Nearly four months after a well-known group of hackers claimed to have stolen a massive amount of confidential personal data from a major data broker, a member of the group released a large portion of the information for free on an online marketplace for stolen data. The breach includes Social Security numbers and other sensitive information, potentially leading to widespread identity theft, fraud, and other crimes, said Teresa Murray, Consumer Watchdog Director of the U.S. Public Interest Research Group.
“If this is practically a complete record of all of us, it’s certainly more alarming,” Murray stated in an interview. “And if people haven’t taken precautions before, which they should have, this should definitely be a wake-up call.”
Massive Data Breach Affected 2.9 Billion People
A class action lawsuit filed in the U.S. District Court in Fort Lauderdale, Florida, revealed that the hacker group USDoD claimed in April to have infiltrated the personal records of 2.9 billion people from National Public Data. This company provides personal information to employers, private investigators, staffing agencies, and others conducting background checks.
According to a cybersecurity expert on X, the group offered to sell the data, which includes records from the U.S., Canada, and the U.K., for $3.5 million. Bloomberg Law was the first to report the lawsuit.
Hackers Offered Databases With Billions of Records
Last week, an alleged U.S. Department of Defense member, identified only as “Felice,” claimed on a hacker forum that they were offering “the complete NPD database,” according to a screenshot shared by BleepingComputer. “The information contains around 2.7 billion records, each including a person’s full name, address, date of birth, Social Security number, phone number, alternate names, and birthdates,” Felice said.
National Public Data did not respond to requests for comment or formally notify individuals about the reported breach. However, in an email response to inquiries, the company stated they are “aware of third-party claims regarding consumer data” and are “investigating these issues.”
Data Broker Purges Entire Database Following Breach
In the same email, National Public Data claimed they had “purged the entire database” of all entries, essentially excluding everyone. They assured that any “non-public personal information” had been removed, although they mentioned that they may still be required to retain certain records to comply with legal obligations.
Several cybersecurity-focused media outlets have reviewed parts of the data provided by Felice and confirmed that it appears to be real information about individuals. If the leaked material is as claimed, the biggest concern is likely to be identity theft.
What to Do if Your Social Security Number Has Been Compromised
The leaked data contains much of the information that banks, insurance companies, and service providers require to open accounts or change passwords for existing ones. However, it seems that some key elements were missing in the hackers’ haul. Most notably, email addresses, which are often used for logging into services, were absent. Also missing were images of driver’s licenses or passports, which are used by some government agencies to verify identities.
If you suspect that your Social Security number or other important identifying information has been compromised by the hackers, experts recommend freezing your credit reports with the three major credit bureaus: Experian, Equifax, and TransUnion. This can be done for free and will prevent criminals from taking out loans, credit cards, or opening financial accounts in your name. Keep in mind that you will need to temporarily lift the freeze if you’re applying for something that requires a credit check.