2.7 billion records leaked in massive US data breach (2024)

close

Video

Companies use artificial intelligence to fight against cyberattacks

Fox News chief political anchor Bret Baier has the latest on the pros and cons of the bombshell developments on "Special Report."

A massive database containing over 2.7 billion records has reportedly ended up on a criminal forum. These records belong to individuals in the U.S. and were allegedly stolen from National Public Data (NPD). While the accuracy of the leaked data could not be verified, the hackers reportedly obtained sensitive information such as names, mailing addresses and Social Security numbers. The scale of this breach is so vast that if you live in the U.S., it's likely that some of your data is included.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

What you need to know

Bleeping Computer reported that the database was posted on the criminal forum Breachforums, where threat actors often post such leaks. What’s interesting is that the stolen database was up for free download. The user who posted it credited a hacker named "SXUL," saying, "There’s a new player in town." Usually, hackers sell leaked databases like this one for huge sums.

The database has been stolen from NPD, which collects data from public sources to compile individual user profiles for people in the U.S. and other countries. NPD then sells this private data to all kinds of organizations, such as background check websites, investigators, app developers and data resellers.

While the database has 2.7 billion records, it’s important to note that this doesn’t necessarily mean 2.7 billion people were impacted. Many of these records are repetitive, and some are incorrect. Still, the breach affects a significant number of people in the States.

This isn’t the first time NPD data has ended up on criminal forums. Bleeping Computer noted that back in April, a hacker known as USDoD claimed to be selling 2.9 billion records with personal data from people in the U.S., U.K. and Canada, which was also stolen from NPD.

2.7 billion records leaked in massive US data breach (3)

NPD data leaked on hacking forum (Bleeping Computer) (Kurt "CyberGuy" Knutsson)

WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM

NPD is facing consequences

NPD, owned by Jerico Pictures, is facing multiple lawsuits for not protecting people’s data. One lawsuit, filed by California resident Christopher Hofmann, says NPD was negligent and breached its fiduciary duties and a third-party contract.

The plaintiff wants the court to order NPD to delete all the personal info it has collected and start encrypting data from now on. They’re also asking for more than just money, like having NPD set up data segmentation, run regular database scans, put in place a threat-management program and get a third party to check its cybersecurity every year for the next 10 years.

We reached out to NPD for a comment but did not hear back before our deadline.

2.7 billion records leaked in massive US data breach (4)

A woman accessing data on computer (Kurt "CyberGuy" Knutsson)

MASSIVE DATA BREACH EXPOSES OVER 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS

It’s time to invest in identity theft protection

Hofmann learned about the data breach through his identity theft protection service, which detected his data in the leaked database. The service notified Hofmann, prompting him to take action and file a lawsuit. Data breaches happen every day, and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. See my tips and best picks on how to protect yourself from identity theft.

4 ways to protect yourself from data breaches

In addition to opting for an identity theft protection service, you can follow these tips to protect yourself from data breaches.

1) Remove your personal information from the internet: While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.They aren’t cheap and neither is your privacy.These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here.

2) Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.

3) Be cautious of phishing attempts: Be vigilant about emails, phone calls or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request.

The best way to protect yourself from clicking malicious links that install malware is to have strong antivirus protection installed on all your devices. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4) Monitor your accounts: Breaches of this magnitude will make it a necessity for you to start routinely reviewing your bank accounts, credit card statements and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company.

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

Kurt’s key takeaway

If the database leak is legit, this is a big security fail on NPD’s part. Since their whole business is based on collecting and selling data, they should have strong encryption and security in place, especially if this isn’t the first time hackers have targeted them. If they’re putting people at risk, they should be held responsible and cover any financial losses people face because of the leak.

How do you feel about companies that collect and sell data? Do you think they should be held accountable for breaches? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com.All rights reserved.

Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

2.7 billion records leaked in massive US data breach (2024)

FAQs

How do I tell if my Social Security number was leaked? ›

There are also search databases like the one from Pentester that lists all the accounts that have been leaked online. Just enter your name, state and birthday to see if your information was leaked. The search is free.

Was every American's Social Security number stolen? ›

The lawsuit says that hackers stole the personal information of 3 billion people, including every existing Social Security numbers, from background check company National Public Data (NPD). If true, this would mean every American is at risk of having their identity stolen.

What to do about the SSN leak? ›

If someone has misused your Social Security number or other personal information to create credit or other problems for you, Social Security can't resolve these problems. But there are several things you should do. (over) Visit IdentityTheft.gov to report identity theft and get a recovery plan.

What to do if your data is leaked? ›

Simple measures, like freezing your credit, can reduce your exposure for these types of crimes of opportunity. That can prevent bad actors from using your Social Security number to take out loans or open new credit cards.

Can you change your Social Security number if it gets leaked? ›

There are only five situations where you can apply for a new Social Security number, including: Ongoing financial and identity fraud due to identity theft. Unfortunately, just being the victim of any of the types of identity theft isn't enough.

How do I check to see if someone is using my Social Security number to file taxes? ›

Contact the Internal Revenue Service (IRS) at 1-800-908-4490 or visit them online, if you believe someone is using your SSN to work, get your tax refund, or other abuses involving taxes. Order free credit reports annually from the three major credit bureaus (Equifax, Experian, and TransUnion).

What is the most misused SSN? ›

The most misused SSN of all time was (078-05-1120). In 1938, wallet manufacturer the E. H. Ferree company in Lockport, New York decided to promote its product by showing how a Social Security card would fit into its wallets. A sample card, used for display purposes, was inserted in each wallet.

What number will never be the first number of a Social Security number? ›

SSA will not issue SSNs beginning with the number “666” in positions 1 – 3. SSA will not issue SSNs beginning with the number “000” in positions 1 – 3. SSA will not issue SSNs with the number “00” in positions 4 – 5.

What number was the first Social Security number? ›

This particular record, (055-09-0001) belonged to John D. Sweeney, Jr., age 23, of New Rochelle, New York. The next day, newspapers around the country announced that Sweeney had been issued the first SSN.

Can two people have the same Social Security number? ›

We can assign a different number only if: Sequential numbers assigned to members of the same family are causing problems. More than one person is assigned or using the same number.

How do I check if someone is using my identity for free? ›

Here are six simple ways to check for identity theft:
  1. Review your credit reports.
  2. Check your bank statements.
  3. Pay attention to strange mail.
  4. Stay on top of your tax returns.
  5. Check your medical statements.
  6. Review your Social Security statements.
Jun 3, 2024

Can I lock my Social Security number? ›

There are measures you can take to help prevent further unauthorized use of your SSN and other personal information. You can lock your SSN by calling the Social Security Administration or by creating an E-Verify account. Also, you can contact all three of the nationwide CRAs to place a freeze on your credit reports.

How do I check if my SSN has been leaked? ›

Cybersecurity firm Pentester said it got the data and created a tool you can use to see if your information is in the breach – it shows names, addresses, address histories, and social security numbers. You will find it at npd.pentester.com.

Can I sue if my data is leaked? ›

Under data protection law, you are entitled to take your case to court to: enforce your rights under data protection law if you believe they have been breached. claim compensation for any damage caused by any organisation if they have broken data protection law, including any distress you may have suffered, or.

How do you know if your personal data has been leaked? ›

Monitor your credit card or bank account statements for expenses you've never made. Check for suspicious logins into your accounts and activate notifications for them if the service you use provides them.

How do I know if my number is leaked? ›

How To Check If My Phone Number Is Leaked. Go to ID Protection Data Leak Checker and find out if your phone number appeared in any data leaks.

How do you know if your identity has been leaked? ›

Here are six simple ways to check for identity theft:
  1. Review your credit reports.
  2. Check your bank statements.
  3. Pay attention to strange mail.
  4. Stay on top of your tax returns.
  5. Check your medical statements.
  6. Review your Social Security statements.
Jun 3, 2024

How do I know if my SSN is mine? ›

Access the E-Verify website.

As an individual, if you are over 16 years old, you may wish to check your own SSN to verify that a prospective employer will not have a problem if you apply for a job. The self-check begins at https://www.e-verify.gov/employees/mye-verify.

What happens if you expose your Social Security number? ›

An organization's collection and use of SSNs can increase the risk of identity theft and fraud. Each time an individual divulges his or her SSN, the potential for a thief to illegitimately gain access to bank accounts, credit cards, driving records, tax and employment histories and other private information increases.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Dr. Pierre Goyette

Last Updated:

Views: 6045

Rating: 5 / 5 (50 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Dr. Pierre Goyette

Birthday: 1998-01-29

Address: Apt. 611 3357 Yong Plain, West Audra, IL 70053

Phone: +5819954278378

Job: Construction Director

Hobby: Embroidery, Creative writing, Shopping, Driving, Stand-up comedy, Coffee roasting, Scrapbooking

Introduction: My name is Dr. Pierre Goyette, I am a enchanting, powerful, jolly, rich, graceful, colorful, zany person who loves writing and wants to share my knowledge and understanding with you.