Major Data Breach at National Public Data Exposes Personal Records of Millions
What Happened?
In September 2024, National Public Data confirmed that a hacker had compromised the personal records of millions of individuals. The exposed data includes names, email addresses, mailing addresses, phone numbers, and Social Security numbers of up to 2.9 billion people.
Incident Overview
National Public Data, a consumer data broker specializing in criminal records, background checks, and other data for private investigators, consumer public record sites, human resources, staffing agencies, and government entities, was hacked. The breach is believed to have started in December 2023, when a third-party bad actor attempted to gain access.
In April 2024, a cybercriminal known as "USDoD" posted the stolen data online in a popular criminal community. On August 6, the dataset resurfaced, this time available for free on several breach forums, making it accessible to anyone.
The leaked information includes names, addresses, phone numbers, email addresses, and Social Security numbers, affecting millions, including some deceased individuals. The data also contains previous addresses and, in some cases, alternate names.
An official data breach notice filed in Maine indicated that 1.3 million records might have been breached. However, some lawsuits suggest that up to 2.9 billion records have been exposed.
Why is This Breach Dangerous?
While much of the information released is already publicly accessible, having it all in one place makes it easier for criminals to exploit. They can use this data to apply for credit cards, loans, or open new bank accounts. Details like childhood street names or the last four digits of Social Security numbers are often used as answers to security questions, enabling hackers to bypass authentication and access private accounts.
Cyber experts warn of a potential surge in phishing and smishing (phishing via SMS) attacks.
Can You Be Affected Even If You're Unfamiliar with National Public Data?
Yes. Even if you haven't interacted with National Public Data directly, other organizations, businesses, landlords, etc., may have used their services to gather information about you.
Steps to Protect Yourself
- Check if Your Data Has Been Exposed: Use tools like https://npd.pentester.com/ to see if your information has been compromised. If it has, take immediate action.
- Request a Copy of Your Credit Report and Freeze Your Credit: One of the best ways to protect your identity is to freeze your credit and set up alerts. This prevents criminals from opening new lines of credit in your name. Contact the three major credit bureaus—Equifax, TransUnion, and Experian—to request a freeze. The process is free and should take less than 10 minutes per site. It's also advisable to freeze the credit of other household members over the age of 18, as anyone with a Social Security number is vulnerable. Once you have a copy of your credit report, review it for unauthorized activities. Set up alerts and regularly monitor your credit.
- Watch Out for Phishing Scams: Be vigilant against scams through phone calls, text messages, emails, and social media. Cybercriminals may use the breached information to target you.
Stay informed and take proactive steps to protect your personal information in the wake of this significant data breach.
A data breach is devastating for everyone involved - the
business hacked and the customers or employees whose data is leaked. As a
business owner, it is your responsibility to make sure you are taking the
highest precautions to protect your business and its data. If you want to do a
full assessment and find out if any of your information has been leaked or if
your network is vulnerable to a breach, we'll do a FREE Consultation. This deep dive into your network will provide you with a blueprint
for security steps to take. To book yours, call our office at 800-626-3223 or click here.
