One epic data theft after another continues to happen, the entities at fault continue getting a slap on the wrist, then allowed to continue “business as usual”. No level of credit monitoring will ever prevent the damage already done from affecting consumers from having their identity being used in some manner. Its far past time to close these businesses down until they are “certified” by the appropriate authorities as being safe to do business going forward. The kicker here is, this breach initially happened in December of 2023 yet went ignored by NPD. Then, again in April 2024 and summer 2024. Now they go as far as blocking access to the breach info out on the web by consumers. Intent to be indifferent? You tell me.
It is worth noting that BleepingComputer’s testing revealed that access to NPD’s statement on the security incident has been blocked for IP addresses in numerous locations in the U.S. as well as regions outside the country. More than a dozen captures of the page exist on the Internet Archive, though.
It must be “trendy” for companies to not notify people of data breaches for months after it happened. That happened with my former bank. They sent out letters only to the people they identified as being affected 6 months after the breach was discovered… I was upset, and then they had another breach 18 months later and again they waited 6 months to announce it by mailing letters. Lucky me, being in both breaches! The bank is local to my area and it wasn’t in the news paper. I closed my accounts. Each time they offer a free 12 month membership for Experian, but if you want “deep monitoring” Experian wants to you pay $25 a month.
Class action lawsuits is all that seems to take place against companies. At least, that’s all I’ve seen from looking on the internet. I emailed my state assemblyman about punishment for the bank and got a nice email back from his clerk saying they’ll look into and get back to me. That was a month ago. I guess I need to contact him again. This time I’ll sign off with “Concerned Voter” since he’s up for re-election.
The scammer “business” on the whole needs to be punished on a global level when they’re found, and severely punished, but some countries seem to be very lenient when it comes to punishment.
How do we find out if our data as in NPD’s breach? I’d like to know for sure since I haven’t received any notification from them yet; I’ve been at the same address for the last 30 years. If the scammers have my phone #, address and email address, surely NPD can reach me. Ticketmaster, MGM Grand and an old mortgage lender I had sent letters.
Some recommendations are here:
SA
After I made my first reply (rant?), Norton sent me an email re: what info about me they’d found on the Dark Web directly related to the NPD breach; it did not include my SS#.
I haven’t seen that on my Norton to date. Most likely a sell-up for LifeLock if you currently do not have it. The burden is on NPD to notify everyone that is affected, that is the law. As tedious as that may be for them it is their responsibility. Until I have a letter in hand that is official, personally, its a scam as far as I see it. Never can be too cautious with one breach after another. Companies mine our data, they say they do not. Reality is, they do, this is proof of it. Companies also have zero clue what their responsibilities are regarding OPSEC are. It includes, ANY third party or contractor, with access to their systems. Employees included. Bottom line is…until the federal government starts breaking it off in the backside of these companies and/or, breaking them up not one thing is going to change. Sorry for the rant. Corporate America is disgusting, business models are take every dollar you can and hope nothing happens.
SA
SA