This is the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.
It’s Kevin Pham, intern on the Digital Security Training team, taking over the newsletter this week.
In the news
The background-check firm National Public Data has publicly confirmed it suffered two data breaches in April and this summer that exposed millions of Social Security numbers and other personally identifiable information. The Record reports that a threat actor under the pseudonym “USDoD” offered to sell 2.9 billion NPD records on an internet forum. “The data contains a person’s first and last name, three decades of address history and Social Security number. Some experts said they were also able to find a person’s parents, siblings and immediate relatives. The database includes people living and dead.” Notably, individuals who utilize data opt-out services were not included in the database. Read more here.
Get Notified. Take Action.
Sign up to stay up to date and take action to protect journalists and whistleblowers everywhere.
Email:
What you can do
We are not surprised by this, especially since we reported on the first, similar breach only two months ago. To reaffirm what my colleague Martin Shelton mentioned then, it is frankly absurd that the United States does not regulate the selling of personal data by these data broker giants. More likely than not, your personal information was affected by this breach if you live in the U.S. or U.K. Here are some options to prevent potential cases of identity theft:
- For no cost, you can manually remove yourself from many data brokers by following instructions listed in journalist Yael Grauer's Big Ass Data Broker Opt-Out List. However, brokers are known to regularly pull your data in again — sometimes every few months, sometimes every few years. It is not trivial to opt out constantly.
- In around a dozen countries, you can use antidata broker services like DeleteMe, which allows you to have personal data removed from such sites. It’s not cheap though — it will cost roughly $129 each year. If you have the means to do this, it may be a worthwhile investment. We encourage media organizations with the capacity to support staff, particularly those working on politically sensitive reporting, to take advantage of these services.
- For U.S. citizens: If you’re concerned that your Social Security number has been leaked or is at risk of being used for harassment or fraud, consider freezing your credit at all of the major credit bureaus. Essentially, you can require credit reporting agencies like Equifax to verify additional information before allowing anyone to use credit in your name (e.g., buying a car or opening a new credit card). You can always go back into the credit freeze portals outlined above to unlock your credit when needed. Read more about how to freeze your credit.
Updates from our team
- We wrote a guide on OnionShare, the anonymous file sharing app maintained by FPF co-founder Micah Lee. If you are thinking of setting up your own 24/7 drop box, check it out!
Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.
Best,
Kevin
–
Kevin Pham
Digital Security Training Intern
Freedom of the Press Foundation
