In a recent development, numerous readers have been alerted about a significant breach that exposed their personal information, including Social Security Numbers, names, addresses, and other details, at a lesser-known consumer data broker named NationalPublicData.com. This breach has brought to light a massive exposure of consumer records, raising concerns about data security and privacy.
The breach, which occurred on July 21, 2024, was attributed to cybercriminals from the Breachforums community, who claimed to have accessed over 4 terabytes of data from NationalPublicData.com, a Florida-based company specializing in collecting consumer data for background checks. The leaked data, comprising 2.9 billion rows of records, was initially advertised for sale by a cybercriminal known as “USDoD” in April 2024. The exposed information included names, addresses, phone numbers, and Social Security Numbers, with an asking price of $3.5 million.
While initial reports suggested that the breach impacted 2.9 billion individuals, it was later clarified that the figure referred to the number of rows in the leaked datasets. Analysis by experts revealed a varied collection of consumer and business records in the leaked data, encompassing real names, addresses, phone numbers, and SSNs of millions of Americans, along with criminal records of 70 million individuals.
NationalPublicData.com acknowledged the breach in a statement released on August 12, acknowledging a data security incident involving a third-party bad actor attempting to hack into their system in late December 2023. The compromised information included names, email addresses, phone numbers, Social Security Numbers, and mailing addresses. The company assured cooperation with law enforcement and implementation of additional security measures to prevent future breaches.
Further investigations by Atlas Data Privacy Corp. indicated the presence of 272 million unique SSNs in the leaked records, with most entries containing a combination of name, SSN, and home address. Notably, a significant portion of the records pertained to deceased individuals, with an average consumer age of 70 and some records dated back to people over 120 years old.
The origins of the consumer data collected by NationalPublicData.com shed light on its operator, Jerico Pictures Inc., a company owned by Salvatore (Sal) Verini Jr., a retired deputy from the Broward County Sheriff’s office. Verini, known for his involvement in various Florida-based companies including National Criminal Data LLC and Twisted History LLC, did not respond to queries regarding the breach.
The breach underscores the pervasive issue of data privacy in the digital age, where data brokers leverage public records from government sources to compile detailed consumer profiles. Experts emphasize the lack of stringent regulations governing data brokers and the rampant misuse and exploitation of personal information, leading to widespread breaches and privacy violations.
Individuals are advised to proactively safeguard their data by freezing their credit files and monitoring their credit reports regularly. The breach at NationalPublicData.com serves as a stark reminder of the urgent need for robust consumer privacy laws and data protection measures to address the growing challenges of data breaches and identity theft in the modern era.