Welcome to my other blog today we discussed “Massive Data Breach Exposes Personal Information of Billions: What You Need to Know” A recent lawsuit has revealed a staggering breach of personal data, claiming that hackers have accessed sensitive information belonging to billions of individuals. This includes Social Security numbers, current and previous addresses, and even family details—personal data that cybercriminals could easily exploit to infiltrate financial accounts or fraudulently obtain loans in the victims’ names.
The Allegation and Lawsuit
The lawsuit, filed by Christopher Hofmann a California resident, emerged after his identity . Theft protection service alerted him that his personal information had been leaked to the dark web. The breach is linked to “nationalpublicdata.com,” a background check company known as National Public Data (NPD). The breach reportedly occurred in April 2024 when a hacker group named USDoD allegedly exfiltrated the unencrypted personal information of billions from NPD. Earlier this month, a version of the stolen data was leaked for free on a hacking forum, as reported by tech site Bleeping Computer.
The Scope of the Breach
The hacker group claimed that the stolen files contain 2.7 billion records, each listing a person’s full name, address, date of birth, Social Security number, and phone number. Although it’s difficult to determine exactly how many individuals are affected, the sheer volume suggests that virtually everyone with a Social Security number might have been impacted. Cliff Steinhauer, director of information security and engagement at The National Cybersecurity Alliance, emphasized the severity of the situation, noting that this breach highlights the critical need for individuals to protect themselves, given that neither companies nor the government appear to be doing enough.
National Public Data: Who Are They?
National Public Data, based in Coral Springs, Florida, provides background checks for employers, investigators, and other businesses. The company gathers and sells data on individuals, including criminal records, vital records, and Social Security number traces. Many similar companies collect public data to compile detailed profiles on consumers, which they then sell for various purposes, often without the subjects’ consent.
The USDoD Hack: What Happened?
According to the lawsuit, the USDoD hacker group posted a database called “National Public Data” on the dark web on April 8, offering it for sale at $3.5 million. However, the data was eventually leaked for free on a hacker forum. I was making the sensitive information widely accessible to cybercriminals.
Read More
Rapids Face Ultimate Test Against Liga MX Champions Club América in Leagues Cup Quarterfinals
The Impact and Response
While the lawsuit claims that billions of individuals were affected the total population of the U.S. is about 330 million. This discrepancy suggests that the data may include multiple records for individual people, possibly reflecting various addresses or other details over time. Law firm Schubert Jonckheer & Kolbe, which is investigating the breach, believes the data may span at least three decades.
The lawsuit also alleges that NPD has not provided adequate notification to those affected by the breach. Many victims remain unaware that their sensitive personal information has been compromised. And that they are at significant risk of identity theft and other forms of harm. Despite the severity of the situation, NPD has only issued a brief statement on its website, acknowledging that a “third-party bad actor” attempted to hack into its data in late December 2023, with potential leaks occurring in April and the summer of 2024.
How to Protect Your Information
In light of this breach, security experts advise consumers to take immediate action to protect their personal data. Here are some steps you can take:
- Freeze Your Credit: Contact the three major credit bureaus—Experian, Equifax, and TransUnion—to place a freeze on your credit reports. This is a free service that prevents. New accounts from being opened in your name.
- Strengthen Your Passwords: Ensure that your passwords are at least 16 characters long and include a mix of letters, numbers, and symbols. Using a password manager can help you manage these complex passwords securely.
- Enable Multifactor Authentication: This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password.
- Be Vigilant Against Phishing Scams: Watch out for emails or messages that create a sense of urgency and pressure you into taking immediate action. These are often tactics used by scammers to trick you into revealing personal information.
- Keep Your Security Software Updated: Regularly update your computer and mobile devices with the latest security patches and software updates from trusted sources like Microsoft or Apple.
Conclusion
This breach underscores the importance of taking proactive measures to protect your personal information. As cyber threats continue to evolve, it’s crucial to stay informed and take steps to safeguard your data. While companies and governments may not always provide the necessary protection, individuals can take action to minimize their risk of becoming victims of identity theft and other cybercrimes.