In September 2024, National Public Data confirmed that a hacker compromised the personal records of millions of individuals. The exposed information includes names, email addresses, mailing addresses, phone numbers, and even Social Security numbers for up to 2.9 billion people. Here’s what you need to know.
What Happened?
National Public Data, a consumer data broker specializing in criminal records, background checks, and other forms of data for private investigators, HR departments, government agencies, and more, was hacked. The breach likely began in December 2023 when a third-party actor attempted to gain access.
In April, a cybercriminal named "USDoD" posted the stolen data online in a popular criminal forum. On August 6, this dataset resurfaced on multiple breach forums, this time posted for free, making it accessible to anyone.
The exposed data includes names, addresses, phone numbers, email addresses, Social Security numbers, and previous addresses. In some cases, alternate names were also revealed. While the official breach notice filed in Maine mentioned 1.3 million records, some lawsuits claim as many as 2.9 billion records were exposed.
Although some of the leaked data may be inaccurate, and much of it is publicly available, the fact that this sensitive information is collected in one place makes it especially dangerous.
Why Is This Breach So Dangerous?
Even if this data is publicly accessible, having it all together makes it easier for criminals to use it for identity theft. Information such as street names, phone numbers, and the last four digits of your Social Security number are often used as answers to security questions, helping hackers bypass authentication and access private accounts.
Cyber experts are warning about an increase in phishing and "smishing" (phishing via SMS) attacks following the breach.
Can You Be Affected Even If You Don’t Know National Public Data?
Yes! Even if you’ve never heard of National Public Data or purchased services from them, businesses, landlords, and others may have used their resources to gather information on you.
What Should You Do to Protect Yourself?
Here’s how to stay safe following this massive data breach:
Step 1: Check if Your Data Was Exposed.
Use tools like npd.pentester.com to see if your information was compromised. If it was, take immediate action.
Step 2: Freeze Your Credit.
One of the most effective ways to protect your identity is to request a copy of your credit report and freeze your credit. This will prevent criminals from opening new credit lines in your name. Contact all three major credit bureaus – Equifax, TransUnion, and Experian – to request a freeze. The process is free and takes about 10 minutes per site.
Don’t forget to freeze the credit of others in your household over 18, as they may also be vulnerable.
Once you have your credit report, review it carefully for any unauthorized activity and set up alerts to monitor it regularly.
Step 3: Beware of Phishing Scams.
Watch for phone calls, emails, text messages, and social media messages from scammers trying to leverage this stolen data. Be extra cautious about clicking links or sharing personal information.
Protect Your Business From a Data Breach
A breach is devastating for both businesses and individuals whose data is leaked. As a business owner, it's your responsibility to protect your company’s data. If you want to find out whether your business has been affected or if your network is vulnerable, we offer a FREE Security Risk Assessment. This comprehensive review will give you a blueprint for improving your security.
To schedule your assessment, call our office at 413-786-9675 or click here.
