone numbers and mailing addresses, National Public Data states on its website.

A third-party bad actor may have hacked into the data in December, with potential leaks of the information in April and over this summer, the company said on its website. National Public Data did not return a request for comment by press time.

As cyber professionals dig into the breached data, they’re finding that not all of it is accurate and much of the information was already available. “The reality is there’s nothing new in this data,” Lee said.

Still, experts say news of the breach is a great reminder to take steps to protect your personal information. Here’s a roundup of answers to common consumers are asking now.

Can you be affected even if you’ve never heard of National Public Data?

Yes. National Public Data is a background check company that provides information either through legitimate sources or by scraping it off the web, Lee said. Because the data is collected more casually, it can be gathered without consumers’ permission and outside of certain regulations. As a result, it may be inaccurate or outdated, he said.

Certain information, such as when you buy a house or pay property taxes, technically is public record, said Cliff Steinhauer, director of information security and engagement at The National Cybersecurity Alliance, a nonprofit focused on cybersecurity awareness and education. Companies can collect and aggregate that publicly available data to gather a picture of who someone is, he said.

“You have varying levels of companies’ ability to protect the data that they’re collecting, and they may not fall under any regulation to do so because it’s like public data to begin with,” Steinhauer said.

Identity theft is where bad actors are focusing their attention, says CyberArk CEO

Is there a way to know if your Social Security number has been affected?

Certain cyber groups have set up websites to enable individuals to search to see if their personal data was affected by the breach, Lee said. One site — NPDBreach.com — allows for a search by full name and zip code, Social Security number or phone number. Another site — NPD.pentester.com — allows for search based on first name, last name, state and birth year.

“I certainly don’t recommend anybody enter their Social Security number” in the sites, Lee said.

By entering your name, you may get a sense of what information, if any, has been shared. The good news is most people are finding information that has been leaked is inaccurate, Lee said.

What is the best way to protect your personal information?

If you find you’re included in the breach, the steps you should take are not necessarily new.

“There’s nothing additional you should do that you haven’t hopefully have already done, or you know now to do,” Lee said.

Freezing your credit should be at the top of that list. Be sure to submit requests to each of the three major credit bureaus — Equifax, Experian and TransUnion.

A freeze will help block access to your records by bad actors. However, keep in mind you will need to either temporarily or permanently unfreeze your credit if you want to apply for a new credit card or auto loan, for example.

As you freeze your credit, be extra vigilant that you are on the legitimate websites of the credit bureaus, and not look-alike sites aimed at stealing your personal information.

Additionally, you should change all your passwords, particularly if you have repeated passwords among multiple websites. Ideally, you should enable multi-factor authentication for personal websites to help keep your financial data secure. Also, never share your personal information while using public internet.

Is it worthwhile to pay for extra protection?

In addition to freezing your credit, there are ways to purchase additional protection.

Sites like National Public Data may allow for individuals to opt out of being included in their data collections. However, because there are so many data brokers, it can be time consuming for consumers to contact each one, Steinhauer said. To help, consumers can pay for a data broker removal service that will contact the websites on their behalf.

Additionally, identity theft monitoring tools will let you know if someone tries to open an account using your personal information.

Dark web monitoring services can let you know if your information was found in a data breach that was published on the dark web.

How on-time rent payments can help 'credit invisible' consumers be seen

Can you be entitled to money damages if you’re affected by the breach?

While legal organizations may tout the idea that money damages may be available to people affected by the breach, any sums that are eventually paid likely won’t be meaningful, Lee said.

“You’re not going to get a lot of money,” Lee said.

After the 2017 Equifax breach affecting more than 147 million consumers, for example, people reported receiving lawsuit payouts in late 2022 of less than $3 in some cases, while other said they got around $40.

The goal of the solicitations is often to build a multi-state, multi-jurisdiction class action lawsuit, which may consolidate multiple lawsuits.

However, they will need to prove actual harm came from this specific data breach, Lee said. Because there have been so many data breaches, it can be difficult to tie a specific piece of data to this one event, he said.

Personal Finance

Trump administration loses appeal of DOGE Social Security restraining order

Published

14 hours ago

April 2, 2025

Business Finance News

A person holds a sign during a protest against cuts made by U.S. President Donald Trump’s administration to the Social Security Administration, in White Plains, New York, U.S., March 22, 2025.

Nathan Layne | Reuters

The Trump administration’s appeal of a temporary restraining order blocking the so-called Department of Government Efficiency from accessing sensitive personal Social Security Administration data has been dismissed.

The U.S. Court of Appeals for the 4th Circuit on Tuesday dismissed the government’s appeal for lack of jurisdiction. The case will proceed in the district court. A motion for a preliminary injunction will be filed later this week, according to national legal organization Democracy Forward.

The temporary restraining order was issued on March 20 by federal Judge Ellen Lipton Hollander and blocks DOGE and related agents and employees from accessing agency systems that contain personally identifiable information.

That includes information such as Social Security numbers, medical provider information and treatment records, employer and employee payment records, employee earnings, addresses, bank records, and tax information.

DOGE team members were also ordered to delete all nonanonymized personally identifiable information in their possession.

The plaintiffs include unions and retiree advocacy groups, namely the American Federation of State, County and Municipal Employees, the Alliance for Retired Americans and the American Federation of Teachers.

“We are pleased the 4th Circuit agreed to let this important case continue in district court,” Richard Fiesta, executive director of the Alliance for Retired Americans, said in a written statement. “Every American retiree must be able to trust that the Social Security Administration will protect their most sensitive and personal data from unwarranted disclosure.”

The Trump administration’s appeal ignored standard legal procedure, according to Democracy Forward. The administration’s efforts to halt the enforcement of the temporary restraining order have also been denied.

“The president will continue to seek all legal remedies available to ensure the will of the American people is executed,” Liz Huston, a White House spokesperson, said via email.

Fiserv CEO on the nomination to Social Security Commisioner role

The Social Security Administration did not respond to a request from CNBC for comment.

Immediately after the March 20 temporary restraining order was put in place, Social Security Administration Acting Commissioner Lee Dudek said in press interviews that he may have to shut down the agency since it “applies to almost all SSA employees.”

Dudek was admonished by Hollander, who called that assertion “inaccurate” and said the court order “expressly applies only to SSA employees working on the DOGE agenda.”

Dudek then said that the “clarifying guidance” issued by the court meant he would not shut down the agency. “SSA employees and their work will continue under the [temporary restraining order],” Dudek said in a March 21 statement.

Don’t miss these insights from CNBC PRO

Personal Finance

Most credit card users carry debt, pay over 20% interest: Fed report

Published

16 hours ago

April 2, 2025

Business Finance News

Julpo | E+ | Getty Images

Many Americans are paying a hefty price for their credit card debt.

As a primary source of unsecured borrowing, 60% of credit cardholders carry debt from month to month, according to a new report by the Federal Reserve Bank of New York.

At the same time, credit card interest rates are “very high,” averaging 23% annually in 2023, the New York Fed found, also making credit cards one of the most expensive ways to borrow money.

“With the vast majority of the American public using credit cards for their purchases, the interest rate that is attached to these products is significant,” said Erica Sandberg, consumer finance expert at CardRates.com. “The more a debt costs, the more stress this puts on an already tight budget.”

Most credit cards have a variable rate, which means there’s a direct connection to the Federal Reserve’s benchmark. And yet, credit card lenders set annual percentage rates well above the central bank’s key borrowing rate, currently targeted in a range between 4.25% to 4.5%, where it has been since December.

Following the Federal Reserve’s rate hike in 2022 and 2023, the average credit card rate rose from 16.34% to more than 20% today — a significant increase fueled by the Fed’s actions to combat inflation.

“Card issuers have determined what the market will bear and are comfortable within this range of interest rates,” said Matt Schulz, chief credit analyst at LendingTree.

APRs will come down as the central bank reduces rates, but they will still only ease off extremely high levels. With just a few potential quarter-point cuts on deck, APRs aren’t likely to fall much, according to Schulz.

Despite the steep cost, consumers often turn to credit cards, in part because they are more accessible than other types of loans, Schulz said.

In fact, credit cards are the No. 1 source of unsecured borrowing and Americans’ credit card tab continues to creep higher. In the last year, credit card debt rose to a record $1.21 trillion.

Because credit card lending is unsecured, it is also banks’ riskiest type of lending.

“Lenders adjust interest rates for two primary reasons: cost and risk,” CardRates’ Sandberg said.

The Federal Reserve Bank of New York’s research shows that credit card charge-offs averaged 3.96% of total balances between 2010 and 2023. That compares to only 0.46% and 0.43% for business loans and residential mortgages, respectively.

As a result, roughly 53% of banks’ annual default losses were due to credit card lending, according to the NY Fed research.

“When you offer a product to everyone you are assuming an awful lot of risk,” Schulz said.

Further, “when times get tough they get tough for most everybody,” he added. “That makes it much more challenging for card issuers.”

The best way to pay off debt

The best move for those struggling to pay down revolving credit card debt is to consolidate with a 0% balance transfer card, experts suggest.

“There is enormous competition in the credit card market,” Sandberg said. Because lenders are constantly trying to capture new cardholders, those 0% balance transfer credit card offers are still widely available.

Cards offering 12, 15 or even 24 months with no interest on transferred balances “are basically the best tool in your toolbelt when it comes to knocking down credit card debt,” Schulz said. “Not accruing interest for two years on a balance is pretty hard to argue with.”

Subscribe to CNBC on YouTube.

Personal Finance

The 60/40 portfolio may no longer represent ‘true diversification’: Fink

Published

18 hours ago

April 2, 2025

Business Finance News

Andrew Ross Sorkin speaks with BlackRock CEO Larry Fink during the New York Times DealBook Summit in the Appel Room at the Jazz at Lincoln Center in New York City on Nov. 30, 2022.

Michael M. Santiago | Getty Images

It may be time to rethink the traditional 60/40 investment portfolio, according to BlackRock CEO Larry Fink.

In a new letter to investors, Fink writes the traditional allocation comprised of 60% stocks and 40% bonds that dates back to the 1950s “may no longer fully represent true diversification.”

“The future standard portfolio may look more like 50/30/20 — stocks, bonds and private assets like real estate, infrastructure and private credit.” Fink writes.

Most professional investors love to talk their book, and Fink is no exception. BlackRock has pursued several recent acquisitions — Global Infrastructure Partners, Preqin and HPS Investment Partners — with the goal of helping to increase investors’ access to private markets.

The effort to make it easier to incorporate both public and private investments in a portfolio is analogous to index versus active investments in 2009, Fink said.

Those investment strategies that were then considered separately can now be blended easily at a low cost.

Fink hopes the same will eventually be said for public and private markets.

Yet shopping for private investments now can feel “a bit like buying a house in an unfamiliar neighborhood before Zillow existed, where finding accurate prices was difficult or impossible,” Fink writes.

60/40 portfolio still a ‘great starting point’

After both stocks and bonds saw declines in 2022, some analysts declared the 60/40 portfolio strategy dead. In 2024, however, such a balanced portfolio would have provided a return of about 14%.

“If you want to keep things very simple, the 60/40 portfolio or a target date fund is a great starting point,” said Amy Arnott, portfolio strategist at Morningstar.

If you’re willing to add more complexity, you could consider smaller positions in other asset classes like commodities, private equity or private debt, she said.

However, a 20% allocation in private assets is on the aggressive side, Arnott said.

The total value of private assets globally is about $14.3 trillion, while the public markets are worth about $247 trillion, she said.

For investors who want to keep their asset allocations in line with the market value of various asset classes, that would imply a weighting of about 6% instead of 20%, Arnott said.

Yet a 50/30/20 portfolio is a lot closer to how institutional investors have been allocating their portfolios for years, said Michael Rosen, chief investment officer at Angeles Investments.

BlackRock CEO Larry Fink: Infrastructure will be the largest growing sector in private capital

The 60/40 portfolio, which Rosen previously said reached its “expiration date,” hasn’t been used by his firm’s endowment and foundation clients for decades.

There’s a key reason why. Institutional investors need to guarantee a specific return, also while paying for expenses and beating inflation, Rosen said.

While a 50/30/20 allocation may help deliver “truly outsized returns” to the mass retail market, there’s also a “lot of baggage” that comes with that strategy, Rosen said.

There’s a lack of liquidity, which means those holdings aren’t as easily converted to cash, Rosen said.

What’s more, there’s generally a lack of transparency and significantly higher fees, he said.

Prospective investors should be prepared to commit for 10 years to private investments, Arnott said.

And they also need to be aware that measurement issues with asset classes like private equity means past performance data may not be as reliable, she said.

For the average person, the most likely path toward tapping into private equity will be part of a 401(k) plan, Arnott said. So far, not a lot of companies have added private equity to their 401(k) offerings, but that could change, she said.

“We will probably see more plan sponsors adding private equity options to their lineups going forward,” Arnott said.