In April, a threat actor known as USDoD attempted to sell 2.9 billion records from the US, UK, and Canada.
A significant data breach has recently been confirmed, revealing that 2.7 billion records containing sensitive personal information from individuals across the United States have been compromised. The breach has been linked to National Public Data, a company specializing in aggregating and scraping information from non-public sources for background checks.
Details of the Breach
The exposed data includes a wide array of personal details such as names, email addresses, physical addresses, phone numbers, and Social Security Numbers. National Public Data has admitted to the security incident, describing it as a serious breach of its data protection protocols. The company has acknowledged that the incident involved unauthorized access by a third-party actor, though specifics about the actor’s identity and methods remain vague.
According to National Public Data’s Security Incident report, the breach traces back to an attempted hack in late December 2023. The company indicated that “potential leaks of certain data” began to occur in April 2024, with further sensitive information being released over the summer of 2024. These details suggest that the intruder managed to penetrate the company’s security systems successfully.
Threat Actor’s Actions and Claims
In April, a threat actor identified as USDoD sought to sell a massive cache of 2.9 billion records, including those from the US, UK, and Canada, for $3.5 million. The actor claimed that the data had been stolen from National Public Data. Since then, portions of the stolen data have surfaced online, with recent leaks including particularly detailed and sensitive information.
Company Response and Ongoing Measures
In response to the breach, National Public Data has stated that it is collaborating with law enforcement agencies to assess the full extent of the breach and its impact. The company has also pledged to “try to notify” affected individuals if there are significant updates or developments related to their personal data.
To mitigate the impact of the breach, National Public Data is advising individuals who might be affected to closely monitor their financial accounts for any suspicious activity. The company also recommends that individuals obtain free credit reports and consider placing a fraud alert on their credit files as precautionary measures.
Legal and Public Fallout
The breach has resulted in legal action against National Public Data. A proposed class action lawsuit was filed in early August by a plaintiff who discovered through their identity theft protection service that their personal information had been posted on the dark web. The plaintiff alleges that National Public Data failed to “properly secure and safeguard the personally identifiable information” that it collected and maintained.
Future Implications
This breach underscores significant concerns regarding data security and the responsibilities of companies handling sensitive personal information. As investigations continue, both the company and affected individuals will be closely monitoring the developments. The incident highlights the increasing risks associated with data privacy and the critical importance of robust cybersecurity measures to protect personal information from unauthorized access.A significant data breach has recently been confirmed, revealing that 2.7 billion records containing sensitive personal information from individuals across the United States have been compromised. The breach has been linked to National Public Data, a company specializing in aggregating and scraping information from non-public sources for background checks.
Details of the Breach
The exposed data includes a wide array of personal details such as names, email addresses, physical addresses, phone numbers, and Social Security Numbers. National Public Data has admitted to the security incident, describing it as a serious breach of its data protection protocols. The company has acknowledged that the incident involved unauthorized access by a third-party actor, though specifics about the actor’s identity and methods remain vague.
According to National Public Data’s Security Incident report, the breach traces back to an attempted hack in late December 2023. The company indicated that “potential leaks of certain data” began to occur in April 2024, with further sensitive information being released over the summer of 2024. These details suggest that the intruder managed to penetrate the company’s security systems successfully.
Threat Actor’s Actions and Claims
In April, a threat actor identified as USDoD sought to sell a massive cache of 2.9 billion records, including those from the US, UK, and Canada, for $3.5 million. The actor claimed that the data had been stolen from National Public Data. Since then, portions of the stolen data have surfaced online, with recent leaks including particularly detailed and sensitive information.
Company Response and Ongoing Measures
In response to the breach, National Public Data has stated that it is collaborating with law enforcement agencies to assess the full extent of the breach and its impact. The company has also pledged to “try to notify” affected individuals if there are significant updates or developments related to their personal data.
To mitigate the impact of the breach, National Public Data is advising individuals who might be affected to closely monitor their financial accounts for any suspicious activity. The company also recommends that individuals obtain free credit reports and consider placing a fraud alert on their credit files as precautionary measures.
Legal and Public Fallout
The breach has resulted in legal action against National Public Data. A proposed class action lawsuit was filed in early August by a plaintiff who discovered through their identity theft protection service that their personal information had been posted on the dark web. The plaintiff alleges that National Public Data failed to “properly secure and safeguard the personally identifiable information” that it collected and maintained.
Future Implications
This breach underscores significant concerns regarding data security and the responsibilities of companies handling sensitive personal information. As investigations continue, both the company and affected individuals will be closely monitoring the developments. The incident highlights the increasing risks associated with data privacy and the critical importance of robust cybersecurity measures to protect personal information from unauthorized access.