A massive database containing over 2.7 billion records has reportedly been leaked on a crime forum. These records belong to individuals in the United States and were allegedly stolen from the National Public Data (NPD). While the accuracy of the leaked data could not be confirmed, hackers reportedly obtained sensitive information such as names, mailing addresses, and social security numbers. The scale of this breach is so large that if you’re a US resident, some of your data may be included.
For security alerts and expert tips, sign up for KURT’s newsletter, The Cyberguy Report, here.
Illustration of a hacker at work (Kurt “Cyberguy” Knutson)
What you need to know
Beep computer The database was reportedly posted on the criminal forum Breachforums, where threat actors frequently post such leaks. What’s interesting is that the stolen database was available for free download. The poster, who identifies himself as a hacker named “SXUL,” said that “a new player has arrived.” Hackers usually sell leaked databases like this one for a high price.
The database was stolen from NPD, which collects data from public sources to create individual user profiles for people in the United States and other countries. NPD then sells this personal data to all kinds of organizations, including background check websites, investigators, app developers, and data resellers.
It’s important to note that while the database has 2.7 billion records, this doesn’t necessarily mean that 2.7 billion people were affected — many of these records are duplicates, and some are inaccurate — but the breach still affected a significant number of people in the United States.
This isn’t the first time NPD data has ended up on a crime forum: Bleeping Computer claimed in April that a hacker known as USDoD was selling 2.9 billion records containing personal data of people in the US, UK and Canada, but noted that data was also stolen from the NPD.
NPD data leaked on hacking forum (Bleeping Computer) (Kurt “Cyberguy” Knutson)
World’s largest database of stolen passwords uploaded to crime forum
NPD faces consequences
NPD, owned by Jericho Pictures, is facing multiple lawsuits for failing to protect people’s data. One lawsuitThe lawsuit, filed by California resident Christopher Hoffman, alleges that NPD was negligent and breached its fiduciary duties and contracts with third parties.
The plaintiffs are asking the court to order NPD to delete all personal information it has collected and to begin encrypting that data going forward. In addition to monetary penalties, the plaintiffs are also seeking to require NPD to segment data, conduct regular database scans, implement a threat management program, and have a third party conduct annual cybersecurity audits for the next 10 years.
We reached out to NPD for comment but did not hear back by deadline.
Woman accessing data on computer (Kurt “Cyberguy” Knutson)
Massive data breach exposes personal information of over 3 million Americans to cybercriminals
It’s time to invest in identity theft protection
Hoffman found out about the data breach through an identity theft protection service, which detected his data in the leaked database. The service notified Hoffman, which prompted him to take action and file a lawsuit. Data breaches happen every day, and while most don’t make the headlines, an identity theft protection service can notify you when you’re a victim. Check out our tips and best choices for protecting yourself against identity theft.
4 ways to protect yourself from a data breach
In addition to opting for an identity theft protection service, you can also follow these tips to protect yourself from data breaches:
1) Remove your personal information from the Internet: While no service can guarantee complete removal of your data from the internet, data removal services are a really smart choice. It’s not cheap, and neither is privacy. These services do all the work for you by actively monitoring and systematically removing your personal information from hundreds of websites. That gives me peace of mind and has proven to be the most effective way to remove your personal data from the internet. Limiting the information available reduces the risk that fraudsters will cross-reference data from a breach with information they find on the dark web, making it harder for them to target you. Check out my recommended data deletion services here.
2) Be careful with mailbox communication: Bad actors may also try to commit fraud through the mail. Data leaks give them access to your address. They may impersonate people or brands you know and use themes that require urgent action, such as delivery delays, account suspensions, and security alerts.
3) Beware of phishing scams: Be wary of emails, phone calls, and messages from unknown sources asking for personal information. Don’t click on suspicious links or provide sensitive information unless you can verify the legitimacy of the request.
The best way to protect yourself from clicking on malicious links that install malware is to install strong antivirus protection on all your devices. We’ve handpicked the winners of the best antivirus protection of 2024 for Windows, Mac, Android and iOS devices.
4) Monitor your account: A breach of this magnitude will require you to regularly check your bank accounts, credit card statements, and other financial accounts for any fraudulent activity. If you notice any suspicious transactions, report them to your bank or credit card company immediately.
What ruthless hackers stole from 110 million AT&T customers
Important points about the cart
If the database leak is real, it’s a major security failure on NPD’s part. Since NPD’s business revolves around collecting and selling data, they should have strong encryption and security measures in place, especially if this isn’t the first time hackers have targeted NPD. If NPD is putting people at risk, they should be held accountable and compensate people for any financial losses they may suffer as a result of the leak.
What do you think about companies that collect and sell our data? Should they be held accountable for violations? Cyberguy.com/Contact Us.
If you want to receive more of my tech tips and security alerts, subscribe to the free CyberGuy Report newsletter at the link below. Cyberguy.com/Newsletter.
Have a question for Kurt or tell us the story you’d like to see featured?.
Follow Kurt on his social channels:
Answers to the CyberGuy’s most frequently asked questions:
Copyright 2024 CyberGuy.com. All Rights Reserved.
