HashBringing Breach Blog

Hashbringing Breaches: Cyber news third hand

National Public Data Gets PWNED!

 

 

A class-action lawsuit has revealed that National Public Data experienced a significant data breach, potentially compromising the Social Security numbers of a majority of Americans. The breach also included sensitive information such as home addresses, emails, and phone numbers—enough to submit fraudulent credit card applications. The breach may have occurred as early as December 2023, with the first signs of compromise appearing in a breach blog post by a user named "USDOD." This user claimed to possess 2.9 billion records on Americans and requested a payment of $3.5 million. While it's unclear if the records have been sold, it’s likely that the data, or parts of it, have already been purchased by malicious actors.

 

 

 

If you're just now hearing about National Public Data, you're not alone. This company is typically used by employers to conduct background checks. However, why they deemed it necessary to store the personal information of nearly all Americans in a single, seemingly vulnerable location remains unclear. While it's too late to change what's happened, breaches like this underscore the urgent need for governments to implement stronger controls over the collection and storage of Personally Identifiable Information (PII). Additionally, more punitive measures should be enforced when companies fail to protect this sensitive data.

 

 

 

 

What can you do... 

 

Unfortunately, there isn't much the average person can do to prevent breaches like this. My main advice is to sign up for credit monitoring and stay vigilant, especially when it comes to any unexpected credit checks over the next year or longer. While National Public Data has stated they will offer monitoring services to those affected, I believe it's unlikely they'll reach everyone impacted. Additionally, be cautious about where you share your personal information, although many of those affected by this breach had likely never even heard of this company before. Stay alert, and let's hope you don’t get (further) compromised!