Social Security Numbers at Risk After Major Data Breach at National Public Data
WCTU — In what is being described as one of the largest data breaches in recent history, the personal information of millions of individuals, including Social Security numbers, has been compromised after hackers infiltrated the database of National Public Data (NPD), a Florida-based background check company. The breach, which came to light after a class-action lawsuit was filed in U.S. District Court in Fort Lauderdale, Florida, has left cybersecurity experts and affected individuals scrambling to mitigate potential damages.
The breach is believed to have occurred in April 2024, when the hacking group USDoD allegedly stole approximately 2.9 billion records from NPD, as reported by Bloomberg Law. These records include sensitive information such as names, address histories, dates of birth, Social Security numbers, and phone numbers. Some of this data reportedly dates back over three decades and has since been posted for sale on the dark web.
National Public Data initially downplayed the breach, only acknowledging it publicly after significant pressure. In a statement on its website, NPD admitted that it had suffered a "security incident" and urged affected individuals to take preventive measures to protect their identities. Despite the magnitude of the breach, the company has not provided specific details on the number of people affected, leaving millions in the dark about whether their personal information has been compromised.
In Cleveland, investigative teams from a local private investigation firm, who spoke on the condition of anonymity due to security concerns, expressed deep concern over the breach. "The amount of data that is already easily accessible is scary," a representative from the firm told Cleveland 13. "Our team has high clearance to get data on anyone in the United States, and in many cases, it is data that many local government agencies cannot access; but it's out there." The representative further emphasized the potential risks posed by this breach, stating, "With one piece of information such as a license plate number, or sometimes even just a name, we can find out everything on an individual, including date of birth, Social Security numbers, assets, relatives, everything."
Cybersecurity experts have advised individuals to take immediate action if they suspect their information has been compromised. Recommended steps include freezing credit files with the major credit bureaus—Equifax, Experian, and TransUnion—setting up fraud alerts, and monitoring credit reports for any suspicious activity. Additionally, experts urge the public to remain vigilant against phishing scams, which are likely to proliferate in the wake of such a significant data leak.
The breach has also highlighted the need for stronger data security measures across industries that handle sensitive personal information. David Brumley, a professor of electrical and computer engineering at Carnegie Mellon University, warned that as data becomes more centralized, the potential impact of such breaches will only increase. "We are not talking about a startup here," Brumley said, emphasizing the need for higher standards for the custodians of data.
National Public Data has stated that it is cooperating with law enforcement and has implemented additional security measures to prevent future breaches. However, the company’s response has been criticized for being insufficient and delayed, leaving many to wonder how such a significant amount of sensitive information could be exposed without immediate notification to those affected.
As the investigation continues, affected individuals are urged to take proactive steps to secure their personal information. The local private investigation firm in Cleveland added a stark warning: "While it took a lot for us to have the clearance to have access to this data, someone from another firm that doesn't have their systems tightly monitored could easily be vulnerable to an employee or loose cannon person accessing those databases and completely destroying someone's life with nearly no trace of how it was done, and that was prior to this very public breach."
Additional news coverage on this, from other local networks, can be found at the following sources:
Los Angeles Times, "Massive data breach that includes Social Security numbers may be even worse than suspected," Available online.
USA Today, "2.9 billion records, including Social Security numbers, stolen in data hack: What to know," Available online.
TIME, "How to Check if Your Information Was Compromised in the Social Security Number Breach," Available online.
Comentários