The Weekly Breach Breakdown Podcast: Old Data Breach Risks – The Long Shadow of Past Leaks - S7E6

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for February 27, 2026. I am Tatiana Cuadras, Communications Assistant for the ITRC. Thanks to Sentilink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we’re taking a closer look at a recently uncovered online database containing billions of records, including a substantial number of Social Security numbers (SSNs), and highlighting ongoing concerns about legacy data breach risks. 

According to reporting by WIRED, researchers discovered an unsecured database that was publicly accessible online. It contained billions of email and password combinations, along with approximately 2.7 billion entries that included SSNs. Even though not every record has been confirmed as fully accurate, researchers noted that a meaningful percentage of the sampled SSNs appeared to be legitimate. Scary, right? 

That’s what makes this discovery extremely concerning. Unlike passwords, which can be changed, your SSN generally remains the same for life. Once that’s exposed, it can be reused in identity fraud schemes, loan applications, tax fraud or synthetic identity crimes.  

Researchers believe this database does not represent a single new breach. Instead, it appears to be a large aggregation of data from prior incidents that has been compiled and resurfaced. Think of it less as a new leak and more as a reminder that old, breached data doesn’t just disappear over the months. It can be bundled with other breaches and continue circulating for years. 

As WIRED reported, old data remains valuable for two main reasons: 

1. People often reuse the same email addresses and passwords across multiple accounts, allowing identity criminals to continue to test the same credentials over time.  
2. SSNs rarely change and are tied to sensitive information, which means valid SSNs are considered a top-notch prize in identity theft.  

This is where understanding old data breach risks becomes especially important. Exposure may result in immediate fraud, but identity misuse can also surface months or even years after the original compromise. Also, exposed data may be used by more than one criminal group on more than one occasion, making it difficult to connect suspicious activity to a specific incident. 

So, what steps should individuals consider? 

Placing a free credit freeze prevents criminals from opening new accounts using stolen information. Regularly reviewing credit reports and monitoring financial accounts is also an effective approach for detecting unusual activity on existing accounts and accounts on freeze.  

Remember, it is important to remain cautious about unsolicited emails, texts or calls that reference personal information because of breaches.  Identity criminals often use previously exposed data to appear legitimate or even someone with whom you have a relationship to scam people.  

If a message feels urgent or unexpected, pause before giving out any personal information. Large-scale discoveries like the one mentioned in this episode are reminders that old data breach risks don’t go away just because time has passed. 

If you want to know more about how to protect your business or personal information, how old data breach risks are still relevant, or think you have been the victim of identity theft, fraud or a scam, you can speak with an expert ITRC advisor on the phone, chat live on the web or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.   

Thanks again to Sentilink for their support of the ITRC and this podcast. Please hit the like button for this episode and subscribe wherever you listen to podcasts. We will be back next week with a new episode of our sister podcast, the Fraudian Slip, where the Social Security Administration joins ITRC President James E. Lee and CEO Eva Velasquez for Slam the Scam Day to discuss emerging government imposter scams. I’m Tatiana Cuadras. Until then, thanks for listening.