Skip to content
TRAC-Logo
 

Frustration-Free Risk Management

Simplify cybersecurity risk management and tackle your cybersecurity challenges with ease. TRAC automates the tedious risk assessment process and produces customized results that align with regulations, best practices, and your strategic goals.

Blog_HeaderGradients-10
Kelley HesseAugust 23, 20243 min read

National Public Data Breach: A Comprehensive Overview

National Public Data Breach: A Comprehensive Overview
4:31

In August 2024, National Public Data (NPD), a consumer data broker, experienced a significant data breach that exposed the personal information of hundreds of millions of Americans. The information that was breached included Social Security Numbers, addresses, and phone numbers. The incident was ultimately traced back to a security lapse in December 2023, which allowed cybercriminals to access and sell the stolen data.

The breach was further complicated when another NPD data broker inadvertently published the passwords to its back-end database in a file that was freely available on its homepage. This file, named "members.zip" contained plain text usernames and passwords for different components of the site, leading to further exposure of sensitive information.

In April 2024, a cybercriminal named USDoD began selling the stolen data, which included names, addresses, phone numbers, and Social Security Numbers for more than 272 million people. By July 2024, the data had been leaked online, causing widespread concern and prompting NPD to acknowledge the breach on August 12, 2024.

The exposed archive indicated that many users did not change their initially assigned six-character passwords, further exacerbating the security risks. The source code of the affected website, recordscheck.net, was created by a web development firm based in Lahore, Pakistan.

NPD's founder, Salvatore "Sal" Verini, confirmed that the exposed archive had been removed from the company's website and stated that the site was slated to cease operations soon. 

Unfortunately, this is just one of many data breaches that have occurred in 2024. The breaches, especially ones of this impact and magnitude, serve as a critical reminder of the need for robust cybersecurity measures and the importance of regularly updating and securing passwords.

 

How to Move Forward

After a vast data breach like this, you may find yourself in a position where your personal information has been compromised. That can be an extremely scary position to be in, but there are some things you can do to prevent and mitigate impact.

Here are some steps you can take to protect yourself:

  1. Monitor Your Accounts and Credit Reports: This tip is something that you should be doing routinely, but now is more important than ever. Regularly check your bank and credit card statements for any unauthorized transactions, and be sure to report any suspicious activity immediately. When monitoring your credit reports, be sure to look for any fraudulent activity. You are entitled to a free credit report from each of the major credit bureaus once a year.
  2. Change Your Passwords: Sometimes, it comes back to the basics, which includes password hygiene. Update your passwords for all online accounts, especially those that share the same password as the breached account. When changing your password, keep in mind that it’s important to use strong, unique passwords for each account. If you’re having trouble creating a strong password, a password manager solution can be a great help.
  3. Enable Two-Factor Authentication: Enabling two-factor authentication (2FA) adds an extra layer of security to your accounts. It prevents an intruder who may have stolen your credentials from accessing your data without first sending you a notification and allowing the intruder access to your data.
  4. Freeze Your Credit: Consider placing a credit freeze on your files with the major credit bureaus (Equifax, Experian, and TransUnion) to prevent new accounts from being opened in your name. You should be sure to freeze them with all three Credit Bureaus, and you can do so by phone, mail, or online. You can find links to place a credit freeze at the end of this article.
  5. Report Identity Theft: If you believe you are a victim of identity theft, report it to the Federal Trade Commission (FTC) at IdentityTheft.gov and follow their recommended steps.
  6. Stay Informed: Keep an eye on news, updates, and articles like this one, to be updated with information related to the breach. Companies often provide information and resources to affected individuals.

 

Credit Freeze Links:
Equifax: https://www.equifax.com/personal/credit-report-services/credit-freeze/
Experian: https://www.experian.com/freeze/center.html
TransUnion: https://www.transunion.com/credit-freeze 


avatar

Kelley Hesse

Kelley Hesse is an Information Security Consultant at SBS CyberSecurity (SBS). She is also an instructor for the SBS Institute, leading the Certified Banking Incident Handler (CBIH) course. Kelley joined the SBS team in 2018, holding a network security role before transitioning into consulting. She specializes in the development and management of Information Security Programs and network security testing. Kelley is also an SBS blog author and regularly hosts cybersecurity webinars and security awareness training.

RELATED ARTICLES