In September 2024, National Public Data (NPD) confirmed one of the largest and most significant data breaches in recent history. The breach exposed the personal records of millions, potentially even billions, of individuals, leaving many wondering if their sensitive information was compromised. The exposed data includes names, e-mail addresses, phone numbers, mailing addresses, and Social Security numbers. Here’s what you need to know about the breach and how to protect yourself.
What Happened?
National Public Data is a prominent consumer data broker that specializes in providing public records, including criminal backgrounds, to various industries such as human resources, staffing agencies, private investigators, and even government agencies. The breach, which started as far back as December 2023, was the result of a third-party cyberattack. Hackers attempted to infiltrate NPD’s data systems and managed to successfully extract millions of records.
In April 2024, a cybercriminal operating under the alias “USDoD” leaked the stolen data to a popular criminal community online. Then, on August 6, the same dataset resurfaced, this time posted for free across multiple hacker forums. The data is now publicly accessible to anyone who wishes to download it, amplifying the danger to those whose information was compromised.
The breach impacted the personally identifiable information (PII) of millions, potentially billions, of people. In addition to names, phone numbers, mailing addresses, and e-mail addresses, the leak included Social Security numbers and even previous addresses for some individuals. Some records revealed alternate names, creating an even more complete profile for cybercriminals to exploit.
While the official breach notification filed in Maine mentioned that 1.3 million records may have been impacted, lawsuits indicate the actual number could be as high as 2.9 billion records. This suggests that the breach may have affected a substantial portion of the global population.
The Nature of the Data Released
Although some cybersecurity experts are reporting that portions of the leaked data may be inaccurate, that doesn’t lessen the danger. Most of the information in the breach, such as names and addresses, is often publicly accessible through basic online searches. However, it is the aggregation of all these data points, combined with more sensitive elements like Social Security numbers, that make this breach a serious concern.
In today’s digital landscape, having all this data available in one easily accessible location greatly enhances its utility to cybercriminals. Hackers can use this information to create fraudulent identities, apply for loans or credit cards, open bank accounts, and commit other forms of identity theft. Beyond identity theft, the compromised data also includes critical details that can be used to bypass security questions used for two-factor authentication, such as childhood street names or the last four digits of a Social Security number. This makes it easier for hackers to gain access to your private accounts.
Why Is This Breach So Dangerous?
If much of the information leaked is publicly available, you might wonder why this breach is so dangerous. The answer lies in the convenience and completeness of the information in one place, which makes it easier for bad actors to exploit.
Here’s why you should be concerned:
- Identity Theft: With Social Security numbers in hand, cybercriminals can easily apply for credit cards, loans, or open new bank accounts in your name. The leak of personally identifiable information simplifies their task of constructing an identity profile.
- Increased Fraud Risk: Information like previous addresses, alternate names, and even the last four digits of Social Security numbers can be used to answer security questions and gain unauthorized access to your accounts.
- Phishing and Smishing Attacks: Experts are predicting a spike in phishing and smishing (SMS phishing) attacks. Hackers could use the exposed information to send seemingly legitimate e-mails or text messages designed to trick you into giving up even more sensitive details, such as passwords or account numbers.
Were You Affected Even If You’ve Never Heard of National Public Data?
You might be thinking, “I’ve never heard of National Public Data, so this doesn’t concern me.” Unfortunately, that’s not the case. Even if you’ve never interacted with NPD directly, it’s possible that businesses, landlords, or other organizations that you’ve dealt with have used their services to collect your information. NPD’s data collection practices cover a wide range of industries, and your information may have been included in their records without you ever knowing.
How to Protect Yourself
If your data was compromised in this breach, you can take immediate steps to protect your identity and mitigate the risk of fraud.
Step 1: Check if Your Data Was Exposed One of the first things you should do is check whether your information was compromised. Use tools such as https://npd.pentester.com to find out if your data was part of the breach. If it was, it’s essential to act quickly.
Step 2: Freeze Your Credit To safeguard your identity, one of the most effective steps you can take is to freeze your credit. This prevents anyone from opening new lines of credit in your name. To freeze your credit, contact the three major credit bureaus—Equifax, TransUnion, and Experian—and follow their procedures. It’s a free and straightforward process that only takes a few minutes. If there are others in your household over the age of 18, it’s wise to freeze their credit as well, as anyone with a Social Security number is at risk.
Once your credit is frozen, request a copy of your free annual credit report and thoroughly review it for any unfamiliar activity. You should also set up fraud alerts and continue to monitor your credit report regularly.
Step 3: Be Vigilant Against Phishing Scams Given the amount of information available, cybercriminals may attempt to exploit this data through phishing or smishing attacks. These attacks often come in the form of seemingly legitimate e-mails, phone calls, or text messages that attempt to trick you into giving up more sensitive information. Be extremely cautious about any unsolicited communications asking for personal information.
Final Thoughts for Business Owners
A data breach like this one is devastating, not only for the individuals affected but also for the businesses involved. If you’re a business owner, you have a responsibility to ensure that your data security practices are up to par. Protecting your customers’ and employees’ data should be a top priority.
At IntermixIT, we offer comprehensive security assessments to help businesses identify vulnerabilities before they can be exploited. If you’re concerned about your network’s security, we provide a FREE Security Risk Assessment that will give you a detailed blueprint of the steps you need to take to safeguard your business. Contact us at 717-914-0102 to schedule your assessment today.
Data breaches are becoming increasingly common, but with proactive steps, you can minimize the risks and protect yourself from further harm.