Was Your Information Compromised From The National Public Data Breach?

In September 2024, National Public Data confirmed that a hacker had compromised the personal records of millions of individuals. The exposed information includes names, email addresses, mailing addresses, phone numbers, and even Social Security numbers of up to 2.9 billion people. Here's what you need to know.

What happened?

National Public Data, a consumer data broker specializing in criminal records, background checks, and other types of data for private investigators, consumer public record sites, human resources, staffing agencies, and government entities, was hacked. The breach is believed to have begun in December 2023 when a third-party bad actor attempted to gain access.

In April, a cybercriminal known as "USDoD" posted the stolen data on a popular criminal community online. On August 6, the dataset reappeared, this time available for free on several breach forums, allowing anyone to access and download it.

The released sensitive, personally identifiable information included names, addresses, phone numbers, email addresses, and Social Security numbers for millions of individuals, some deceased. The data also contained previous addresses and, in some cases, alternate names.

An official data breach notice filed in Maine suggested that 1.3 million records may have been compromised; however, some lawsuits claim as many as 2.9 billion records have been exposed.

As the investigation continues, many cybersecurity experts are discovering that some of the released data was inaccurate. Apart from Social Security numbers, most of the information is already publicly available and easy to find online.

Why is this breach dangerous if the information is already accessible through a quick Google search?

There are several reasons for concern. Having all this critical information consolidated makes it easier for criminals to use it to apply for credit cards, loans, or open new bank accounts.

The information, such as childhood street names or the last four digits of your Social Security number, often serves as answers to security questions, helping hackers bypass authentication and access private accounts.

Some cybersecurity experts anticipate a surge in phishing and smishing (phishing via SMS) attacks as well.

Can you be affected even if you've never heard of National Public Data or purchased data from them?

Yes! Even if you haven't interacted with them, other organizations, businesses, landlords, etc., might have used their services to obtain information about you.

What should you do to protect yourself?

1. Check if your data has been exposed. Use tools like https://npd.pentester.com/ to see if your information has been compromised. If so, take immediate action.
2. Request a copy of your credit report and freeze your credit. One of the best ways to protect your identity is by freezing your credit and setting up alerts. This prevents criminals from opening new lines of credit in your name. Contact all three major credit bureaus—Equifax, TransUnion, and Experian—to request a freeze.
   
   The process is free and should take less than 10 minutes per site. If there are others in your household over the age of 18, it's wise to freeze their credit too. Anyone with a Social Security number is vulnerable following a breach of this magnitude.
   
   Once you have your free credit report, review it for unauthorized activity. Don't forget to set up alerts and regularly monitor your credit.
3. Be vigilant against phishing scams. Cybercriminals may use this information to scam you through phone calls, text messages, emails, and even social media. Stay cautious!

A data breach can be devastating for everyone involved—the business that was hacked and the customers or employees whose data was leaked. As a business owner, you have the responsibility to take the highest precautions to protect your business and its data. If you want to conduct a full assessment to determine if any of your information has been leaked or if your network is vulnerable to a breach, we offer a FREE Discovery Call.

This deep dive into your network will provide you with a blueprint for security steps to take. To book yours, call our office at 833-443-8357 or click here.