National Public Data, a Florida-based company that specializes in collecting personal information for background checks, recently made a shocking announcement regarding a massive data breach that has left millions of Americans vulnerable to identity theft. The breach, which occurred in late December 2023, was initially believed to have exposed sensitive information such as Social Security numbers, names, addresses, and phone numbers. However, a recent update from the company reveals that the hackers obtained even more sensitive data than previously reported.
According to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Fla., the hacking group USDoD claimed to have stolen personal records of 2.9 billion people from National Public Data in April. The group offered to sell the data, which included records from the United States, Canada, and the United Kingdom, for $3.5 million. This staggering revelation has raised concerns about the severity of the breach and the potential implications for those whose information has been compromised.
The information stolen by the hackers includes a person’s full name, address, date of birth, Social Security number, phone number, alternate names, and birth dates. Shockingly, none of this information was encrypted, making it easy for cybercriminals to exploit for malicious purposes. In addition to this, the breach also exposed email addresses, an essential piece of information that can be used by identity thieves and fraudsters to target individuals with phishing attacks.
Having access to a person’s email address makes it easier for cybercriminals to launch phishing attacks, where they attempt to trick individuals into revealing passwords to financial accounts or downloading malware that can extract sensitive personal information from their devices. Moreover, since many people use their email address to log into online accounts, it could potentially be used to hijack those accounts through password resets, leading to further security risks for the affected individuals.
The extent of the data breach has raised concerns about the potential repercussions for those whose information has been compromised. While a small sampling of scans using Google One did not reveal any email addresses taken during the breach on the dark web, a free tool from the cybersecurity company Pentester found that other personal data purportedly exposed by the breach, including Social Security numbers, were indeed available on the dark web. This highlights the urgent need for individuals to take proactive measures to protect their personal information and mitigate the risks associated with identity theft.
In response to the data breach, National Public Data has taken steps to address the situation and prevent further breaches from occurring. The company has implemented additional security measures to safeguard its systems and protect the data of its customers. However, the company’s efforts to notify individuals about the breach and provide them with relevant information have been met with challenges due to the sheer scale of the data theft and the logistical complexities involved in identifying and reaching out to the affected individuals.
The company’s website states that it will notify individuals if there are any further significant developments applicable to them. It also advises individuals to take preventive measures to help minimize or eliminate potential harm resulting from the breach. However, the company’s response to the breach has come under scrutiny, particularly regarding its failure to offer free credit monitoring services for those whose information was stolen, a standard practice for companies that have suffered massive data breaches.
Security experts recommend that individuals affected by the breach take proactive steps to protect their personal information and safeguard their financial accounts. This includes checking financial accounts for unauthorized activity, placing a free fraud alert on accounts at the three major credit bureaus, and monitoring credit reports for any suspicious activity. Additionally, individuals are advised to put a freeze on their credit files at the three major credit bureaus to prevent criminals from using their information to open fraudulent accounts.
In light of the data breach, it is crucial for individuals to remain vigilant and exercise caution when dealing with emails or text messages that may be phishing attempts. By checking the sender’s email address carefully, looking for typos or grammatical errors, and avoiding clicking on suspicious links, individuals can reduce the risk of falling victim to phishing scams. Reporting any suspicious emails to the email provider and the organization they claim to represent can help prevent further fraudulent activities and protect individuals from identity theft.
As the fallout from the data breach continues to unfold, it is essential for individuals to stay informed, take proactive measures to protect their personal information, and remain vigilant against potential threats. By following the recommended security practices and staying alert to signs of fraudulent activity, individuals can minimize the risk of identity theft and safeguard their financial well-being in the face of evolving cyber threats.