October 28, 2024
Major Data Breach Confirmed: Personal Records of Millions Compromised
What Happened?
In September 2024, National Public Data confirmed a significant data breach affecting the personal records of millions of individuals. The compromised information includes names, email addresses, mailing addresses, phone numbers, and Social Security numbers of up to 2.9 billion people. Here's what you need to know.
National Public Data, a consumer data broker specializing in criminal records, background checks, and other data services for private investigators, consumer public record sites, human resources, staffing agencies, and government entities, was hacked. The breach is believed to have started in December 2023 when a third-party bad actor attempted to gain access.
In April, a cybercriminal known as "USDoD" posted the stolen data online in a popular criminal community. On August 6, the dataset resurfaced and was posted for free on several breach forums, making it accessible for anyone to download.
The exposed data includes sensitive, personally identifiable information such as names, addresses, phone numbers, email addresses, and Social Security numbers. Some records also contain previous addresses and alternate names. Notably, some of the compromised individuals are deceased.
An official data breach notice filed in Maine indicated that 1.3 million records might have been breached. However, some lawsuits suggest that as many as 2.9 billion records were exposed.
As the investigation continues, cyber experts have found that some of the released data is inaccurate. Aside from Social Security numbers, most of the information is already public and easily accessible online.
Why is This Breach Dangerous?
Despite much of the information being publicly available, having it all in one place makes it easier for criminals to misuse it. With this consolidated data, criminals can apply for credit cards, loans, or open new bank accounts in your name.
Details like childhood street names or the last four digits of your Social Security number are often used as answers to security questions, which can help hackers bypass authentication and access private accounts. Cyber experts also warn of an increase in phishing and smishing (phishing via SMS) attacks.
Can You Be Affected Even If You've Never Heard of National Public Data?
Yes. Even if you haven't interacted with National Public Data, other organizations, businesses, landlords, etc., may have used their resources to gather information about you.
What Should You Do to Protect Yourself?
Step 1: Check if Your Data Has Been Exposed
Use tools like https://npd.pentester.com/ to see if your information has been compromised. If it has, take immediate action.
Step 2: Request a Credit Report and Freeze Your Credit
One of the best ways to protect your identity is to freeze your credit and set up alerts. This prevents criminals from opening new lines of credit in your name. Contact all three major credit bureaus—Equifax, TransUnion, and Experian—to request a freeze. The process is free and should take less than 10 minutes per site. If others in your household are over 18, it's a good idea to freeze their credit too, as anyone with a Social Security number is vulnerable following a breach of this magnitude.
Once you have a copy of your free credit report, review it for any unauthorized activity. Set up alerts and review your credit regularly.
Step 3: Watch Out for Phishing Scams
Be cautious of phone calls, text messages, emails, and social media contacts that may be phishing attempts. Cybercriminals will likely use the stolen information to scam you. Stay vigilant and skeptical of unsolicited communications.
A data breach is devastating for everyone involved - the business hacked and the customers or employees whose data is leaked. As a business owner, it is your responsibility to make sure you are taking the highest precautions to protect your business and its data. If you want to do a full assessment and find out if any of your information has been leaked or if your network is vulnerable to a breach, we'll do a FREE Call with Our CEO. This deep dive into your network will provide you with a blueprint for security steps to take. To book yours, call our office at 201-719-7000 or click here.
