In what could be one of the largest data breaches in history, personal information of potentially billions of individuals may have been compromised in a hack of National Public Data (NPD), a Florida-based background check company. The breach, which allegedly occurred in April 2024, has raised significant concerns about data security and identity theft risks.
According to a lawsuit filed in the U.S. District Court for the Southern District of Florida, a hacker group known as USDoD claims to have exfiltrated personal data of approximately 2.9 billion individuals from NPD's database. The hackers initially offered this data for sale on the dark web for $3.5 million. However, in a concerning development, a version of the stolen data was reportedly leaked for free on a hacking forum in early August 2024. Bloomberg Law was the first to report on the lawsuit.
The compromised information is extensive and highly sensitive. It allegedly includes full names, current and past addresses, dates of birth, phone numbers, Social Security numbers, and even information about relatives, including some deceased individuals.
NPD, which provides background check services to employers, investigators, and other businesses, reportedly obtains this information by scraping data from various sources, often without the direct consent of the individuals involved. This practice, while currently legal due to the lack of comprehensive national privacy laws in the United States, raises ethical questions about data collection and storage.
As of mid-August 2024, NPD had not provided any official notice or warning to potentially affected individuals about the breach. This lack of communication has drawn criticism and forms part of the basis for the lawsuit filed by California resident Christopher Hofmann.
The scale of this breach, if confirmed, would rival or exceed other notorious data breaches in history, such as the 2013 Yahoo breach that affected an estimated 3 billion accounts.
Experts recommend that consumers take immediate steps to protect their personal information:
- Freeze credit reports with the three major credit bureaus: Equifax, Experian, and TransUnion.
- Use complex, unique passwords for all accounts and consider using a password manager.
- Enable multi-factor authentication (MFA) wherever possible.
- Stay alert for phishing attempts and other scams.
- Keep all software and security systems up to date.
- Consider using a service that monitors for appearance of personal data on the dark web.
As investigations continue and legal proceedings unfold, this breach is a reminder of the vulnerabilities in our digital ecosystem and the urgent need for stronger data protection measures. It also highlights the importance of individual vigilance in safeguarding personal information.
The situation remains fluid, and further developments are expected as more details emerge about the extent and implications of this massive data breach.
Follow SecureWorld News for more stories related to cybersecurity.
