Social Security Numbers Stolen in Data Breaches — Where’s the Accountability?
There are so many data breach stories making headlines lately, from ransomware scams and social engineering to evolving agentic AI attacks against inadequate defenses, it’s hard to know what to do with them all.
More than 12,000 individuals have had their personal data compromised by a breach of the Children’s Council of San Francisco, a childcare and early education provider for the city. Unauthorized access to the group’s systems resulted in stolen names and Social Security numbers (SSN), and Lynch Carpenter, LLC is currently investigating claims made in relation to this incident.
This isn’t the only breach on the Lynch docket. Along with medical supply company One Source Medical Group, which was breached for sensitive patient data, Tieu Dental Corporation is also subject to investigation for unauthorized access to their networks which led to the compromise of personal information, including more SSNs. Then you have claims against workers union Teamsters Local 175, representing members in West Virginia, Kentucky, Ohio and Virginia; Texas law firm Sprouse Shrader Smith, hit for over 17,000 affected individuals, Bell Ambulance of Wisconsin for a data breach impacting the medical records of over 200,000. The list of those at risk through the cybersecurity failings of others goes on.
In all of these incidents, personally identifiable information (PII) was stolen by cyber infiltrators, including financial, healthcare and insurance info, identification numbers and addresses. In most, SSNs were also stolen, elevating the severity of the attacks and their consequences for people who now have to show extra caution for various types of fraud.
Even more does this apply when we slide up the scale of security incidents: 2.7 million Americans now must be on watch after a breach of Navia Benefit Solutions, a backend benefits administrator used by over 10,000 US employers in spending and savings accounts. What this breach ultimately means is that even a company with which you have zero direct interaction, can end up compromising your personal data, without you even being aware of their possession – yes, that includes your Social Security number. These and other bits of stolen data like COBRA benefits (Consolidated Omnibus Budget Reconciliation Act) are lifelong identifiers, and the unfortunate reality is that users often lack control over their data handled by these separate vendors.
Thus the extra work for Lynch and the like. All people can really do is file suits in response, utilize fraud alerts and credit freezes, and demand stronger protections for their data, keeping it locked down via powerful encryption to make it useless to cyber criminals, and the way it’s used by those firms responsible.