DATA BREACH

Severe Data Breach

Your Social Security number and other personal data may already be in the hands of cybercriminals. Immediate action is required to freeze your credit at all three major credit bureaus. Unlike previous breaches, this one involves highly sensitive data, including full Social Security numbers.

August 21, 2024 - In one of the largest data breaches in recent history, National Public Data (NPD), a Florida-based data aggregation company, has confirmed that a staggering 2.9 billion records containing sensitive personal information have been compromised. The data, which includes names, addresses, Social Security numbers, and email addresses, has reportedly been posted on a criminal forum, raising alarm across the United States.


In this article (Skip to...)


What You Should Do Now

Check to see if your data has been compromised. Cybersecurity firm Pentester has created a tool available at https://npd.pentester.com that allows you to check if your information was included in the breach. Be sure to check each state you've lived in and any variations of your name you've used.

If your information has been compromised, or if you want to ensure your security, immediately freeze your credit with all three bureaus. The process takes about 15 minutes and is free. If your information has been leaked, this credit freeze should remain in place until you are actively applying for credit. You can unfreeze and refreeze your credit as needed.

Unfortunately, once your information is out there, it's likely to remain accessible. Cybercriminals have already been selling this data for at least a month. There's no way to know who has access to it now.

This information could allow criminals to take out loans, credit cards, and open accounts in your name. They can even obtain IDs pretending to be you. This breach has the potential to be one of the most damaging we've ever seen. Act today to protect yourself and tell others.



Freeze Your Credit

How to Freeze Your Credit

Freezing your credit is quick and easy. Each bureau will require you to create a free account and answer some identifying questions. Once your account is created, you should be directed to a page where you can freeze your credit. Don't log out until you receive confirmation that your credit is frozen.

You should see something like this once your account is frozen:


Why Its Urgent

The compromised records, dating back at least three decades, are believed to include information on nearly every American. If you live in the U.S., it's highly likely that some of your data has been exposed.

According to cybersecurity reports, the stolen data was posted on Breachforums, a notorious criminal forum known for hosting and trading illegally obtained information. Making matters far worse, the database, which was originally listed for sale at $3.5 million, was made available for free download. It appears, a different hacker, hacked the original hacker and made the data even more widely available to bad actors on the dark web. A forum user credited a hacker named "SXUL" for the breach, ominously declaring, "There's a new player in town."

The records reportedly contain highly sensitive information, including Social Security numbers, mailing addresses, email addresses, phone numbers, and other personal details. Such data is invaluable to cybercriminals, who can use it for identity theft, financial fraud, and other malicious activities.

NPD, which specializes in aggregating public data to create detailed user profiles, typically sells this information to a wide range of clients, including background check companies, investigators, app developers, and data resellers.


How it Happened

The exact method by which the breach occurred is still under investigation, but early reports suggest that the hackers exploited significant security flaws within NPD's network. A report from KrebsOnSecurity revealed that an NPD-affiliated site, RecordsCheck.net, inadvertently hosted an easily accessible plaintext archive (No encryption or other measures to hide the sensitive data) containing usernames and passwords, including those of NPD's founder, Salvatore Verini.

This archive, which included a file named "members.zip," was available for download until recently, allowing anyone with access to the file to log into RecordsCheck and view the same data that was compromised at NPD. The fact that such critical information was stored in an unencrypted, publicly accessible format has sparked outrage and raised serious questions about the company's cybersecurity practices.

Verini, when confronted with these findings, claimed that the file was from an old version of the site and contained non-working code and passwords. However, the damage had already been done, as the exposure of this file likely provided the attackers with the credentials needed to access NPD's broader database.

Other Steps to Take

For anyone whose information was compromised in the breach, the primary concern is protecting themselves from potential identity theft and financial fraud. Cybersecurity experts recommend that affected individuals take several precautions, including:

  • Freezing Your Credit: As discussed above, its critical that you place a credit freeze with the major credit bureaus to prevent anyone from opening new accounts in your name.
  • Monitoring Your Credit: Open a FREE account at https://creditKarma.com where you can check your credit for free on a regular basis to check for unauthorized activity.
  • Using Identity Theft Protection Services: Some companies (usually not free) offer services that can help monitor your personal information and alert you to potential misuse.
  • Being Cautious of Phishing Attempts: Be extra vigilant about unsolicited emails, phone calls, or text messages that ask for personal information. Scammers may attempt to use the leaked data to target you directly.

More Details of the Breach

The leak purports to provide much of the information that banks, insurance companies and service providers seek when creating accounts — and when granting a request to change the password on an existing account.

National Public Data, a Florida-based company that aggregates data to create background checks, confirmed it was hacked earlier this year, with Social Security numbers among the information that was compromised.

The Coral Springs company posted a notice to its website that says "there appears to a have been a data security incident that may have involved some of your personal information. The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024."

News of the breach initially came from a class action lawsuit filed in U.S. District Court in Fort Lauderdale, according to USA TODAY. Law firm of Schubert, Jonckheer & Kolbe, which filed the suit, claims that 2.9 billion records were stolen from NPD and alleges that the company did not adequately protect the information.

According to the suit, cybercriminal group USDoD accessed the network of National Public Data (also known as Jerico Pictures Inc., of Coral Springs, Florida) and stole unencrypted personal information. Around April 8 of this year, the group posted the database on the dark web, claiming it contained information on about 2.9 billion people and putting it up for sale at $3.5 million.


PreApproval

Its not just a good thing to have, its a must have in today's market.

Why not get started today?

Get Started

Need funds for closing?

Pennsylvania has an excellent downpayment assistance program. If you haven't owned a home in the past 3 yrs or are buying in a target area, you may qualify.

Get more info here....

Funds4Homes.com