Fortunately, National Public Data’s data breach may have been much smaller than initially thought, according to a new report detailing the incident that the company filed with the Maine Attorney General’s office.
It was initially reported that an estimated 2.9 billion records have been circulating on the dark web since April 2024, exposing information such as names, Social Security numbers, email addresses, home addresses, and phone numbers of individuals living in the United States, Canada, and the United Kingdom.
Now, in documents filed with the Maine Attorney General, the data brokers claim that “only” 1.3 million people were actually affected by the breach.
Passwords also leaked
The data spans more than 30 years and includes address history and family relationships. Have you ever done this? The leaked information reportedly included 134 million unique email addresses and 272 million Social Security numbers, with the average age of the affected individuals being 70 years old (meaning some of the people affected by the breach are over 120 years old and long deceased).
But not everyone finds NPD’s logic particularly plausible. registerFor example, the report highlights: nice There were 100 times as many unique email addresses listed as people NPD says were affected.
“Thus, while it is unlikely that all 1.3 million affected people had 100 email addresses, it is possible that more people are affected than the number NPD told the Maine Attorney General,” the magazine argues.
To make matters worse, NPD’s password appears to have been leaked as well. KrebsOnSecurityNPD’s sister site, recordscheck.net, hosted an archive containing usernames and passwords for site administrators. The archive was made available on the Records Check website earlier this week and includes source code for various components of recordscheck.net as well as plain text usernames and passwords. recordscheck.net is similar in appearance to nationalpublicdata.com and has an identical login page, Krebs concluded.
Either way, the breach is huge, and it will probably be quite some time before we know for sure how many people’s data was stolen. In the meantime, some people are filing class action lawsuits, arguing that the leaked data poses a significant risk of both identity theft and fraud.
Those affected by this incident are warned to closely monitor their financial accounts, especially for suspicious transactions or purchases, and to expect an increase in phishing emails and social media interactions.