TLDR:
- Florida data broker, National Public Data, confirms it was ransacked, leading to the leak of billions of personal records.
- Cyber-criminals stole names, addresses, Social Security numbers, and more from US, UK, and Canadian citizens, which is now available on the dark web for fraud.
After an online handle USDoD advertised the sale of 2.9 billion records, National Public Data (NPD) was revealed as the source of the stolen data. The leaked information includes names, phone numbers, Social Security numbers, address histories, and details of parents and relatives. The stolen information was offered for sale by USDoD, with some of it ultimately being dumped online by a user named Fenice.
NPD has recently confirmed the breach, stating that the incident occurred in December, with leaks starting in April and continuing through the summer. The compromised data contains sensitive personal information such as name, email address, phone number, social security number, and mailing address.
Security researcher Troy Hunt has analyzed the leaked data, pointing out the presence of criminal records and warning individuals to be cautious of potential phishing attempts based on this information. Hunt also noted that services offering data opt-outs were effective in preventing leaked records.
NPD is cooperating with law enforcement and implementing additional security measures to prevent future breaches. The disclosure serves as a reminder of the risks associated with using personal information for identification purposes.