In September 2024, National Public Data confirmed that hackers have compromised the personal records of millions. This breach includes names, email addresses, mailing addresses, phone numbers, and even Social Security numbers for up to 2.9 billion individuals. Here’s what you need to know.
What Happened?
National Public Data, a consumer data broker that provides criminal records, background checks, and other data to various sectors—including private investigators, HR, staffing agencies, and government entities—was targeted by hackers. The breach is believed to have begun in December 2023, when a third-party attacker tried to gain access.
In April, a cybercriminal known as “USDoD” leaked the stolen data online within a notorious criminal community. Then, on August 6, this dataset appeared again, now available for free on multiple breach forums.
The leaked personally identifiable information (PII) includes names, addresses, phone numbers, email addresses, and Social Security numbers of millions of individuals, some of whom are deceased. The dataset also contains previous addresses and, in some cases, alternate names.
While the official breach notice filed in Maine indicated that 1.3 million records may have been affected, lawsuits suggest that as many as 2.9 billion records might have been compromised.
As the investigation progresses, some cybersecurity experts have found that certain details in the released data are inaccurate. However, aside from Social Security numbers, much of this information is already publicly accessible online.
Why Is This Breach a Concern?
Although some of the information can be found via a simple Google search, having all this critical data aggregated in one location makes it easier for criminals to exploit it. They could use this information to apply for credit cards, loans, or open new bank accounts.
Moreover, details like childhood street names or the last four digits of your Social Security number often serve as answers to security questions, enabling hackers to bypass authentication and access private accounts.
Experts are also warning of a potential increase in phishing and smishing (SMS phishing) attacks as a result of this breach.
Could You Be Affected?
Yes! Even if you’ve never heard of National Public Data or directly purchased data from them, other organizations and businesses may have used their services to gather information about you.
How to Protect Yourself
Step 1: Check if Your Data Has Been Exposed
Use tools like https://npd.pentester.com/ to see if your information has been compromised. If it has, take immediate action.
Step 2: Request Your Credit Report and Freeze Your Credit
One of the best ways to protect your identity is to freeze your credit and set up alerts. This prevents criminals from opening new accounts in your name. Contact all three major credit bureaus—Equifax, TransUnion, and Experian—to request a credit freeze. This process is free and should take less than 10 minutes per bureau. If others in your household are over 18, consider freezing their credit as well, as anyone with a Social Security number is at risk following such a significant breach.
Once you receive your free credit report, review it for any unauthorized activity. Remember to set up alerts and regularly check your credit.
Step 3: Be Vigilant Against Phishing Scams
Expect that cybercriminals may attempt to exploit this information through phone calls, text messages, emails, and even social media. Exercise caution!
A data breach is devastating for both the affected organization and the individuals whose data is compromised. As a business owner, it’s essential to implement robust security measures to protect your business and its data. If you’d like to conduct a thorough assessment to determine if your information has been compromised or if your network is vulnerable, we offer a FREE Security Risk Assessment. This comprehensive evaluation will provide you with a security blueprint. To schedule yours, call us at 630-320-3723 or click here.