August 20, 2024 |
Photo – National Public Data logo – Courtesy npd/pentester.com
In a national story that could affect you, here in Wyoming, a class-action lawsuit filed August 1 in U.S. District Court in Florida reveals that the social security numbers and other personal information of millions of Americans were exposed in April of this year.
Behind the hacking theft is a nefarious group that gained access to records from a national background check service called NPD, or National Public Data. The company’s name is actually a misnomer. The data that NPD collects and stores is private, not public, information.
In a statement on Friday, NPD warned that the “the information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es).”
It recommended the public to take a number of steps to safeguard their identities, including freezing their credit and putting fraud alerts on their files at big credit bureaus.
The breach only came to light after a lawsuit was filed.
National Public Data did not share how many people were at risk, but hackers, who have been identified as part of the hacking group USDoD, have been offering, for sale, what they claimed were billions of NPD records since April. The Washington Post reported that “security researchers who looked at the trove said some of the claims were exaggerated.”
In other words, nobody knows for sure.
NPD has not notified specific people whose data has been compromised. In their statement, they say they are working with law enforcement to review affected records and “will try to notify you if there are further significant developments applicable to you.”
National Public Data is a company that collects and sells access to your personal data for use in background checks, to obtain criminal records and for private investigators. NPD is believed to scrape the information from public sources and compile individual American’s data.
In April, a threat actor, on a popular breach forum, offered up for sale the database breach and requested $3,500,000.
The team at Pentester.com was able to get a hold of this data and analyze the content. The company created an online tool to check if your name is in the breach. The company masks sensitive information to prevent abuse. If your name is included, your information was acquired in the breach.
The web site to check your name against the lists of names captured in the NPD breach this year is pentester.com
Be advised. After every major data breach, a swarm of phishing attempts by threat actors soon follows. These bad actors try to use this information to be more convincing and trick you into providing additional sensitive information. Stay vigilant with and never reveal personal or financial data including usernames, passwords, PINs, memorable phrases or ID numbers.
