National Public Data, which aggregates data to provide background checks, has confirmed it suffered a massive data breach involving Social Security numbers and other personal data on millions of Americans.
The Coral Springs, Florida, company posted on its website a notice this week that "there appears to a have been a data security incident that may have involved some of your personal information. The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024."
News about the breach first came from a class action lawsuit filed in U.S. District Court in Fort Lauderdale, Florida, and first reported on by Bloomberg Law. Stolen from National Public Data (NPD) were 2.9 billion records including names, addresses, Social Security numbers and relatives dating back at least three decades, according to law firm Schubert, Jonckheer & Kolbe, which filed the suit.
NPD said the breached data included names, email addresses, phone numbers and mailing addresses, as well as Social Security numbers. The company said it is cooperating with investigators and has "implemented additional security measures in efforts to prevent the reoccurrence of such a breach and to protect our systems."
National Public Data breach:Why you should be worried about massive data breach and what to do.
Identity protection:How and why to freeze your credit
Cybersecurity firm Pentester said it got the data and created a tool you can use to see if your information is in the breach – it shows names, addresses, address histories, and Social Security numbers. You will find it at npd.pentester.com.
Because financial institutions use Social Security numbers on applications for loans and credit cards and on investments, having that information that information available to bad actors poses a serious risk, Pentester.com co-founder Richard Glaser said in an advisory on the company website.
He also suggested freezing credit reports. "Names, addresses and phone numbers might change, but your Social Security number doesn't," Glaser said.
Your wallet, explained. Sign up for USA TODAY's Daily Money newsletter.
NPD also advised consumers to "closely monitor your financial accounts and if you see any unauthorized activity, you should promptly contact your financial institution." Consumers might want to get a credit report and get a fraud alert on their credit file, the company said.
Consumers should do more than that and freeze their credit report, Odysseas Papadimitriou, CEO of personal finance site WalletHub, told USA TODAY. “Placing a fraud alert is not as effective as freezing your report," he said.
"A fraud alert is more of a heads up to lenders, which they can easily ignore. It doesn’t do much in practice," Papadimitriou said. "A freeze, on the other hand, stops fraud in its tracks by preventing identity thieves from opening accounts in your name.”
He and other security experts suggest consumers take that step because the personal data is likely in the hands of hackers.
The class action suit alleges it was cybercriminal group USDoD that accessed NPD's network and stole unencrypted personal information. Then the group posted a database it said had information on 2.9 billion people on the dark web on about April 8, 2024, seeking to sell it for $3.5 million.
Follow Mike Snider on X and Threads: @mikesnider & mikegsnider.
What's everyone talking about? Sign up for our trending newsletter to get the latest news of the day
2024-12-27 01:24449 view
2024-12-27 00:592432 view
2024-12-27 00:452826 view
2024-12-26 23:142687 view
2024-12-26 23:08190 view
2024-12-26 23:011764 view
You’ve heard of doomscrolling, now get ready for doom spending.A new report published by consulting
BEIJING (AP) — A group of U.S. senators visiting Beijing expressed hope Tuesday that they had opened
No S.O.S. here: Joe Jonas and Sophie Turner are on the same page regarding their co-parenting dynami