National Public Data, which aggregates data for background checks, confirmed that it had suffered a massive data breach that included Social Security numbers and other personal data of millions of Americans.
The Coral Springs, Florida-based company posted a notice on its website saying, “We appear to have experienced a data security incident that may have involved some of our customers’ personal information. The incident is believed to have involved a third-party malicious actor attempting to hack into our data in late December 2023, which may result in the exposure of certain data in April 2024 and summer 2024.”
News of the breach first broke in a class action lawsuit filed in U.S. District Court in Fort Lauderdale, Florida, and first reported by Bloomberg Law. According to the law firm Schubert, Jonckheer & Kolbe, the stolen records from the National Public Data (NPD) include 2.9 billion records including names, addresses, Social Security numbers and kinship records going back at least 30 years.
NPD said the leaked data included names, email addresses, phone numbers, mailing addresses and Social Security numbers. The company said it was cooperating with investigators and had “implemented additional security measures to prevent a recurrence of such a breach and to protect our systems.”
National Public Data Breach:Why you should worry about massive data breaches and what to do about them.
Privacy Policy:How and why to freeze your credit
How to check if your Social Security number or data has been leaked
Cybersecurity firm Pentester said it has created a tool that allows users to obtain the data and check if their information has been leaked, including their name, address, address history, and social security number. The tool can be found at npd.pentester.com.
Because financial institutions use Social Security numbers when applying for loans and credit cards and for investments, exposing that information to threat actors poses serious risks, Pentester.com co-founder Richard Glaser said in an advisory on the company’s website.
He also suggested freezing your credit report. “Your name, address and phone number may change, but your Social Security number doesn’t change,” Glaser said.
Data breaches: how to protect your trust
NPD also advises consumers to “closely monitor their financial accounts and immediately contact your financial institution if you observe any fraudulent transactions. ” The company said consumers should obtain their credit reports and ensure their credit files are alerted for any fraudulent activity.
Odysseas Papadimitriou, CEO of personal finance site WalletHub, told USA Today that consumers should go beyond that and freeze their credit reports: “Putting up a fraud alert is not as effective as freezing your report,” he said.
“A fraud alert is just a warning to lenders, and they can easily ignore it, so it doesn’t really do much,” Papadimitriou says. “A freeze, on the other hand, stops identity thieves from opening accounts in your name, which stops fraud.”
He and other security experts suggest consumers take such steps because their personal data is likely in the hands of hackers.
The class action lawsuit alleges that the cybercrime group USDoD accessed NPD’s network and stole unencrypted personal information, then on or about April 8, 2024, posted the database, which purportedly contained the information of 2.9 billion people, on the dark web and attempted to sell it for $3.5 million.
Follow Mike Snider on X and Threads: Mike Snyder & Mike Snyder.
What is everyone talking about? To receive the latest news, sign up for our Trends Newsletter
