Most people applying for birth certificates aren’t thinking that their private information will be made readily available to the public. But according to Tech Crunch, an online company that allows users to obtain a copy of their loved one’s birth and death certificates from U.S. state governments has exposed over 752,000 applications for copies of birth certificates and 90,400 death certificate applications.
Although each application process differed by state, they all allowed customers to apply to their state’s record-keeping authority. The applications contained personally identifiable information such as the applicant’s name, date of birth, current home address, and more. What’s more, the applications stored in the online bucket dated back to late 2017 and were updated daily, creating a robust treasure trove for cybercriminals.
Due to the high amount of consumer data provided by people requesting copies of birth certificates or registering their newborn children, the exposure of these applications is a cybercriminal’s dream come true. If a criminal did get a hold of this information, the information would likely be posted for sale on the Dark Web. From there, other malicious actors could purchase the data and use it to impersonate others or commit identity theft.
Tech Crunch and the security researchers who discovered the exposed data attempted to inform the company responsible but have not yet received a response. So, in the meantime, here are some steps users can follow to help protect their personal information now and in the future:
- Be vigilant when monitoring your personal and financial data. A good way to determine whether your data has been exposed or compromised is to closely monitor your online accounts. If you see anything fishy, take extra precautions by updating your privacy settings, changing your password, or using two-factor authentication.
- Watch out for other cyberattacks. Be on high alert for malicious attacks where cybercriminals could use stolen credentials to exploit users, such as spear phishing.
- Place a fraud alert. If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity.
- Freeze your credit. Freezing your credit will make it impossible for criminals to take out loans or open up new accounts in your name. To do this effectively, you will need to freeze your credit at each of the three major credit-reporting agencies (Equifax, TransUnion, and Experian).
- Consider using identity theft protection. A solution like McAfee Identify Theft Protection will help you to monitor your accounts, alert you of any suspicious activity, and help you to regain any losses in case something goes wrong.