In recent news, additional information has come to light regarding a data breach at National Public Data (NPD), a consumer data broker that exposed the personal information of millions of Americans, including Social Security Numbers, addresses, and phone numbers. It has been discovered that another data broker connected to NPD inadvertently leaked the passwords to its back-end database on its homepage.
The breach, which was initially identified in April when a cybercriminal named USDoD started selling stolen data from NPD, became more concerning in July when the leaked information, including names, addresses, phone numbers, and email addresses of over 272 million individuals, was made public. NPD confirmed the breach on August 12, tracing it back to a security incident in December 2023. USDoD, in an interview, shifted the blame for the data leak to another hacker with access to the database since the previous year.
Following a recent report on the extent of the NPD breach, it was brought to attention that a sister site, recordscheck.net, was hosting an archive containing the usernames and passwords of the website’s administrator. This archive, named “members.zip,” displayed plain text credentials and source code for recordscheck.net, with many users failing to change their initial password.
Furthermore, a review found that the exposed credentials in the archive matched those exposed in previous breaches involving NPD’s founder, Sal Verini. Mr. Verini stated that the archive has been removed, and the site is expected to cease operations soon. The origin of recordscheck.net was linked to a web development firm in Lahore, Pakistan, called creationnext.com, which has not responded to inquiries.
In response to the breach, several websites have been created to help individuals ascertain if their data was exposed, such as npdbreach.com and npd.pentester.com. The advice given to those impacted is to freeze their credit files at major consumer reporting bureaus, as this prevents identity thieves from opening new accounts in their name. The prevalence of data breaches involving sensitive information like SSNs emphasizes the importance of taking such security measures.
It is crucial for Americans to monitor their credit reports regularly and disputes any inaccuracies. With the increased automation of cybercriminal services offering detailed background checks, the risk of identity theft is higher than ever. By staying proactive and safeguarding personal information, individuals can mitigate the potential damage caused by data breaches.