In September 2024, National Public Data confirmed that a hacker has compromised the personal records of millions of individuals. The breach exposed the names, email addresses, mailing addresses, phone numbers, and even Social Security numbers of nearly 2.9 billion people. Here’s what you should know.
What happened?
National Public Data, a consumer data broker that specializes in providing criminal records, background checks, and other forms of data to private investigators, consumer public record sites, human resources, staffing agencies, government agencies, and more, was hacked. The breach is believed to have started in December 2023 when a third-party bad actor attempted to infiltrate their system.
In April, a cybercriminal known as “USDoD” posted the stolen data online in a popular criminal community. On August 6, the stolen dataset resurfaced, this time posted for free to several breach forums, allowing anyone to access and download it.
The leaked sensitive information included names, addresses, phone numbers, e-mail addresses, and Social Security numbers for millions of people, including some deceased individuals. The data also contained previous addresses and, in some instances, alternate names.
The official data breach notice that was filed in Maine indicated that 1.3 million records may have been compromised; however, some lawsuits are suggesting the actual number could be as high as 2.9 billion.
As the investigation continues, many cyber experts are finding that some of the data released was inaccurate. Aside from the Social Security numbers, most of this information is already publicly accessible and relatively easy to find online.
So why is this breach dangerous if the information can be found with a quick google search?
There are several reasons to be alarmed. Having all this sensitive information consolidated in one location simplifies the process for criminals to exploit it, allowing them to apply for credit cards and loans or open new bank accounts.
The information included, such as childhood street names or the last four digits of your Social Security number, are often answers to security questions enabling hackers to bypass authentication and gain access to your private accounts.
Some cyber experts are suggesting watching for a surge in phishing and smishing (SMS phishing) attacks as well.
Can you be affected even if you’ve never heard of National Public Data or purchased data from them?
Yes! Just because you haven’t interacted with them directly doesn’t mean other organizations, businesses, landlords, etc., haven’t leveraged their resources to dig up information on you.
What steps should you take to protect yourself?
Step 1: Check to see if your data has been exposed. Use tools like https://npd.pentester.com/ to find out if your information has been compromised. If so, it’s important to take immediate action.
Step 2: Request a copy of your credit report and then freeze your credit. One of the most effective ways to safeguard your identity is to freeze your credit and set up alerts. This prevents criminals from opening new credit accounts in your name. Contact all three major credit bureaus – Equifax, TransUnion, and Experian – to initiate a freeze.
The process is free and should take less than 10 minutes per site to complete. If there are others in your household over the age of 18, consider freezing their credit as well. Anyone with a Social Security number is vulnerable following a breach of this size.
Once you have a copy of your free credit report, review it for any unauthorized activity. Remember to set up alerts and check your credit regularly.
Step 3: Watch out for phishing scams. As mentioned, many cybercriminals will likely try to leverage this information to scam you through phone calls, text messages, e-mails, or even social media sites. Be cautious!
A data breach can be devastating for everyone involved – the business hacked and the customers or employees whose data is leaked. As a business owner, it’s crucial to take comprehensive measures to protect your business and its data. If you want to do a full assessment and find out if any of your information has been leaked or if your network is vulnerable to a breach, we’ll do a FREE Security Risk Assessment. This deep dive into your network will provide you with a blueprint for security steps to take. To book yours, call our office at 847-906-5005 or click here.
