A recent breach by data aggregator National Public Data (NPD) has caused concern as billions of personal records may have been compromised. Despite the alarm surrounding the breach, the situation is more complex than initially reported.
NPD is a company that provides background check services to businesses, allowing them to access billions of records for various purposes. The breach, which was disclosed on NPD’s website, revealed that a “third-party bad actor” attempted to access data in December and potentially leaked it in April and the summer. Personal information such as names, email addresses, phone numbers, Social Security numbers (SSN), and mailing addresses may have been affected.
In April, a threat actor known as USDoD allegedly offered 2.9 billion personal records for sale, claiming to have data from the entire populations of the U.S., Canada, and the U.K. The asking price was $3.5 million in bitcoin or Monero.
NPD stated that they have taken steps to enhance their security measures and are cooperating with law enforcement to address the breach. Additionally, Troy Hunt, a security practitioner and operator of data breach record checker Have I Been Pwned, analyzed the situation and raised concerns about the accuracy and attribution of the leaked data.
Hunt discovered that the data in the breach may not belong to as many people as initially reported and noted that some records were inaccurate or belonged to deceased individuals. While the leakage of personal data is problematic, Hunt mentioned that much of the information may already be in circulation.
Despite attempts to gain further information about the breach from NPD, no response was received. Cliff Steinhauer, director of information security and engagement at The National Cybersecurity Alliance, emphasized the importance of addressing the risks of identity theft and fraud, especially with such a massive breach.
Steinhauer highlighted the significance of protecting personal information, stating that even if the data has been exposed before, the concentration of information in one place increases the risks of cybercriminal activity. He emphasized the need for vigilance in safeguarding personal data to prevent further breaches and protect individuals from potential threats.
The breach at NPD serves as a reminder of the ongoing risks associated with cybersecurity and the need for robust measures to combat data breaches and protect personal information. Despite the challenges in verifying the source of the leaked data, the impact of the breach on millions of individuals globally cannot be understated.
In conclusion, the breach at NPD highlights the vulnerabilities in data security and underscores the importance of implementing effective cybersecurity measures to mitigate risks and safeguard personal information in an increasingly digital world.