In what is likely one of the largest data breaches in U.S. history, National Public Data (NPD), a leading background check firm, has confirmed the leak of an astonishing 2.7 billion records, including nearly 900 million unique Social Security numbers (SSNs).
The breach, which was detected in December 2023 but only publicly acknowledged now, has exposed the personal information of millions of Americans. The leaked data also includes names, addresses, email addresses, phone numbers, and decades of address history, with many individuals having multiple records due to address changes over the years.
Unprecedented in scale, this breach potentially affects the majority of individuals with a Social Security number in the United States. Each SSN is linked to multiple data records spanning several decades, making this leak particularly damaging. With the stolen data now circulating online, the risk of identity theft, fraud, and other malicious activities is immense. National Public Data is now facing legal battles as experts and victims grapple with the implications of this massive breach.
Why It Matters: The breach highlights significant gaps in data security protocols and regulatory oversight concerning personal information. As Americans navigate the consequences of this data leak, the effects may be felt for years to come. The scale of the breach raises important questions about the accountability of data brokers and the adequacy of current regulations in preventing such incidents. This event will likely prompt a nationwide reassessment of how sensitive data is collected, stored, and protected, potentially leading to notable reforms in cybersecurity practices and legislation.
- Scope of the Leak: The data breach at National Public Data has potentially exposed the Social Security numbers, names, addresses, and other sensitive information of millions of individuals. The data spans over three decades and includes records of both living and deceased persons.
- Hacker Activity: The breach was reportedly perpetrated by a hacker known as USDoD, who initially offered the stolen data for $3.5 million on the dark web. Portions of the data were leaked for free over the summer, raising the alarm among cybersecurity experts and the public.
- Legal and Regulatory Implications: NPD is already facing lawsuits, including a complaint in the U.S. District Court for the Southern District of Florida. The breach has reignited debates about the adequacy of data protection regulations and the need for stricter enforcement.
- Consumer Protection Advice: As threat actors will undoubtedly take advantage of this new treasure trove of leaked data, experts advise affected individuals to take immediate steps to protect their identities, such as freezing their credit reports and using reputable monitoring services to check if their data has been compromised.
Go Deeper -> Hackers May have Stolen your Social Security Number in a Massive Breach – CBS News
Background-Check Giant Confirms Security Incident Leaked Millions of SSNs – The Record