Hackers Allegedly Do Billions of Personal Records Breach: What You Need to Know

2.9 Billions of Personal Records Breach

In a shocking new development, a lawsuit has surfaced claiming that hackers have accessed the personal information of billions of individuals, including Social Security numbers, current and past addresses, and even the names of siblings and parents. This sensitive data, if in the wrong hands, could be exploited by fraudsters to infiltrate financial accounts or take out loans under false identities. The alleged breach has sent ripples through the cybersecurity community, raising urgent questions about data privacy and protection.

The Lawsuit and Allegations

The lawsuit, filed earlier this month by Christopher Hofmann, a California resident, sheds light on the extent of the breach. Hofmann claims that his identity theft protection service alerted him to the fact that his personal information had been leaked to the dark web. The source of the breach, according to the lawsuit, is a company called National Public Data (NPD), a background check company based in Coral Springs, Florida. The breach was allegedly orchestrated by a hacker group known as USDoD, which exfiltrated the unencrypted personal information of billions of individuals.

The breach reportedly occurred around April 2024, with USDoD allegedly stealing the data and subsequently leaking it on the dark web. A version of the stolen NPD data was recently made available for free on a hacking forum, according to a report by tech site Bleeping Computer. The stolen files are said to contain 2.7 billion records, with each record including a person’s full name, address, date of birth, Social Security number, and phone number. While the exact number of affected individuals remains unclear, experts suggest that the breach could potentially impact everyone with a Social Security number.

National Public Data: The Company at the Center of the Breach

National Public Data is a data broker that provides background checks for employers, investigators, and other businesses. These background checks often involve scraping public data to create comprehensive files on individuals, which are then sold to other businesses. The company’s services include searches for criminal records, vital records, Social Security number traces, and more.

The USDoD Hack: What We Know So Far

According to the lawsuit, the hacker group USDoD posted a database called “National Public Data” on the dark web on April 8, 2024. The group claimed to have records for about 2.9 billion individuals and was asking for a purchase price of $3.5 million. However, Bleeping Computer later reported that the file was leaked for free on a hacker forum.

The exact number of individuals affected by the breach is still unclear. While the lawsuit claims that billions of individuals had their data stolen, the total population of the U.S. is around 330 million. The lawsuit also alleges that the data includes personal information of deceased individuals, further complicating the scope of the breach.

The hacked data involves 2.7 billion records, with some individuals having multiple records in the database. For example, one individual could have separate records for each address where they have lived, meaning the number of impacted people may be lower than the lawsuit claims.

National Public Data’s Response

Despite the severity of the breach, it remains unclear whether NPD has notified individuals affected by the hack. The lawsuit claims that NPD “has still not provided any notice or warning” to Hofmann or other impacted individuals. “In fact, upon information and belief, the vast majority of Class Members were unaware that their sensitive [personal information] had been compromised, and that they were, and continue to be, at significant risk of identity theft and various other forms of personal, social, and financial harm,” the lawsuit states.

Information security company McAfee reported that it has not found any filings with state attorneys general, which some states require after data breaches. However, NPD did post an alert about the breach on its website, stating that it believes the information breached includes names, email addresses, phone numbers, Social Security numbers, and mailing addresses. The company also said it is working with law enforcement and government investigators and that it “will try to notify you if there are further significant developments applicable to you.”

Protecting Yourself from the Breach

Given the widespread nature of the breach, many people are understandably concerned about the security of their personal information. Fortunately, there are steps that individuals can take to protect themselves. Managing Director of cybersecurity firm Smart Technology, advises consumers to use tools that monitor what information about them is available on the dark web. Such services can alert individuals if their data appears in places it shouldn’t, as in the case of Hofmann, who discovered his information had been leaked through an identity theft protection service.

Cliff Steinhauer also recommends several proactive measures to protect your data and finances. One of the most important steps is to freeze your credit files at the three major credit bureaus: Experian, Equifax, and TransUnion. Freezing your credit is free and will prevent bad actors from taking out loans or opening credit cards in your name. “The biggest thing is to freeze your credit report, so it can’t be used to open new accounts in your name and commit other fraud in your name,” Steinhauer advised.

Other recommended security measures include:

• Use Strong Passwords: Make sure your passwords are at least 16 characters long and complex. Consider using a password manager to save these passwords securely.
• Enable Multifactor Authentication: This adds an extra layer of security by requiring two or more verification factors to gain access to your accounts.
• Stay Alert for Phishing Scams: Be cautious of any unsolicited emails or messages that create a sense of urgency, as these are common tactics used by scammers.
• Keep Security Software Updated: Ensure that your computer and other devices have the latest security updates from Microsoft or Apple installed.

Finally, consider using a tracking service that will alert you if your data appears on the dark web. While these steps may not fully protect against all threats, they can significantly reduce the risk of becoming a victim of identity theft or other forms of cybercrime.

Conclusion

The alleged breach of National Public Data is a stark reminder of the vulnerabilities that exist in our increasingly digital world. As more personal information is stored and shared online, the risk of such breaches continues to grow. It is crucial for individuals to take proactive steps to protect their data, as relying solely on companies and government agencies may not be enough. By staying informed and taking the necessary precautions, consumers can better safeguard their personal information against the ever-evolving threats posed by cybercriminals.

You can contact us by phone, email, or by visiting our offices:

• Phone: (386) 261-8323
• Email: contact@smarttechfl.com
• Address: 771 Fentress Blvd. #10, Daytona Beach, FL 32114