In April 2024, a cybercriminal using the alias “USDoD” posted the stolen data online within a criminal community. By August 6, the data reappeared, this time posted for free on various breach forums, allowing anyone to download the information.
The sensitive data exposed includes names, addresses, phone numbers, email addresses, and Social Security numbers of millions of individuals, some of whom are deceased. The breach also included previous addresses and, in some cases, alternate names.
While an official breach notice filed in Maine reported that 1.3 million records were affected, ongoing lawsuits suggest that as many as 2.9 billion records were compromised.
As investigations continue, cybersecurity experts have noted that some of the data released was inaccurate, and much of it—aside from Social Security numbers—was already publicly available. However, this does not diminish the severity of the breach.
Why Is This Breach Dangerous?
Even though much of the exposed information is public, having it all consolidated in one place makes it easy for cybercriminals to use for identity theft. Criminals can exploit this information to apply for credit cards, loans, or open bank accounts in someone else’s name.
Additionally, details like former addresses or the last four digits of a Social Security number are often used for security questions, which could allow hackers to bypass authentication and access private accounts.
Experts also anticipate a rise in phishing and smishing (phishing via SMS) attacks as criminals use this leaked data to scam individuals.
Could You Be Affected Even if You’ve Never Heard of National Public Data?
Yes! Even if you’ve never interacted with National Public Data, organizations you’ve dealt with—such as businesses, landlords, or employers—may have used their services to gather information about you.
What Can You Do to Protect Yourself?
Step 1: Check if Your Data Was Exposed
Use tools like https://npd.pentester.com/ to see if your information was compromised. If it has been, take immediate steps to secure your identity.
Step 2: Freeze Your Credit
Request a copy of your credit report and then freeze your credit. This is one of the best ways to protect yourself from identity theft, as it prevents criminals from opening new lines of credit in your name. Contact all three major credit bureaus—Equifax, TransUnion, and Experian—and request a credit freeze. This service is free and can be completed in less than 10 minutes per bureau.
If there are others in your household over 18, consider freezing their credit as well. Anyone with a Social Security number is vulnerable after a breach of this scale.
After freezing your credit, review your credit report for any unauthorized activity and set up alerts to monitor your credit regularly.
Step 3: Be Aware of Phishing Scams
Many cybercriminals will use the leaked data to launch phishing attacks via phone calls, text messages, emails, and social media. Be extra cautious about unsolicited communications and never provide personal information unless you’re sure of the sender’s legitimacy.
Conclusion
The National Public Data breach is a stark reminder of how vulnerable personal information can be. Take proactive steps to protect yourself by freezing your credit, monitoring for unauthorized activity, and staying vigilant against phishing scams. While the full impact of this breach is still unfolding, acting now can help minimize the risk of identity theft.
A data breach is devastating for everyone involved – the business hacked and the customers or employees whose data is leaked. As a business owner or managing officer, it is your responsibility to make sure you are taking the highest precautions to protect your business and its data. If you want to do a full assessment and find out if any of your information has been leaked or if your network is vulnerable to a breach, we’ll do a Security Risk Assessment. This deep dive into your network will provide you with a blueprint for security steps to take. To book yours, call our office at 843-418-4792 or click https://www.spartantec.com/discoverycall/.