Ironically, National Public Data (NPD), a data broker who sells personal information to agencies, human resources, publicly available sites, and private investigators, was hacked into by a malicious actor who stole private information and leaked it on the dark web.
But according to recent updates, NPD itself leaked millions of user data, including phone numbers and SSN (social security numbers) of Americans.
Apparently, there was another data broker that had access to similar consumer records that mistakenly published all the passwords to a back-end database in a single file, which was available on the website’s homepage.
This blog explains the steps to see if your information was leaked, how the breach happened, and what to do in case of dark web breaches.
Suppose your personal data was compromised during the reported theft of 2.9 billion records in December last year. In that case, you can verify whether your Social Security was exposed to a significant National Public Data breach.
The National Public Data hack of 2023 compromised the personal data of millions, if not billions, of people worldwide.
A hacker collective called USDoD was charged in the incident; they claimed they had taken over 2.9 billion documents from NPD, a business that specialized in gathering and compiling public records.
🚨#BREAKING: Every American's Social Security number may have been stolen in a new major hack, with over 2.7 billion records allegedly compromised from National Public Data. The stolen information includes Social Security numbers and physical addresses pic.twitter.com/bMAkNuuwOD
— R A W S A L E R T S (@rawsalerts) August 14, 2024
On August 6, the dataset reappeared; this time, it was freely available for download on Breach Forums.
National Public Data released a statement in August.
“After breaking into the system, "a third-party bad actor" posted the stolen data on the dark web. A class action lawsuit has been planned against National Public Data, claiming that the data was obtained via scraping nonpublic sources without permission.”
One of the biggest data breaches in history, the scope of the breach was extraordinary. The exposed information may be exploited for financial fraud, identity theft, and phishing scams, among other nefarious activities.
The breach raised concerns about the security of personal data and businesses' capacity to defend it against cyberattacks.
This month, National Public Data stated that
"The incident is believed to have involved a third-party bad actor trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024."
A *Florida based company named *Jericho aka National Public Data
— Marcus Aurelius (@AureliusXXXVII) August 27, 2024
lost every Americans social security number along with other vital information. Guess which VP candidate has deep technology ties and can parse through all that data at breakneck speed?! https://t.co/EzfX0x0N7y pic.twitter.com/M5xq0j2gU0
It's still unclear how many specific individuals had their information compromised. Based on supposed interactions with the data broker, the Maine Attorney General's office estimates the number to be 1.3 million.
According to Troy Hunt of Have I Been Pwned, 134 million stolen files contain unique email addresses.
Because the information disclosed was sensitive, the National Public Data (NPD) breach left people particularly vulnerable to various privacy threats.
The possible issues are broken down as follows:
The stolen data can be used by criminals to carry out a variety of fraud schemes, such as:
Depending on what else was disclosed, the hack may have revealed personal data that you wouldn't want others to know, which could put you in danger or cause embarrassment.
Even if identity theft is avoided, the breach itself may make it more difficult for you to get credit in the future. Lenders can become more cautious because there is a greater chance of fraud.
If you believe your data may have been exposed in the National Public Data (NPD) data breach, take the following action right away:
PurePrivacy is a complete privacy and security solution to protect your information from online threats. PurePrivacy gives you all the options to take charge of your online privacy.
Get quick notifications to take immediate precautions against identity theft and protect your accounts by continuous scanning.
Enhance your privacy and reduce targeted ads by blocking websites or domains from gathering and sharing your browsing data.
Simplify and automate opt-out requests to data brokers by tracking the requests and minimizing the quantity of information accessible online.
Get suggestions on protecting your privacy on well-known platforms and reducing the possibility of illegal access to your personal data.
Public records data broker National Public Data uses large amounts of data about individuals from public record databases, court records, state and federal databases, and other data repositories to specialize in background checks and fraud prevention.
You can conduct a targeted search on NPDBreach.com by entering details such as your zip code, name, Social Security number, or phone number. If your Social Security number was included in the recent large-scale breach, you may find out exactly with this search. You can search NPD.pentester.com by entering your birth year, home state, and name.
As a data broker, Jerico Pictures, Inc., doing business as National Public Data, conducts background checks on new employees. Their main function is gathering data from open sources, such as addresses, work histories, and criminal histories, and then selling that data.
There are numerous indicators that someone has stolen your identity. Keep an eye out for questionable invoices, credit accounts unfamiliar to you, or simply a need for more correspondence. Speak with the authorities and take quick action to reclaim your identity if you believe it has been stolen.
Data breaches are a never-ending problem for millions of citizens, and the National Public Data breach is a perfect example.
It’s been a huge mess! But now we know it really happened and our stolen stuff is available online—physical addresses, social security numbers, and whatnot.
The best course of action is to avoid sharing personal information online on suspicious platforms.
You can also use PurePrivacy and a VPN to take charge and block hackers, doxxers, and illegal access before it happens.