Hacks, Hoaxes, and Hysteria: How Data Breaches Become Fodder for Narrative Attacks

In the wake of the massive ransomware attack on National Public Data (NPD), executed by the hacking group USDoD, the fallout has extended far beyond the immediate damage of stolen identities and financial threats. The breach exposed the information of nearly 3 billion records associated with individuals across the United States, Canada, and the United Kingdom. Like almost all modern cyber attacks, the data breach also triggered a wave of false narrative attacks that spread like wildfire across social media. Fueled by narrative attacks, these misleading narratives can deepen public fear and anxiety, exacerbate political polarization, erode trust in government institutions, and complicate recovery efforts.

The stolen data included sensitive information such as full names, Social Security numbers, addresses, dates of birth, and phone numbers, which could be used for identity theft and fraud. The USDoD group initially attempted to sell the data on the dark web for $3.5 million. Still, another hacker named “Fenice” later leaked a complete version of the data for free on a hacking forum in August 2024. The breach has raised serious concerns about data privacy and the potential for widespread financial and identity-related crimes.

LEARN MORE: What is a narrative attack?

The circulation of this news across social media-fueled various conspiracy theories, often rooted in prominent political beliefs. These misleading narratives have the potential to heighten public fear and anxiety while also deepening political polarization and eroding trust in governmental institutions and processes.

Blackbird.AI’s RAV3N Narrative Intelligence and Research Team used our Constellation Narrative Intelligence Platform and Compass by Blackbird.AI – our context-checker – to identify and analyze multiple narratives surrounding the event. 

Narrative 1: Government Officials Orchestrated The National Public Data Hack To Distribute Social Security Numbers To Unauthorized Immigrants, Aiming To Manipulate Voter Turnout In Favor Of Democrats

The dominant narrative was that the stolen data would be used to legitimize millions of undocumented immigrants in the United States, allowing them to assume stolen identities and vote in the upcoming November election. Users alleged that Social Security numbers and personal details would be distributed to these immigrants, enabling them to access jobs, welfare, and other benefits. The timing of the breach, just months before the election, was seen by many as more than coincidental, with claims that the attack was orchestrated by “deep state” globalists or the current administration to replace American citizens with “replacement Americans” who could be easily manipulated.

Users linked the breach to a broader conspiracy involving recent events like the monkeypox outbreak and the “southern border invasion,” suggesting these crises are also part of a coordinated effort to destabilize the country and rig the election. Fears of mass voter fraud were amplified by claims that voter registration information could be accessed online with just a name and partial Social Security number, potentially facilitating the creation of thousands of fraudulent votes. Some users predicted this would lead to another manipulated election, with tactics like ballot dumps and vote-flipping going undetected due to planned disruptions such as DDoS attacks.

Distrust of government agencies like the FBI and NSA was also prominent, with users questioning why these agencies failed to prevent such a large-scale hack. Comparisons were made to Elon Musk’s X-Spaces Team, which was claimed to have thwarted a similar DDoS attack within 40 minutes, suggesting Musk’s team might be more competent than federal agencies in election security. This distrust extended to speculation that the government might use the breach as a pretext to issue new Social Security numbers to everyone, including undocumented immigrants, furthering what some saw as a deliberate effort to undermine the nation.

High levels of bots amplified this narrative, often connecting the data theft to anxieties about immigration, public health, and the future of American democracy. These accounts often claimed that the attack was part of a larger plot to reshape the country’s demographic and political landscape, ultimately disenfranchising ordinary citizens.

LEARN MORE: 8 Ways for Security Leaders to Protect Their Organizations from Narrative Attacks

This network graph shows the influence of bots, in red, on conversations regarding the government providing illegal immigrants with stolen Social Security numbers in order to influence the 2024 election.

Narrative 2: The Ransomware Attack Was Planned To Replace Social Security Numbers With Digital Biometric IDs

With apprehension about Social Security flooding social media, users expressed deep suspicion and concern over the potential implications for personal privacy and the introduction of digital IDs. A recurring theme among the posts was the belief that the breach was not merely a criminal act. Still, part of a larger, orchestrated government or powerful elites plan to push for a national digital ID system. Users speculated that the widespread theft of Social Security numbers would render these traditional identifiers obsolete, creating a pretext for the government to introduce digital IDs as a more secure alternative. This idea was further fueled by the timing of the breach, which some users saw as suspiciously aligned with other crises and policy initiatives, like the introduction of Google and Apple wallet IDs in states like California.

Many users voiced concerns that a digital ID system would increase government surveillance and control over their lives. They feared that introducing digital IDs would pave the way for more invasive tracking forms, such as biometric data collection, and ultimately lead to the erosion of personal freedoms. Some even connected the push for digital IDs to broader conspiracy theories, including implementing a social credit system or even the “mark of the beast.” The sentiment was that the breach was a manufactured crisis designed to instill fear and desperation, making the public more willing to accept digital IDs as a necessary solution to safeguard their identity and financial security.

Beyond concerns about government overreach, users doubted the effectiveness of digital IDs in preventing future breaches. They questioned the logic of trusting a system that failed to protect Social Security numbers with even more sensitive digital information. Many feared that digital IDs would increase vulnerabilities and increase government surveillance and control. This skepticism was rooted in a deep mistrust of the government’s intentions, with users suspecting that the push for digital IDs was less about public safety and more about consolidating power and eroding personal freedoms.

LEARN MORE: Tag Infosphere Report: How Misinformation and Narrative Attacks Represent a New Threat Vector

Narrative 3: Blockchain Technology Is The Only Solution To Prevent Future Cyber Attacks On Personal Information

Discussions about the shortcomings of Social Security led to a significant uptick in conversations about the potential benefits of blockchain technology for securing personal information. Many users argue that the breach exposes fundamental flaws in current data management systems, suggesting that decentralized blockchain technology could offer a more secure alternative. Users asserted that blockchain’s inherent decentralization and encryption could address the single points of failure present in centralized systems. Some accounts proposed completely replacing Social Security numbers with a blockchain-based digital identity system, which they argue would reduce vulnerability to theft and fraud. They envision a future where sensitive data is encrypted and decentralized, allowing users greater control over access. This vision includes integrating blockchain into various aspects of daily life—such as voting systems, financial accounts, and social services—to enhance security and streamline processes.

However, amid these discussions, it is essential to note that over 40% of social media users pushing this narrative were identified as bots, which raises questions about the authenticity and motivations behind some of the advocacy for blockchain solutions. Despite this, the debate also touched on concerns about the limitations of blockchain technology. While blockchain is often praised for its security features, users acknowledged that no system is entirely immune to hacks, mainly due to human error and the complexities of implementing such technology. The discussion also highlighted skepticism about the feasibility of a rapid transition to blockchain-based systems, citing potential challenges in integrating these technologies with existing infrastructures and the need for robust legal frameworks. Nonetheless, the breach has undeniably intensified calls for technological innovation and reconsidering how personal identifiers are managed and protected.

LEARN MORE: Social Media Misinformation and Narrative Attack Readiness and Response Checklist

Narrative Attacks in Healthcare

The National Public Data breach is not the only case of cyberattacks driving MDM, public distress, and intensifying political tensions. Narrative attacks following prominent cyberattacks are becoming all too common – recent examples, such as the hack on Florida’s Department of Health, emphasize this.

On July 1, 2024, the Florida Department of Health (DOH) fell victim to a severe ransomware attack targeting its online Vital Statistics system, exposing sensitive information on the dark web. The compromised system, which is used to issue birth and death certificates, contained over 20,000 files that included Floridians’ recent HIV test results, detailed doctors’ notes, immunization and virus testing records, as well as signed medical release forms, workers’ compensation records, and COVID-19 diagnoses. Many of these records contained personal identifiers such as full names, dates of birth, addresses, Social Security numbers, and insurance details. The files, dating from 2023 and 2024, also revealed other intimate information, including a woman’s negative mammogram result and a photo of a person’s passport. The breach, described as one of the worst in Florida’s history, was far more extensive than initially acknowledged by officials within Governor Ron DeSantis’ administration.

The attack compromised the Department of Health’s Bureau of Public Health Laboratories, affecting test results from labs in Jacksonville, Tampa, and Miami. While most of the records viewed were from Broward County, the files were a mix of sensitive medical data and seemingly benign internal DOH documents, such as employee time-off requests and expense reports. The ransomware attack, attributed to RansomHub, occurred after the state refused to pay an undisclosed ransom, which was in line with its policy of not meeting such demands. Consequently, RansomHub released the stolen data on the dark web, highlighting the ongoing vulnerability of public health organizations to cyberattacks.

LEARN MORE: What is Cognitive Security?

Misleading Narratives On Mainstream Social Media Platforms 

Many claimed that the hack was a deliberate act, often implicating Governor Ron DeSantis and Surgeon General Joseph Ladapo as the masterminds behind the scheme. Numerous posts suggested that the attack resulted from poor cybersecurity and a calculated move by DeSantis’s administration to target vulnerable populations or undermine public trust. Users accused DeSantis of potentially orchestrating the breach to advance political agendas or create chaos within the public health system. Theories circulated that the exposure of sensitive information, such as HIV statuses, was designed to marginalize specific groups, including LGBTQ individuals, and to enable discrimination. Some even proposed that the breach might have been a way to stoke fear and division, aligning with broader conspiratorial views about the administration’s motives. This perspective was reinforced by accusations that the administration’s handling of the situation and its lack of transparency further supported claims of deliberate negligence or malicious intent.

As cyberattacks escalate, we will likely see a corresponding increase in narrative attacks that exploit these incidents for political or ideological purposes. Events with widespread impact, such as the 2024 election, can further intensify these narratives, leading to a surge in narrative attacks. While the current focus of this piece has been on governmental institutions, agencies, and officials, it is crucial to recognize that brands such as Fortune 500 companies are equally vulnerable to such damaging narratives. The fallout from these narratives can have severe repercussions, including undermining public trust, causing stock prices to plummet, and inflicting long-term damage on corporate reputations and operations. As the landscape of cyber threats continues to evolve, it becomes increasingly essential for organizations and individuals to be vigilant against the dual threats of cyberattacks and the harmful narratives they can generate.

LEARN MORE: Use Case: Why Government Leaders and Policymakers Need Narrative Risk Intelligence

The Way Forward – Key Takeaways for Organization Leaders

• Recognize that cyberattacks often spur misleading narratives and conspiracy theories, which can amplify the damage of the original breach. Organizations must be prepared to combat both technical and informational threats.
• Monitor social media and online forums actively to identify emerging false narratives related to cyber incidents. Early detection is critical to mounting an adequate response.
• Develop a crisis communication plan that includes strategies for countering narrative attacks. Transparency, clarity, and consistency in messaging are essential.
• Invest in robust cybersecurity measures to prevent breaches in the first place. This includes employee training, multi-factor authentication, regular system updates, and working with reputable cybersecurity partners.
• Foster a culture of digital literacy and critical thinking within the organization. Encourage employees to fact-check information, question suspicious claims, and rely on trusted sources, especially after a cyber incident.

To learn more about how Blackbird.AI can help cybersecurity leaders and CISOs protect their organizations from narrative threats, contact us here.