October 28, 2024
In September 2024, National Public Data confirmed that a hacker had breached the personal records of millions. The exposed information includes names, email addresses, mailing addresses, phone numbers, and Social Security numbers of up to 2.9 billion individuals. Here's what you need to know:
What Happened?
National Public Data, a consumer data broker known for providing criminal records, background checks, and other data to private investigators, public record sites, human resources, staffing agencies, the government, and more, was hacked. The breach is believed to have begun in December 2023 when a third-party actor attempted unauthorized access.
In April, a cybercriminal named "USDoD" shared the stolen data on a popular criminal platform. On August 6, the dataset reappeared, this time freely available on several breach forums for anyone to download.
The released sensitive, personally identifiable information included names, addresses, phone numbers, email addresses, and Social Security numbers for millions, including some deceased individuals. The data also featured previous addresses and, in certain cases, alternate names.
An official data breach notice filed in Maine suggested that 1.3 million records were compromised; however, some lawsuits claim up to 2.9 billion records were exposed.
As the investigation continues, many cyber experts have noted that some released data was inaccurate, and aside from Social Security numbers, much of it is already publicly accessible online.
Why is This Breach Dangerous if the Information is Publicly Accessible?
There are several reasons for concern. Consolidating all this critical information in one place makes it easier for criminals to apply for credit cards, loans, or open new bank accounts using the data.
Details such as childhood street names or the last four digits of a Social Security number are often used as answers to security questions, enabling hackers to bypass authentication and access private accounts.
Some cyber experts predict a rise in phishing and smishing (phishing via SMS) attacks as well.
Can You Be Affected Even if You've Never Heard of National Public Data or Used Their Services?
Yes! Even if you haven't interacted with them, other organizations, businesses, landlords, etc., may have used their resources to gather information about you.
What Should You Do to Protect Yourself?
Step 1: Check if your data has been exposed using tools like https://npd.pentester.com/. If compromised, take immediate action.
Step 2: Request a copy of your credit report and freeze your credit. Freezing your credit and setting up alerts is one of the best ways to protect your identity, preventing criminals from opening new credit lines in your name. Contact all three major credit bureaus—Equifax, TransUnion, and Experian—to request a freeze.
The process is free and should take less than 10 minutes per site. If others in your household are over 18, consider freezing their credit too. Anyone with a Social Security number is vulnerable following a breach of this magnitude.
After obtaining your free credit report, review it for unauthorized activities. Set up alerts and regularly review your credit.
Step 3: Be vigilant against phishing scams. Many cybercriminals will attempt to exploit this information through phone calls, text messages, emails, and even social media. Stay cautious!
A data breach is devastating for everyone involved - the
business hacked and the customers or employees whose data is leaked. As a
business owner, it is your responsibility to make sure you are taking the
highest precautions to protect your business and its data. If you want to do a
full assessment and find out if any of your information has been leaked or if
your network is vulnerable to a breach, we'll do a FREE Discovery Call. This deep dive into your network will provide you with a blueprint
for security steps to take. To book yours, call our office at 973-319-7184 or click here.