Massive National Data Breach Exposes 2.9 Billion People
After the massive data breaches that hit AT&T and Ticketmaster this year, another cyberattack in the news this week has compromised the identities of billions more.
National Public Data, a background check company owned by Jericho Pictures, is believed to be the victim of a cyber attack by cybercrime group USDoD, Bloomberg Law reported.
The attack reportedly compromised the personal data of 2.9 billion people. According to a new lawsuit filed in Florida Southern District Court, the personal data the attackers obtained included full names, current and past addresses — dating back decades — and Social Security numbers.
While the details of the data breach are still unclear, the trove of data was put up for sale on the dark web in April for $3.5 million, the complaint said.
According to the lawsuit, National Public Data has yet to notify victims of the breach that their data was compromised. Plaintiff was only made aware of the breach on July 24th thanks to a notification from its identity theft protection service.
National Public Data and Jericho Pictures did not immediately respond to CNET’s requests for comment.
Data breaches are popping up more frequently. According to the Identity Theft Resource Center, there were more than 1,500 data breaches in the first half of 2024, affecting nearly 1 billion people. If you are concerned about this latest data breach or simply want to protect your personal data, there are steps you can take.
How to protect your Identity after a data breach
Just because your data was compromised in a data breach doesn’t mean your identity will be stolen. However, bad actors will have more complete profiles of you if you are eventually targeted.
Fortunately, there’s a lot you can do to protect your identity if your data is compromised.
Change your password
If you receive notice that your data has been compromised in a breach, your first step is to change your password for the affected account to prevent any unauthorized access. If you use the same password for other accounts, it’s a good idea to update them as well.
A good rule of thumb is to use a unique password for each online account. If you’re finding it difficult to manage, try keeping your passwords safe with a password manager.
Watch out for phishing and smishing attempts
Beware of attempts by cyber criminals to extract personal data from you. With so much information about us online and on social media, cybercriminals have become clever to devise effective fraud schemes to dupe victims.
It is important that you do not click on random links on your phone or email, which may download malicious software onto your devices.
Also, do not give out your financial account information or Social Security number to anyone, as this could lead to unauthorized access to your bank accounts or identity theft.
Sign up for identity theft protection
If you’re really worried about your identity being stolen, it might be worth signing up for identity theft protection. Individual coverage ranges from $7 to $15 per month. Family plans are also available.
Services like Aura, CNET’s top pick for identity theft protection, scan your personal data on the dark web and monitor your credit and bank account activity. If your identity is stolen, the top identity theft protection companies will help restore your identity and provide insurance to cover the stolen funds and necessary expenses.
What happened in the National Public Data cyberattack?
A cybercrime group, USDoD, reportedly attacked National Public Data, compromising the personal information of 2.9 billion people. The breach included sensitive data such as full names, addresses, and Social Security numbers.
Who is National Public Data?
National Public Data is a background check company owned by Jericho Pictures. They provide background information for various purposes, which made them a target for cybercriminals due to the sensitive nature of the data they hold.
How did the breach become public knowledge?
The breach was reported in a lawsuit filed in the Florida Southern District Court. Victims were reportedly not notified by National Public Data but became aware of the breach through identity theft protection services.