October 28, 2024
In September 2024, National Public Data confirmed that a hacker had breached the personal records of millions of individuals. The compromised information includes names, email addresses, mailing addresses, phone numbers, and even Social Security numbers for up to 2.9 billion people. Here's what you need to know.
What Happened?
National Public Data, a consumer data broker providing criminal records, background checks, and other data services to private investigators, consumer public record sites, human resources, staffing agencies, the government, and more, was hacked. The breach is believed to have begun in December 2023 when a third-party attacker attempted to gain access.
In April, a cybercriminal known as "USDoD" posted the stolen data on a popular criminal community online. On August 6, the dataset reappeared, this time freely available on several breach forums for anyone to access and download.
The exposed personally identifiable information includes names, addresses, phone numbers, email addresses, and Social Security numbers for millions, including some deceased individuals. The data also contains previous addresses and, in some cases, alternate names.
An official data breach notice filed in Maine indicated that 1.3 million records may have been compromised; however, some lawsuits suggest as many as 2.9 billion records have been exposed.
As the investigation continues, many cybersecurity experts note that some released data was inaccurate. Apart from Social Security numbers, most of the information is already public and easily accessible online.
Why is this breach dangerous if the information is publicly available?
There are several reasons for concern. Having all this critical information consolidated makes it easier for criminals to apply for credit cards, loans, or open new bank accounts using stolen identities.
Details like childhood street names or the last four digits of Social Security numbers are often used as answers to security questions, helping hackers bypass authentication and access private accounts.
Some cybersecurity experts predict a surge in phishing and smishing (phishing via SMS) attacks as well.
Can you be affected even if you haven't heard of National Public Data or purchased data from them?
Yes! Even if you haven't directly interacted with them, other organizations, businesses, landlords, etc., may have used their services to gather information about you.
What should you do to protect yourself?
Step 1: Check if your data has been exposed. Use tools like https://npd.pentester.com/ to see if your information has been compromised. If it has, take immediate action.
Step 2: Request a copy of your credit report and freeze your credit. This is one of the best ways to protect your identity, preventing criminals from opening new credit lines in your name. Contact all three major credit bureaus—Equifax, TransUnion, and Experian—to request a freeze.
The process is free and should take less than 10 minutes per site. If there are others in your household over the age of 18, consider freezing their credit too, as anyone with a Social Security number is vulnerable after a breach of this magnitude.
Once you have your free credit report, review it for any unauthorized activity. Set up alerts and regularly monitor your credit.
Step 3: Be vigilant for phishing scams. Cybercriminals may use this information to scam you through phone calls, text messages, emails, and social media. Stay cautious!
A data breach is devastating for everyone involved - the
business hacked and the customers or employees whose data is leaked. As a
business owner, it is your responsibility to make sure you are taking the
highest precautions to protect your business and its data. If you want to do a
full assessment and find out if any of your information has been leaked or if
your network is vulnerable to a breach, we'll do a FREE 10-Minute Discovery Call. This deep dive into your network will provide you with a blueprint
for security steps to take. To book yours, call our office at 407-278-5664 or click here.
