Brinztech Alert: Data of American Citizens are on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is claiming to sell a database of what they describe as “High quality California Full info.” “Full info” or “FULLZ” is a term for a complete identity kit. According to the seller’s post, the data includes full names, Social Security Numbers (SSNs), dates of birth (DOB), and full street addresses for residents of California. The data is being sold in batches, with a price of $20 per 100 records.

This claim, if true, represents a data breach of the highest possible severity for the individuals involved. A complete FULLZ package provides a criminal with every piece of information needed to completely and convincingly hijack a person’s identity. The specific targeting of California residents suggests the data may have been stolen from a state-level agency or a large company with a significant presence in the state.

Key Cybersecurity Insights

This alleged data sale presents a catastrophic threat to the financial identity of California residents:

• A “Full Identity Kit” for Devastating Fraud: The primary and most severe risk is the exposure of a dataset that enables complete identity takeovers. With a victim’s full name, SSN, and DOB, a criminal can attempt to open new lines of credit, file for government benefits, or take over existing financial accounts.
• Direct Enabler of Immediate Financial Fraud: Unlike simple contact list breaches, this data allows for direct financial crime. The information is precisely what is needed to bypass many identity verification checks at banks and other financial institutions.
• Targeting of a High-Value State Population: California has a large and affluent population, making its residents a high-value target for fraudsters. The specificity of the data suggests a breach at a state-level agency (like the DMV or a tax authority) or a large company that operates primarily in California.

Mitigation Strategies

In response to the constant threat of SSN and FULLZ exposure, all US citizens, and particularly residents of California, must take proactive steps to protect their identity:

• Place a Proactive Credit Freeze: The single most effective action individuals can take to prevent new account fraud is to place a credit freeze with all three major US credit bureaus (Equifax, Experian, and TransUnion). A freeze restricts access to your credit report, making it much harder for criminals to open new lines of credit in your name.
• Heighten Vigilance Against Sophisticated Scams: Everyone should be on high alert for an increase in sophisticated phishing (email) and vishing (voice/phone) scams. Criminals will use this detailed PII to make their scams incredibly convincing. Never provide personal information in response to an unsolicited communication.
• Mandate Multi-Factor Authentication (MFA) on all Financial Accounts: This is an essential defense against account takeover. All users must enable the strongest form of MFA on all of their financial and investment accounts. A stolen password and even a known SSN cannot bypass a proper MFA implementation.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com