The National Public Data breach in April compromised the personal information of nearly 3 billion people. Here’s what you need to know.
What happened?
National Public Data, a consumer data broker, confirmed in September that a hacker had compromised the personal records of millions of individuals. The data breach includes the names, emails, addresses, phone numbers and even Social Security numbers of up to 2.9 billion people.
The incident is believed to have started in December 2023 when a third-party bad actor attempted to gain access. In April, a cybercriminal named “USDoD” posted the stolen data online in a popular criminal community. On August 6, the stolen dataset resurfaced. This time they posted it for free to several breach forums for anyone to access and download.
The sensitive personally identifiable information released included names, addresses, phone numbers, email addresses and Social Security numbers for millions of people. The data also contained previous addresses and, in some instances, alternate names.
Could you be affected even if you’ve never heard of National Public Data or purchased data from them?
Yes! Just because you haven’t interacted with them doesn’t mean other organizations, businesses, landlords, etc., haven’t leveraged their resources to dig up information on you. In fact, one of our Invario team members was directly impacted. Their credit monitoring bureau CreditWise alerted them in September that their entire SSN, plus several previous addresses, had been compromised. Therefore, leaving them open to identity theft and phishing.
Is this breach dangerous if the information compromised is already available with a quick Google search?
As the investigation continues, many cyber experts are finding that some of the data released was inaccurate. Also, aside from the Social Security number breach, much of the information is already public and easy to find online.
However, even if it’s only a partial SSN or address that was compromised, there are several reasons to be concerned. Having all this critical information in one place makes it easy for criminals to apply for credit cards, loans or new bank accounts.
Plus, items like childhood street names or the last four digits of your SSN, are often answers to security questions. These can help hackers bypass authentication and access your private accounts.
Some cyber experts are suggesting watching for a surge in phishing and smishing (phishing over SMS) attacks as well.
What should you do to protect yourself?
Step 1: Be on the lookout for alerts from your credit card company or credit monitoring services. If you think you have been the victim of a social security number breach, take action immediately.
Step 2: Request a copy of your credit report and then freeze your credit. One of the best ways to protect your identity is to freeze your credit and set up alerts. This prevents criminals from opening up new lines of credit in your name. To do this, contact all three major credit bureaus – Equifax, TransUnion and Experian – and request a freeze.
The process is free and should take you less than 10 minutes per site to complete. If there are others in your house over the age of 18, it’s a good idea to freeze their credit too. Anyone with a Social Security number is vulnerable following a breach of this size.
Once you have a copy of your free credit report, review it for anything that you didn’t authorize. Don’t forget to set up alerts and review your credit regularly. Visit StaySafeOnline.org if you need more details.
Step 3: Watch out for phishing scams. As mentioned, many cybercriminals will try to leverage this information. They’ll use it to scam you through phone calls, text messages, e-mails and even social media sites. Be cautious!
What should you do to protect your business?
A breach is devastating for everyone involved – the business hacked and the customers or employees whose data is leaked. As a business owner, it is your responsibility to make sure you are taking the highest precautions to protect your business and its data. If you want to do a full assessment and find out if any of your information has been leaked or if your network is vulnerable to a breach, we’ll do a FREE Security Risk Assessment. This deep dive into your network will provide you with a blueprint for security steps to take. To book yours, call our office at 703-528-0101 or click here.