The Incident
A massive data breach at National Public Data (NPD), a background check service operating under the name Jerico Pictures, has compromised approximately 2.9 billion records. Occurring in April 2024, this breach stands as one of the largest in history. A cybercriminal group known as USDoD announced that they had acquired and were selling a vast database of personal data from NPD. This database includes sensitive information such as names, addresses, family details, and social security numbers. The data spans decades, with some records being over 30 years old.
Many affected individuals likely remain unaware of the breach or that NPD collected their data, often scraped from non-public sources without consent. This situation prompted a class action lawsuit against Jerico Pictures, alleging inadequate security measures and unauthorized data collection.
Data Brokers
Data brokers like NPD gather, store, and sell personal information without explicit consent. They pull data from various sources, including social media, public records, and other non-public sources. Key players in this industry include Equifax, Experian, Epsilon, CoreLogic, and Acxiom. These companies possess vast data reserves, which they sell to businesses for purposes such as marketing and risk management. While opting out of data collection is possible, the process is often cumbersome and does not guarantee complete removal.
Mitigation Measures
NPD has committed to notifying those affected by the breach; however, no official method exists for individuals to verify if their data was compromised. To mitigate potential damage if social security numbers are suspected stolen, individuals can:
- Report identity theft to the Federal Trade Commission (FTC) at IdentityTheft.gov.
- Regularly check credit reports for unauthorized activity.
- Place fraud alerts and credit freezes on credit files to prevent new accounts from being opened.
- Exercise caution online and avoid entering sensitive information on suspicious sites.
Pentester, a cybersecurity firm, offers a free database with redacted data post-breach, enabling people to check if their information was leaked by entering their name, state, and birth year.
Paul Laudanski, director of security research at Onapsis, highlighted the breach's implications, emphasizing the rising trend of sensitive data breaches and the necessity for businesses to enforce robust cybersecurity measures.
Takeaways
The National Public Data breach underscores the perils of data aggregation and the urgent requirement for stronger data protection strategies. As the situation unfolds, both individuals and organizations must stay alert to safeguard personal data.
