In September 2024, National Public Data confirmed that a massive data breach compromised the personal information of millions of individuals. This breach exposed names, email addresses, phone numbers, mailing addresses, and even Social Security numbers of up to 2.9 billion people. Here’s what you need to know and how to protect yourself.
What Happened?
National Public Data, a data broker specializing in criminal records, background checks, and public data for industries like HR, government, and investigative services, was hacked. The breach began in December 2023, when a third-party cybercriminal gained access to their system.
In April, a hacker known as “USDoD” posted the stolen data in a criminal community, and on August 6, the data resurfaced—this time made available for free across multiple breach forums, accessible to anyone.
The leaked information includes:
Though the breach notice officially lists 1.3 million records as compromised, some lawsuits suggest the number could be as high as 2.9 billion.
Why Is This Breach Dangerous?
Even though much of the data (aside from Social Security numbers) may already be publicly accessible, the real danger lies in the consolidation of this information. Having everything in one place makes it easier for cybercriminals to engage in identity theft, such as:
Additionally, sensitive data like childhood street names or the last four digits of your Social Security number can be used to answer security questions, giving hackers access to your personal accounts. Experts are also warning of a surge in phishing and smishing (phishing via SMS) attacks that may arise from this breach.
Can You Be Affected if You’ve Never Heard of National Public Data?
Yes! Even if you’ve never interacted with National Public Data, your information could still be part of their records. Businesses, landlords, and other organizations often use data brokers like National Public Data to gather information.
How to Protect Yourself
If you’re worried about your data being compromised, here’s a three-step action plan to safeguard your identity and personal information:
Step 1: Check If Your Data Was Exposed
Use tools like
https://npd.pentester.com to see if your information was part of the breach. If your data is compromised, act immediately to protect yourself.
Step 2: Freeze Your Credit
The best way to prevent identity theft is to freeze your credit. This will block anyone from opening new lines of credit in your name. Contact all three major credit bureaus—Equifax, TransUnion, and Experian—to freeze your credit. The process is free and should take about 10 minutes per site.
Also, request a copy of your free credit report and review it for any unauthorized activity. Set up alerts to monitor your credit regularly. If you have other adults in your household, encourage them to freeze their credit too, as anyone with a Social Security number is vulnerable in a breach of this magnitude.
Step 3: Stay Vigilant for Phishing Scams
Cybercriminals may use the leaked information to send phishing emails, text messages, or make phone calls pretending to be legitimate entities. Be cautious and skeptical of unexpected communications that ask for personal information or encourage you to click on unfamiliar links.
Protect Your Business from Data Breaches
Data breaches are devastating not only for the individuals whose information is compromised but also for the businesses involved. As a business owner, it’s your responsibility to ensure your company’s data is secure and protected from potential threats.
If you’re concerned about your business’s security or want to check if your systems have been compromised, we offer a FREE Security Risk Assessment. This comprehensive evaluation will help identify vulnerabilities and outline the steps needed to secure your network.