In a shocking revelation, National Public Data, a Florida-based consumer data broker, has suffered a massive data breach that may be even worse than initially suspected. The breach, publicly acknowledged on August 12, 2024, has exposed sensitive information of over 100 million Americans.
National Public Data Center is a data broker, a company that collects and sells information from public data sources. This includes criminal records, addresses, employment history, and, primarily, Social Security Numbers used for background checks.
What we know:
The breach was first discovered in April 2024 when a cybercriminal known as “USDoD” posted on Breachforums, claiming to have stolen four terabytes (4 million megabytes) of data from NationalPublicData.com. This data included 2.9 billion rows of records containing millions of individuals’ names, addresses, phone numbers, email addresses, and Social Security Numbers. The hacker initially attempted to sell the data for $3.5 million.
National Public Data has stated that the breach involved a third-party bad actor who attempted to hack into their data in late December 2023, with potential leaks occurring in April and summer 2024.
The company has cooperated with law enforcement and governmental investigators and is reviewing the affected records to notify impacted individuals.
The breach has affected a vast number of people, with 137 million unique email addresses identified in the leaked data; however, it is essential to note that not all records containing social security numbers included email addresses. The leaked data also comprises 70 million rows from a database of U.S. criminal records.
What can you do to protect yourself?
It may be weeks or months before you are notified if your data was part of the breach. In the meantime, taking immediate steps to protect your personal information is crucial.
Put a security freeze on your credit reports. A security freeze, also known as a credit freeze, restricts access to your credit report, making it harder for identity thieves to open new accounts in your name. Contact each of the three major credit bureaus (Equifax, Experian, and TransUnion) to place a freeze on your credit report. This step is free and can be done online, by phone, or by mail.
Change the passwords for all your online accounts immediately. Use unique and complex passwords for each different account, combining letters, numbers, and special characters and avoiding references to anything that could be found on your social profiles, like your first pet’s name or the street where you grew up. Reset passwords again every two to three months. Consider an encrypted password manager to keep track of your passwords.
Enable multi-factor authentication on ALL of your online accounts. Two-factor authentication (2FA) or multi-factor authentication (MFA) adds an extra layer of security to your online accounts by requiring an additional form of verification, such as a code sent to your phone.
Call your cell phone company and ask them to set up SIM swap or port-out fraud prevention. This will help protect your phone number from being hijacked by cybercriminals, who could use it to access your accounts by side-stepping your MFA protections.
By taking these steps, you can better safeguard your personal information and reduce identity theft risk. Stay vigilant and proactive in monitoring your accounts and credit reports for any suspicious activity.
Allow Commonwealth Sentinel to be your partner in risk reduction and ensuring the well-being of all. Our comprehensive services range from software and hardware solutions to training and policy implementation. Click here to set up a free cyber security consultation, or contact us at (502) 320-9885 to learn more about how we can help you achieve peace of mind.