
Well, they would say that, wouldn't they.
The data broker at the center of what may become one of the more significant breaches of the year is telling officials that just 1.3 million people were affected. In any normal scenario, the news of a leak affecting 1.3 million people would be staggering, but this one is an oddity since many investigators previously put the …
I haven't received an official letter, but two of my credit cards that offer free monitoring notified me. Six records with my SS number. Three different variations on my name; full, no middle initial, just first and middle initial. Three with my current address, and three with my address from 1990-2004. All have my current cell phone number, which I didn't even have until after 2004, so it's the wrong area code for the old address. Three other phone numbers, none ever mine, with the correct area code for the old address but wrong for the current one. Three email addresses, none ever belonging to me, two using my last name with a different first name or initial and one some else's name, one Gmail, one Yahoo!, and oddly one at a major chemical corporation where I've never worked.
oddly one at a major chemical corporation where I've never worked
Troy Hunt's analysis shows the NPD data is quite dirty. Still potentially dangerous, of course, just because where it's correct it lowers the work factor for attackers; but as a breach, this one is notable for quantity (and the extremely poor security of NPD / Jericho Pictures / affiliates) rather than quality.
Funny, most everyone I know has found a hit on the list. Given I don't know anyone in Maine, what are the odds? There is a lot of wrong information as well, and that is of little comfort.
On a related note, tried to contact Equifax to freeze that account, and they seem quite insistent on getting a voice print. That doesn't sound like a great idea to me. Can anyone recommend voice modifying software for the PC so I can thwart Equifax from voice-printing me?
Clearly, the total number of people affected is far lower than the "billions of records" claimed by the leaker. For example, there are than 20 entries for me, across four states. I'm guessing the number of rows in a spreadsheet of the leaked data are what the leaker cited as the number of records, not discrete individuals.
FYI, I am a dual UK/US citizen who has lived in the UK for the last five years. Almost every place I lived in the US during the 35 years prior to 2019 is in the NPD leak, and all my old US phone numbers. I have not yet found out what UK info NPD holds or if mine was leaked. I also lived in the other country involved, Canada, but that was closer to 50 years ago.
I suspect that GDPR is making UK researchers reluctant to create a website where we Brits can check if we’ve been leaked. But please let me know if such a site comes up.