November 25, 2024
National Public Data confirmed in September 2024 that a hacker had compromised the personal records of millions of individuals. The information exposed includes the names, e-mail addresses, mailing addresses, phone numbers, and even Social Security numbers of up to 2.9 billion people. Here’s what you need to know.
National Public Data, a consumer data broker that specializes in providing criminal records, background checks, and other forms of data to private investigators, consumer public record sites, human resources, staffing agencies, the government, and others, was hacked. The incident is believed to have started in December 2023 when a third-party bad actor attempted to gain access.
In April, a cybercriminal named “USDoD” posted the stolen data online in a popular criminal community. On August 6, the stolen dataset resurfaced, this time posted for free to several breach forums for anyone to access and download.
The sensitive, personally identifiable information released included the names, addresses, phone numbers, e-mail addresses, and Social Security numbers of millions of people, some of whom are deceased. The data also contained previous addresses and, in some instances, alternate names.
The official data breach notice filed in Maine indicated that 1.3 million records may have been breached; however, some lawsuits suggest as many as 2.9 billion records have been exposed.
As the investigation continues, many cyber experts are finding that some of the data released was inaccurate. Aside from the Social Security numbers, most of it is already public and easy to find online.
There are several reasons to be concerned. Having all this critical information in one place makes it easy for criminals to use the information needed to apply for credit cards and loans or open new bank accounts.
The information included, such as childhood street names or the last four digits of your Social Security number, are often answers to security questions and can help hackers bypass authentication and access your private accounts.
Some cyber experts are suggesting watching for a surge in phishing and smishing (phishing over SMS) attacks as well.
Yes! Just because you haven’t interacted with them doesn’t mean other organizations, businesses, landlords, etc., haven’t leveraged their resources to dig up information on you.
You can use tools like https://npd.pentester.com/ to find out if your information has been compromised. If so, it’s important to take immediate action.
One of the best ways to protect your identity is to freeze your credit and set up alerts. This prevents criminals from opening up new lines of credit in your name. To do this, contact all three major credit bureaus—Equifax, TransUnion, and Experian—and request a freeze.
The process is free and should take you less than 10 minutes per site to complete. If others are in your house over 18, it’s a good idea to freeze their credit too. Anyone with a Social Security number is vulnerable following a breach of this size. Once you have a copy of your free credit report, review it for anything you didn’t authorize. Don’t forget to set up alerts and review your credit regularly.
As mentioned, many cybercriminals will leverage this information to scam you through phone calls, text messages, e-mails, and even social media sites. Be cautious!
A data breach devastates everyone involved—the business hacked and the customers or employees whose data is leaked. As a business owner, it is your responsibility to ensure you are taking the highest precautions to protect your business and its data. If you want to do a full assessment and find out if any of your information has been leaked or if your network is vulnerable to a breach, we’ll do a FREE Security Risk Assessment.