- Data collection company National Public Data disclosed a breach that may have exposed billions of personal records.
- The exposed information included Social Security numbers, addresses, names and other personal information, highlighting the long-term risks of data breaches.
Incident
National Public Data (NPD), a background check service and data broker operating under the name Jericho Pictures, suffered a massive data breach, with information on approximately 2.9 billion records hacked. The breach occurred in April 2024 and is one of the largest in history.
The breach came to light when a cybercrime group known as USDoD announced the sale of a massive database of personal data it had obtained from the NPD, including names, addresses, family details and social security numbers.
The data spans decades, with some records going back 30 years, and much of the data was collected without consent from undisclosed sources, so affected individuals likely were unaware of the breach or that NPD had even collected their data.
The breach has led to a class action lawsuit against Jericho Pictures, alleging that the company failed to adequately safeguard the information it collected. The plaintiffs also focus on legal and ethical concerns related to the unauthorized collection of personal information, claiming that they never granted NPD access to the information.
Show More: NIST Releases First Three Standards for Quantum-Resistant Cryptography
Data broker
Data brokers like NPD collect, store, and sell personal information, often without the individual’s consent. They obtain data from multiple channels, including social media, public records, and other non-public sources. Leading data brokers include Equifax, Experian, Epsilon, CoreLogic, and Acxiom. These companies have access to vast amounts of data that they sell to companies for a variety of purposes, including marketing and risk management.
People can opt out of data collection by such brokers by visiting the company’s website and following the opt-out instructions, but these processes can be cumbersome and often do not guarantee complete deletion of the data.
Mitigation
The NPD says it will notify those affected by the breach, but there’s no exact official way to know if your data has been included in the breach. However, if you suspect your Social Security number has been stolen, individuals can take certain steps to minimize the damage.
- Report identity theft: If you notice any suspicious activity, you should immediately report it to the Federal Trade Commission (FTC) at IdentityTheft.gov.
- Credit monitoring: Users should regularly check their credit reports for fraudulent activity. Major credit reporting agencies often provide these reports for free.
- Fraud alerts: Fraud alerts and credit freezes on your credit file are measures that are intended to prevent new accounts from being opened in your name.
- Online Activity: People should use caution when online and avoid entering their Social Security number on websites that claim to check for data breaches. These may be phishing attempts. Efforts to monitor and report theft should only be carried out through official channels.
Cybersecurity company Pen Tester offers free Database After the breach, information was redacted so people could check if their information had been leaked. Individuals can do this by entering their name, state, and date of birth.
Paul Laudanski, director of security research at Onapsis, spoke about the impact of the attack:
“This incident is part of a larger, ongoing trend we’ve seen over the past few years: the proliferation of sensitive data online is creating an attractive target for cybercriminals. As this trend continues to grow, we can expect to see an increase in data breaches as attackers refine their tactics and exploit new vulnerabilities and security gaps.”
Businesses must remain vigilant against potential crimes such as IRS tax refund fraud. Monitoring financial accounts, credit reports, and interactions with the IRS is essential. Meanwhile, businesses must ensure the security of their supply chains, infrastructure, and applications. This includes conducting regular security assessments, implementing strong encryption, and training employees to follow security best practices.
While complete prevention is difficult because the situation is constantly changing, proactive steps can be taken to significantly reduce the risk of an attack of this magnitude. Investing in strong cybersecurity defenses, employee training, and incident response plans is essential. Staying informed and adaptable can help organizations better defend against these attacks and quickly mitigate these threats.”
summary
The leak of national public data highlights the risks associated with data aggregation and the need for stronger data protection measures. As the impact of this incident becomes more clear, individuals and businesses need to remain vigilant in protecting their personal data.
