My current least favorite thing about the churn of social media that I've seen over the past week is waves of stories, posts and videos saying that every U.S. citizen's Social Security number has been stolen or potentially viewed by a threat actor. The claim comes from a class action lawsuit filed on Aug. 1 against a data broker called National Public Data, claiming they failed to keep U.S. citizens' Social Security numbers secure. A threat actor going by USDoD claimed in April that it had accessed a database that included information on every person in the U.S., Canada and the U.K. The lawsuit states that a breach at National Public Data resulted in the exposure of more than 3 billion personal records (a number that obviously surpasses the current population of the U.S.), including every Social Security number. That sounds scary, and many people took the statement as fact, running to create warnings that your Social Security number had definitely been breached and you needed to "TAKE ACTION NOW!" Except, the claim in the lawsuit is still unsubstantiated. This is not to say there was never a breach or that some public records weren't stolen or accessed, but almost certainly not literally every single Social Security number. For starters, I used a tool from security firm Pentester that allows users to search for if their Social Security number, birthday, or other sensitive information may be in the NPD Breach. I searched for everyone in my immediate family, parents, and…Read More