In a shocking revelation, NationalPublicData.com, a Florida-based consumer data broker, has suffered a massive data breach that may be even worse than initially suspected. The breach, which was publicly acknowledged on August 12, 2024, has exposed sensitive information of millions of Americans.

Who is the National Public Data center? Also known as NationalPublicData.com, this data broker company collects and sells information from public data sources. This includes criminal records, addresses, and employment history, primarily for background checks.

Sound invasive? It makes more sense than you think. Businesses, employers, private investigators and even the government use this information to perform background checks, prevent fraud, screen individuals and even investigate legal concerns.

You can just imagine what kind of data is kept there…from your Social Security Number to your home address, if someone needs information on you, NationalPublicData.com is where to find it.

National Public Data has stated that the breach involved a third-party bad actor who attempted to hack into their data in late December 2023, with potential leaks occurring in April and summer 2024.

The company has cooperated with law enforcement and governmental investigators and is reviewing the affected records to notify impacted individuals.

The breach was first discovered in April 2024 when a cybercriminal known as “USDoD” posted on Breachforums, claiming to have stolen 4 terabytes of data from NationalPublicData.com. This data included 2.9B rows of records containing names, addresses, phone numbers, and Social Security Numbers (SSNs) of millions of individuals. The hacker initially attempted to sell the data for $3.5M.

The breach has affected a vast number of people, with 137M unique email addresses identified in the leaked data; however, it is important to note that not all records containing SSNs included email addresses. The leaked data also comprises 70M rows from a database of U.S. criminal records.

If your records are one of the nearly 3 billion affected by this breach, it’s crucial to take immediate steps to protect your personal information.

First, put a security freeze on your credit reports. A security freeze, also known as a credit freeze, restricts access to your credit report, making it harder for identity thieves to open new accounts in your name. Contact each of the three major credit bureaus (Equifax, Experian, and TransUnion) to place a freeze on your credit report. This step is free and can be done online, by phone, or by mail. Remember, you can temporarily lift the freeze if you need to apply for credit! Be sure to monitor your credit activity and reports always, not just after a massive and public breach like this one.

Then, change all of your passwords and reset them again every two to three months. Yes, we’re serious! Change the passwords for all your online accounts immediately. Use unique and complex passwords for each different account, combining letters, numbers, and special characters and avoiding references to anything that could be found on your social profiles, like your first pet’s name or the street where you grew up.

Consider a password manager to keep track of your passwords securely, as they can also generate new credentials and auto-fill them on secure sites. Then make it a habit to reset your passwords every three months to enhance your security further!

Next, enable multi-factor authentication on ALL of your online accounts. Two-factor authentication (2FA) and multi-factor authentication (MFA) add an extra layer of security to your online accounts by requiring an additional form of verification, such as a code sent to your phone, on top of entering your password. Enable MFA on all accounts that offer this feature, including email, banking, and social media accounts; because doing so will significantly reduce the risk of unauthorized access to these accounts!

Finally, call your cell phone company and ask them to set up SIM swap or port-out fraud prevention. These measures will help protect your phone number from being hijacked by cybercriminals, who could use it to gain access to your accounts by side-stepping your MFA protections. Your provider can add an extra layer of security, such as requiring a PIN or password before making changes to your account.

By taking these steps, you can better safeguard your personal information and reduce the risk of identity theft. Stay vigilant and proactive in monitoring your accounts and credit reports for any suspicious activity.

The breach on National Public Data highlights the importance of robust cybersecurity measures and the need for companies to safeguard consumer data more effectively.

This incident serves as a stark reminder of the growing threat of cybercrime and the far-reaching consequences of data breaches. Be vigilant for any signs of identity theft, stay informed, and take proactive steps to protect your personal information.