Hacked SSNs: What, Me Worry?

With apologies to Alfred E. Neuman, yes, you should worry. But you don’t need to panic, especially if you have Windows 11, a computer with a later-generation chipset and a lot of common sense.

New reports say the hacking group USDoD claimed it had allegedly stolen personal records of 2.9 billion people from National Public Data, according to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, FL. The breach was believed to have happened in or around April, according to the lawsuit. A class-action law firm said the stolen file includes 277.1 gigabytes of data and includes names, address histories, relatives, and Social Security numbers dating back at least three decades. A post from a cybersecurity expert on X claims the records for citizens of the U.S., U.K., and Canada were sold on the dark web for $3.5 million.

Yes, that’s scary. But it’s not as dire as you think. Security breaches happen all the time because thieves find vulnerabilities in large systems and exploit them. Some thieves steal simply because they can. If they don’t try to use stolen information, you don’t have a problem. But if they do try to use stolen data, they need to know how to defeat whatever aggressive defenses exist at, say, a bank. Often, they fail.

They may try to sell the data, but if there’s no market, the stolen information languishes. If they do sell it, the data might turn out to be outdated. Finally, the buyers may be state actors. If you’re not a likely target of blackmail or in possession of interesting secrets, they may have the goods on you but not want to use them.

All you can do is harden your defenses as best you can.

Set up two-factor authentication for every online account that offers it, or use an authentication app, such as Microsoft Authenticator to secure your online accounts. If thieves haven’t intercepted your email, text messages, or phone, it’s going to be hard for them to break in.

Sign up for account alerts. Depending on your bank or card company, you can set them up for many things, including any charge outside your home country, any (or all) ATM withdrawals, or transactions over a certain amount.

If you get an alert you didn’t expect — or even one you did — don’t click links or call phone numbers in the alert. Instead, log into the account in question and find a contact number there. That will keep thieves from redirecting you to their own operations.

We can answer questions about 2FA, and we can help you set up Microsoft Authenticator. A proper set-up will prevent problems down the line. Call us – 973-433-6676 – or email us for an appointment.

Inside a Hack Investigation

Getting hacked doesn’t always mean your world has come to an end. In many cases, however, fixing it is a grueling process, physically and mentally, and you’ll have to provide a lot of information you hadn’t planned to disclose.

Here’s how it started. A client clicked on a pop-up window at 3 p.m. that said their computer was infected with a virus. The message in the pop-up said illegal activity was detected on the computer. But if the client called the number in the window, they could clean it up.

The client let them on the computer and was given a cost (it doesn’t matter what it was) to fix the problem. They said it could be paid for by taking cash out of his account and depositing the cash at a specified ATM. They said not to turn off the computer. The client told friends they thought they’d been hacked.

They called the next morning and said they felt stupid. We told them not to. We see hacks from pop-up windows all the time – and they frequently happen on sites where people print recipes. The site opens what looks like a print dialogue box, and it can sometimes be difficult to know what the icon in the box means.

Our first advice to anyone who thinks they’ve been hacked is to turn off the computer and call us immediately at 973-433-6676. In most cases, the money is already gone by the time you turn it off, but nobody can get anything out of a computer that’s shut down.

To do our best to close off any new attempts from a hacker, we ask our clients to walk us through every detail of the incident. We need to find where something started so that we can close off any loops. We need to do this at every point affected by the hack. Once a hacker has gotten into your computer, you can bet they’ll be back – and you can bet they’ll look for all the doors they got through.

The obvious lesson we can all learn from this is to be extremely careful about pop-up windows. You can install pop-up blockers on your computer’s browser, and they can be configured so you can allow them on a case-by-case basis.

But pop-ups can pose additional risks, especially as artificial intelligence (AI) becomes more widely deployed. When you call a phone number in a pop-up – or any link for that matter – your voice can be recorded and synthesized. If you visit financial or health-related websites that rely on voiceprints as part of their security, you can be at risk. Whenever you answer any phone call from a number you don’t know, avoid saying the word “yes.”

We can help you tighten your security by helping you configure pop-up blockers and fine-tune your anti-virus programs. Call us – 973-433-6676 – or email us to discuss your needs.