National Public Data Breach: An Overview
Recently, National Public Data, a US-based background-checking company, made headlines due to a significant data breach that affected billions of people worldwide. The breach has now led the company to notify around 1.3 billion individuals about the potential compromise of their personal information.
What Happened?
The incident was initially reported following a lawsuit against National Public Data, where it was alleged that the personal data of nearly three billion users was sold online. The company has since filed a notification with the Office of the Maine Attorney General and sent out letters to the affected individuals as of August 12, 2024.
Scope of the Breach
According to the notification, the breach likely involved a third-party hacker who attempted to access the data late in December 2023, with further potential data leaks occurring in April and summer 2024. The data believed to be impacted includes sensitive information such as names, email addresses, phone numbers, Social Security numbers, and mailing addresses.
Challenges in Identifying Impact
National Public Data has indicated challenges in determining the complete scope of those affected. The letter states, "We cooperated with law enforcement and governmental investigators and conducted a review of the potentially affected records."
Security Measures and Recommendations
In response to the breach, the company has implemented additional security measures to prevent such incidents in the future. They have also advised victims to set up credit monitoring and fraud alerts. The data in question was reportedly offered for sale on a well-known hacking forum by a user named USDoD for a staggering price of US$3.5 million.
Who is USDoD?
The threat actor USDoD has a notorious track record in the world of cybercrime. The actor previously claimed responsibility for hacking Airbus in September 2023 and offering a US criminal database with 70 million records in May 2024. This individual has been active since December 2022.
Takeaway
For individuals potentially affected by this breach, it is crucial to remain vigilant by monitoring financial accounts and being wary of unusual activities. Enhancing cybersecurity awareness and taking preventive actions can help mitigate the risks posed by such breaches.
