The Sound of Silence: Why Individuals Aren’t Talking About the SSI Hack

Somewhere between 272 million - 2.7 billion SSIs have been hacked in the most recent attack. I still remember the first time I received an email informing me that my personal information had been compromised in a ransomware attack. I recall the first time I signed up for alerts regarding my information on the dark web. Since then, I've experienced this seven times.

These incidents didn't involve companies with poor reputations; they were all national brands. Now, we have discovered that a significant portion of the Social Security numbers in our country may have been compromised in a hack. Yet, what you don't see is the average person discussing this issue. While there's some discussion within cybersecurity circles, even that is to a much lesser degree than one might expect. Why is that?

How many times can we muster the concern needed? Should we even be concerned?

Yes, absolutely.

But can we be? That is another question entirely, and one that I don't have an answer to. At some point, how do we protect data that is constantly being stolen? Do we mandate better protections from those who are losing it? Do we force companies to take better care of the information they've been entrusted with? Do we impose greater consequences on those who are caught? I don't know the answer.

There have been some interesting comments attached to articles about this concerning event. One commenter stated, “Why is it up to me to protect something I have no control over?”

The advice we receive about this situation typically includes:

• Make sure your antivirus is up to date.
• Update your passwords.
• Use multi-factor authentication.
• Check your credit report.
• Beware of phishing.

But none of these actions were responsible for this particular loss. For some reason, a private company with no direct permissions had over 2.9 billion Social Security numbers.

The hacking group responsible, identified as USDoD, had a member known as Felice tell a hacking forum that they were offering “the full NPD database,” according to a screenshot taken by BleepingComputer. The information consists of about 2.7 billion records, each including a person’s full name, address, date of birth, Social Security number, and phone number, along with alternate names and birth dates.

The price for all this information was only 3.4 million dollars.

While the news stations are echoing with concern about the latest breach of 2.7 million to 2.9 billion SSIs and addresses, among my friends, neighbors, coworkers, and even commenters on the articles, there seems to be a cone of silence.

Stay safe out there!