The recent data breach from National Public Data in August 2024 has sent shockwaves across the United States, as it involves the leak of Social Security numbers of nearly every American. The breach also encompasses full names, phone numbers, and current and past addresses, totaling an estimated 2.9 billion records and 277GB of data. Cybersecurity experts are concerned that there may be duplicates within these records, and individuals from the United States, United Kingdom, and Canada are affected.
The alleged culprits behind this massive data breach are a cybercriminal organization known as USDoD, who attempted to sell all the stolen data for approximately $3.5 million worth of cryptocurrency on a dark web forum. This breach has raised significant concerns about the security and privacy of personal information in the digital age.
National Public Data (NPD), the company at the center of this breach, is a data broker based in Coral Springs, Fla., founded in 2008 by Salvatore Verini. NPD offers background check services to various clients, including employers and private investigators, and is known for its extensive database containing critical information such as criminal records, vital records, and Social Security numbers.
The breach disclosed by NPD includes a plethora of sensitive information, including full names, addresses, Social Security numbers, phone numbers, dates of birth, information about relatives, and potentially criminal records. This kind of data can be highly valuable for identity theft and fraudulent activities, posing a significant risk to individuals whose information has been compromised.
Despite the severity of the breach, NPD did not immediately alert consumers about the incident. The company only acknowledged the breach in a disclosure notification published on its website on August 15, 2024, revealing that a threat actor had attempted to hack into their data in December 2023, with potential leaks occurring in April and summer 2024.
In light of this breach and the risks posed by the exposure of personal information, individuals are advised to take proactive steps to protect themselves. Various methods can be employed to determine if personal data has been compromised in this or other breaches, including using services like Have I Been Pwned, credit monitoring services, and monitoring financial accounts for any suspicious activity.
Bad actors who have access to this stolen personal information can engage in malicious activities such as opening fraudulent credit card accounts, applying for loans, committing tax fraud, accessing existing financial accounts, and creating fake identities. This underscores the importance of safeguarding personal information and staying vigilant against potential identity theft and fraud.
To protect against data breaches and identity theft, individuals are encouraged to monitor their accounts closely, obtain credit reports from major credit reporting agencies, check with the Federal Trade Commission for guidance on identity theft, place fraud alerts on credit files, consider freezing credit, use strong passwords and password managers, and remain cautious of phishing attempts.
As individuals navigate the aftermath of this extensive data breach, it is crucial to prioritize cybersecurity measures and stay informed about best practices for protecting personal information in an increasingly digital world. The repercussions of such breaches serve as a stark reminder of the importance of safeguarding personal data and being proactive in mitigating risks associated with cyber threats.