BETHLEHEM, Pa. — Social media and news outlets have been warning this week that consumer data may have been exposed in a major data breach.
National Public Data, a Florida-based background checking company, detailed the security breach on its website, saying information including names, email addresses, phone numbers, Social Security numbers and mailing addresses may have been exposed.
The personal information of around 2.9 billion people may have been leaked onto the dark web after a group of hackers calling themselves the Pentagon tried to sell the data for $3.5 million.
A class action lawsuit was filed in Florida
“This incident is believed to have involved a third-party malicious actor attempting to hack into data in late December 2023, potentially resulting in the exposure of certain data in April 2024 and summer 2024,” the webpage states.
“An investigation was conducted and subsequent information emerged.”
A class action lawsuit filed in Florida alleges that the personal information of around 2.9 billion people may have been leaked onto the dark web after a group of hackers calling themselves USDoD tried to sell the data for $3.5 million.
“Although Defendants have not yet disclosed details regarding when or how the data breach occurred, based on information and belief, a cybercrime group purporting to be part of the United States Department of Defense accessed Defendants’ networks prior to April 2024,” the complaint states.
“And they were able to steal the unencrypted personal information of billions of people stored on the Defendants’ networks,” which constitutes a “data breach.”
The lawsuit alleges the leaks involved information about deaths over the past 20 years, as well as personal address information for the past 30 years.
How to know if you’re affected
Some consumers, like the plaintiffs in the class action lawsuit, report being contacted by financial institutions and credit reporting agencies about suspicious activity regarding their credit.
According to the complaint, the plaintiff was notified by Experian in or around late July 2024 that “following a breach involving the defendants and/or the defendants’ website, www.nationalpublicdata.com, information containing the plaintiff’s Social Security number was being sold on the dark web.”
National Public Data’s “Security Incident” webpage also said it had notified those affected.
For those who are concerned but haven’t been contacted, cybersecurity firm Pentester claims to have obtained the leaked data and created a search tool that allows consumers to determine whether their data was included in the breach.
Pen Tester co-founder Richard Glaser said in an email that based on the raw breach data his company has obtained, the total number of exposed records in Pennsylvania is 110,072,993.
This number includes single individuals and multiple records of people who have died.
NPDbreach.com, run by the Data Dividend Project and Atlas Privacy, offers the same screening features as Pentester.
These sites ask for information such as first name, last name, zip code, state, and date of birth in order to search for leaked data.
What can you do?
In light of recent data breaches, “it’s more important than ever to protect personal information,” said Pedro Robles, an assistant professor in the cyber analytics and operations department at Pennsylvania State University Lehigh Valley.
“It’s important to use common sense and not get overwhelmed,” Robles said. “Cybercriminals will constantly be attacking networks and institutions to obtain data for various purposes.”
“The news was delayed by almost a year, which has led to many interpretations and we may never know the full facts.”
“If your identity has been misused, visit the FTC’s site, IdentityTheft.gov, to report identity theft and learn about recovery procedures. Even if you don’t find any suspicious activity on your initial credit report, we encourage you to regularly check your credit report so you can spot any issues and address them right away.”
National Public Data Website
National Public Data’s webpage about the data breach encourages consumers to place a fraud alert on their credit file through one of the three major credit reporting agencies — Equifax, Experian or TransUnion — or to freeze their credit file.
A credit freeze will remain in place until the consumer asks the credit reporting bureaus to temporarily lift it.
The company also suggests consumers request a credit report from a credit bureau so that they can check their account for and report any inquiries they may not be aware of.
“If your personal information has been misused, please visit the FTC’s website, IdentityTheft.gov, to report identity theft and learn about recovery procedures,” the website states.
“Even if your initial credit report doesn’t show any suspicious activity, we recommend regularly checking your credit report so you can spot any issues and address them quickly.”
Other suggestions
Robles also recommends following the Social Security Administration’s suggestions for protecting your personal information.
The SSA advises consumers to monitor their Social Security accounts, limit access to their Social Security numbers, use strong or unique passwords, enable multi-factor authentication to improve online security, and stay up to date on recent scams.
For people whose Social Security numbers have been compromised, the SSA recommends the following:
- Report identity theft at IdentityTheft.gov. Consumers may also call 1-877-IDTHEFT.
- Report to the police
- Report cybercrimes to the Internet Crime Complaint Center and alert law enforcement and regulatory agencies
- Monitor your credit report regularly
- To prevent fraudulent tax returns, contact the IRS’s Privacy Specialist Unit at 800-908-4490, ext. 245.
