National Public Data admits to security breach leaking social security numbers of millions in US

In April, a threat actor identified as USDoD tried to sell 2.9 billion records from the US, UK, and Canada


News Desk August 19, 2024
Huge data breach in US, compromised social security data of millions of US citizens. PHOTO: FILE

A recent data leak has exposed 2.7 billion records of personal information belonging to individuals in the United States, including Social Security Numbers.

The breach has been linked to National Public Data, a company known for scraping information from non-public sources for background checks. The company has now confirmed a "data security incident," acknowledging that names, emails, addresses, phone numbers, Social Security Numbers, and mailing addresses were compromised.

In its Security Incident report, National Public Data vaguely attributed the breach to a third-party bad actor. The company stated that this actor attempted to hack into its data in late December 2023, with "potential leaks of certain data" occurring in April 2024 and summer 2024. These statements suggest that the hacker successfully infiltrated the system.

In April, a threat actor identified as USDoD tried to sell 2.9 billion records from the US, UK, and Canada for $3.5 million, claiming the data was stolen from National Public Data. Since then, parts of the data have been leaked online, with the most recent release being particularly comprehensive and sensitive.

National Public Data said it is cooperating with law enforcement to assess the impact of the breach and plans to "try to notify" affected individuals "if there are further significant developments applicable" to them.

The company has urged those potentially impacted to monitor their financial accounts for fraudulent activities, obtain free credit reports, and consider placing a fraud alert on their files.

The company is already facing a proposed class action lawsuit filed in early August. The plaintiff, alerted by their identity theft protection service that their information had been posted on the dark web, claims National Public Data failed "to properly secure and safeguard the personally identifiable information that it collected and maintained as part of its regular business practices."

COMMENTS

Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ