National Public Data (NPD) is a Florida based company that provides background check services including reports on an individual’s criminal records, bankruptcies, and other activities which includes details such as social security numbers.
In mid-2024 a lawsuit was filed claiming that hackers have gained access to these sensitive records and are in possession of the personal information of “billions of individuals”. Other data they could have include address history, family member names, and other intimate details that can be used to open lines of credit and loans on their behalf.
The suit alleges the hacker group USDoD was able to attain the unencrypted personally identifying information and it was subsequently leaked on a popular hacking forum. The leaker claims the stolen files include almost 3 billion records from which anyone could look up these attributes:
- First name
- Middle name
- Last name
- Mailing address (past & present)
- Email address
- Date of birth (DoB)
- Social Security Number (SSN)
- Phone number(s)
Recommend Action to Take Now
The director of information security and engagement at The National Cybersecurity Alliance said it’s likely “that everyone with a Social Security number was impacted”. Based on these alarming claims, DataBreaches.com is recommending everyone place a freeze on their credit reports until further investigations are completed. You can learn more about the process by visiting the following government website which has links to the 3 major credit agency’s credit freeze applications:
https://www.usa.gov/credit-freeze
While it is unclear who and how many people are at risk, NPD did say it “will try to notify you if there are further significant developments applicable to you.” Unless you are currently applying for new credit and a credit increase it is likely best not to wait. Go ahead and freeze your credit report if so.
Data Breach Timeline
The hack itself started in late 2023 according to National Public Data with the breaches coming in April in the summer of 2024. Shortly after the April breach, USDoD published a database titled “National Public Data” on the dark web. It was described as containing records for roughly 2.9 billion people. The asking price for a purchase was only $3.5 million which seems like a small price considering the widespread impact the public release would result in. The database was later leaked to a forum for free.