In April 2024, a known threat actor calling themselves USDoD claimed to possess and sell approximately 2.9 billion records from National Public Data, which included individuals’ personal data from people in the US, UK, and Canada.
What is the NPD?
NPD stands for National Public Data, a company that, according to their website, “is a public records data provider specializing in background checks and fraud prevention. We obtain information from various public record databases, court records, state and national databases, and other repositories nationwide.” Reports indicate that the company had amassed records totaling around 2.9 billion, though this does not seem to represent individual people. This information is thought to include first names, last names, addresses, years of address history, and social security numbers.
What Happened?
In April of this year, a known threat actor calling themselves USDoD claimed to possess and sell approximately 2.9 billion records of individuals’ personal data from people in the US, UK, and Canada. Reports suggest that USDoD somehow obtained the data from NPD. The situation became more interesting when USDoD allegedly put the data for sale on the dark web for $3.5 million. However, reports from Zdnet and Bleeping Computer state that another threat actor called Fenice swiped the data from USDoD and released it for free in August of this year.
According to Bleeping Computer:
The data breach has led to multiple class action lawsuits against Jerico Pictures, which is believed to be doing business as National Public Data, for not adequately protecting people’s data. If you live in the US, this data breach has likely leaked some of your personal information.
What Do You Need to Do?
Here are a few tips to help you out:
References:
[hxxps://www[.]bleepingcomputer[.]com/news/security/hackers-leak-27-billion-data-records-with-social-security-numbers/]
[hxxps://www[.]zdnet.com/article/was-your-social-security-number-leaked-to-the-dark-web-heres-how-to-know-and-what-to-do/#ftag=RSSbaffb68]