National Public Data has finally confirmed a massive data breach, in which millions of sensitive personal details were stolen and subsequently made public.
The leaked information includes names, social security numbers, email addresses, home addresses and phone numbers of individuals living in the US, Canada and the UK.
An estimated 2.9 billion records are circulating on the dark web as of April 2024, underscoring the size and scope of the background check breach.
Nearly three billion personal details leaked
National Public Data, which collects public data at various levels of government, confirmed the breach occurred in December 2023 and that further breaches followed in April 2024.
In a statement (via The register), the company confirmed: “We conducted an investigation and information came to light.”
The data, which spans more than 30 years and includes address histories and family relationships, was stolen by a hacker using the alias SXUL. The data was later passed on to another cybercriminal known as USDoD to sell, and was initially listed for $3.5 million.
Last week, a cybercriminal going by the name Fenice released 2.7 billion documents from the collection for free.
The breach has resulted in a class-action lawsuit, with the leaked data still posing significant risks for identity theft and fraud. Individuals affected by the breach are advised to monitor their financial accounts for suspicious activity and to be wary of potential phishing attempts that exploit the leaked information.
Troy Hunt, known for the infringement reporting website HaveIBeenPwned.comstressed that the leak includes 134 million unique email addresses and 272 million BSNs, with an average age of 70 years for those affected.
While some information may be out of date, the scale of the breach underscores the need for robust security measures in an increasingly digitally connected world.