A massive database containing over 2.7 billion records has reportedly ended up on a criminal forum. These records belong to individuals in the U.S. and were allegedly stolen from National Public Data (NPD). While the accuracy of the leaked data could not be verified, the hackers reportedly obtained sensitive information such as names, mailing addresses and Social Security numbers. The scale of this breach is so vast that if you live in the U.S., it's likely that some of your data is included.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

2.7 billion records leaked in massive US data breach

Illustration of hacker at work (Kurt "CyberGuy" Knutsson)

What you need to know

Bleeping Computer reported that the database was posted on the criminal forum Breachforums, where threat actors often post such leaks. What’s interesting is that the stolen database was up for free download. The user who posted it credited a hacker named "SXUL," saying, "There’s a new player in town." Usually, hackers sell leaked databases like this one for huge sums.

The database has been stolen from NPD, which collects data from public sources to compile individual user profiles for people in the U.S. and other countries. NPD then sells this private data to all kinds of organizations, such as background check websites, investigators, app developers and data resellers.

While the database has 2.7 billion records, it’s important to note that this doesn’t necessarily mean 2.7 billion people were impacted. Many of these records are repetitive, and some are incorrect. Still, the breach affects a significant number of people in the States.

This isn’t the first time NPD data has ended up on criminal forums. Bleeping Computer noted that back in April, a hacker known as USDoD claimed to be selling 2.9 billion records with personal data from people in the U.S., U.K. and Canada, which was also stolen from NPD.

2.7 billion records leaked in massive US data breach

NPD data leaked on hacking forum (Bleeping Computer) (Kurt "CyberGuy" Knutsson)

WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM

NPD is facing consequences

NPD, owned by Jerico Pictures, is facing multiple lawsuits for not protecting people’s data. One lawsuit, filed by California resident Christopher Hofmann, says NPD was negligent and breached its fiduciary duties and a third-party contract.

The plaintiff wants the court to order NPD to delete all the personal info it has collected and start encrypting data from now on. They’re also asking for more than just money, like having NPD set up data segmentation, run regular database scans, put in place a threat-management program and get a third party to check its cybersecurity every year for the next 10 years.

We reached out to NPD for a comment but did not hear back before our deadline.

2.7 billion records leaked in massive US data breach

A woman accessing data on computer (Kurt "CyberGuy" Knutsson)

MASSIVE DATA BREACH EXPOSES OVER 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS

It’s time to invest in identity theft protection

Hofmann learned about the data breach through his identity theft protection service, which detected his data in the leaked database. The service notified Hofmann, prompting him to take action and file a lawsuit. Data breaches happen every day, and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. See my tips and best picks on how to protect yourself from identity theft.

4 ways to protect yourself from data breaches

In addition to opting for an identity theft protection service, you can follow these tips to protect yourself from data breaches.

1) Remove your personal information from the internet: While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here.

2) Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.

3) Be cautious of phishing attempts: Be vigilant about emails, phone calls or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request.

The best way to protect yourself from clicking malicious links that install malware is to have strong antivirus protection installed on all your devices. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4) Monitor your accounts: Breaches of this magnitude will make it a necessity for you to start routinely reviewing your bank accounts, credit card statements and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company.

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

Kurt’s key takeaway

If the database leak is legit, this is a big security fail on NPD’s part. Since their whole business is based on collecting and selling data, they should have strong encryption and security in place, especially if this isn’t the first time hackers have targeted them. If they’re putting people at risk, they should be held responsible and cover any financial losses people face because of the leak.

How do you feel about companies that collect and sell data? Do you think they should be held accountable for breaches? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.