When a major data breach occurs, your personal information may end up on the dark web.
National Public Data, a Florida-based company that aggregates data to run background checks, was hacked earlier this year and acknowledged that Social Security numbers were among the information exposed.
The Coral Springs company posted a notice on its website saying, “We appear to have experienced a data security incident that may have involved some of our customers’ personal information. The incident is believed to have involved a third-party malicious actor who attempted to hack into data in late December 2023, which may result in the exposure of certain data in April 2024 and summer 2024.”
News of the breach initially came from a class action lawsuit filed in U.S. District Court in Fort Lauderdale by law firm Schubert, Jonckheer & Kolbe, which claims 2.9 billion records were stolen from NPD and that the company failed to properly secure the information, according to USA TODAY.
Here’s what you need to know about data breaches and the steps you can take to protect yourself.
How did the National Public Data data breach happen?
According to the indictment, the cybercrime group USDoD accessed the network of National Public Data (also known as Jerico Pictures Inc. of Coral Springs, Florida) and stole unencrypted personal information. Around April 8 of this year, the group posted the database on the dark web, claiming it contained information on approximately 2.9 billion people, and offering it for sale for $3.5 million.
USA TODAY reports that the plaintiff in the case, Christopher Hoffman of Fremont, California, was notified by an identity theft protection service that his data had been compromised as a result of a data breach and had been found on the dark web.
What information was contained in the NPD data breach?
In addition to Social Security numbers, the hackers also stole names, phone numbers, mailing addresses and email addresses, according to National Public Data.
The law firm that filed the lawsuit, Schubert, Jonkicher & Kolbe, reported that information about people’s biographical details and relatives was also leaked. In total, some 2.9 billion records dating back at least 30 years were stolen.
How is National Public Data responding to the data breach?
NPD officials said on their website that the company was working to determine the source of the intrusion and to harden its systems.
“We have cooperated with law enforcement and government investigators to conduct an investigation into any records that may have been affected, and will notify you of any significant developments that concern our customers,” National Public Data’s website states. “We have also implemented additional security measures to prevent any such breach from occurring again and to protect our systems.”
How to know if your information has been stolen
According to USA TODAY, cybersecurity firm Pentester obtained the leaked data and created a tool to check if your information has been compromised, which can be accessed at npd.pentester.com.
National Public Data also offers these tips to monitor if your information has been stolen:
- Keep a close eye on your financial accounts, and if you notice any unauthorized activity, contact your financial institution to report the fraud.
- Check your credit report for charges you don’t recognize. You can get a free copy of your credit report from each of the three U.S. credit reporting agencies (Equifax, Experian, and TransUnion) by calling 877-322-8228 or visiting www.annualcreditreport.com.
- Contact one of the big three credit reporting agencies to place a free fraud alert on your credit file. A fraud alert notifies creditors to contact you before opening a new account or making changes to an existing account. The initial alert is good for one year, after which it can be renewed.
What to do if your information is stolen?
If you notice fraudulent charges or suspect your information has been stolen, National Public Data encourages you to report identity theft to the Federal Trade Commission at identitytheft.gov.
As an additional tip, financial news website Money.com shared the next steps to take if your information has been stolen.
- It scans for viruses and malware that hackers may be using to steal your data.
- Update and strengthen your passwords by using upper and lower case letters, numbers and special punctuation marks. Never use personal information and make sure you use different passwords for all your online accounts.
- Check your credit report. Notify the credit reporting agencies and report any unauthorized use of your credit card number.
- Request a credit freeze from the credit reporting agencies.
- Use multi-factor authentication for online banking and other high-risk accounts that contain personal information.
- When checking your email and social media, be on the lookout for phishing and other cybercrimes.
How to freeze your credit
It’s free to freeze your credit report, but you’ll need to contact all three major credit reporting agencies.
You can submit your request online, by phone, or by mail. According to the General Services Administration, the agency must freeze your credit report within one day if you submit online or by phone. Freeze requests made by mail must be fulfilled within three business days. The agency must lift the freeze within one hour if you request to unfreeze online or by phone, and within three business days if you mail it.
USA TODAY contributed to this report.
