Two days ago National Public Data, which aggregates data to provide background checks, has confirmed it suffered a massive data breach involving Social Security numbers and other personal data on millions of Americans. News about the breach first came from a class action lawsuit filed in U.S. District Court in Fort Lauderdale, Florida, and first reported on by Bloomberg Law. Stolen from National Public Data (NPD) were 2.9 billion records including names, addresses, Social Security numbers and relatives dating back at least three decades, according to law firm Schubert, Jonckheer & Kolbe, which filed the suit.
Here's a breakdown of what is known thus far:
Nature of the Breach: National Public Data, a company specializing in background checks and fraud prevention, had its data accessed, leading to the exposure of vast amounts of personal information. This included names, Social Security numbers, physical addresses, and more, stretching back decades.
Confirmation and Details: National Public Data confirmed the breach, admitting that suspicious activities were detected in their network as early as late December 2023, with data leaks occurring in April 2024 and throughout the summer. The breach was not just a singular event but involved multiple tranches of data being leaked over time.
Data Involved: The compromised data was not just limited to living individuals but also included information on deceased persons. This dataset was so extensive that it was initially put up for sale on the dark web for $3.5 million, suggesting its perceived value to cybercriminals.
Public and Legal Response: Following the breach, there was a significant public outcry and legal action. A class-action lawsuit was filed against National Public Data, with demands for the company to purge the personal information of all affected individuals, encrypt data moving forward, and implement stringent cybersecurity measures.
Implications for Individuals:
Identity Theft: With Social Security numbers and other detailed personal information exposed, there's a heightened risk of identity theft.
Credit Monitoring: Experts recommend that affected individuals should consider freezing their credit, regularly checking their credit reports, and being vigilant for signs of fraudulent activities.
Data Accuracy: Interestingly, not all data might be accurate or complete, which complicates the issue of identity verification and protection.
Security Recommendations: Users and security experts suggest steps like setting up fraud alerts, using identity theft protection services, and not providing sensitive information unless absolutely necessary.
Broader Implications: This breach underscores the vulnerability of data aggregation companies and the need for robust cybersecurity measures. It also reignites discussions on data privacy laws, suggesting that current regulations might be insufficient in protecting personal data in the digital age.
The National Public Data breach serves as a stark reminder of how personal data, when not adequately protected, can lead to widespread risks of fraud and identity theft, prompting calls for stricter data protection laws and better cybersecurity practices across industries.
Identity Guard notified me yesterday morning/4:30 a.m. that they found my SS# on the dark web & that I should freeze/lock credit reports & check for unauthorized activity. Breach Name: National Public Data
—— B L A B L A … BLA BLA BLA …. —- B L A — …!!!