Several months after a hacking group claimed to be selling nearly 3 billion records stolen from a major data broker, significant portions of this information have been leaked on a hacking forum. According to Bleeping Computer, the breach involves 2.7 billion records containing personal details of individuals in the United States, including names, Social Security numbers, potential aliases, and all known physical addresses.
The compromised data is believed to have been obtained from National Public Data, a company that assembles profiles by scraping public sources and sells this information for background checks and criminal record investigations. National Public Data is currently facing a proposed class-action lawsuit over this breach.
In April, the hacking collective USDoD attempted to sell 2.9 billion records, claiming they were stolen from National Public Data and contained personal data from the US, UK, and Canada. The group sought $3.5 million for the entire 4TB database. Since then, various portions of the data have been leaked by different entities.
The latest and most comprehensive data dump consists of two text files totaling 277GB, containing nearly 2.7 billion plaintext records. This version of the data does not include phone numbers and email addresses, which were part of previous leaks. Therefore, checking for your information through services like Have I Been Pwned may not be effective for this particular breach.
The leaked data includes multiple records for many individuals, with separate entries for each address they have lived at. While it is difficult for any independent organization to confirm whether the leak encompasses records for every person in the US, Bleeping Computer suggests that the breach likely includes information on most residents.
Several individuals have confirmed that the information in the leak, including details about their family members and deceased relatives, is accurate. However, some Social Security numbers were found to be associated with incorrect individuals. The data may also be outdated, as it does not include current addresses, potentially indicating that it was taken from an old backup.
Protecting Yourself from the Breach
Given the scale of this data breach, it is crucial to take proactive steps to mitigate potential negative consequences, such as fraud and identity theft:
- Monitor Credit Reports: Regularly check your credit reports for any signs of fraudulent activity. Report any discrepancies to the credit bureaus—Experian, Equifax, and TransUnion. Consider requesting a credit freeze to prevent unauthorized access to your credit files.
- Be Cautious with Scammers: Remain vigilant against phishing attempts and fraudulent communications that may try to access your personal accounts. Avoid sharing sensitive information through insecure channels.
- Utilize Identity Protection Services: Consider subscribing to identity fraud protection services to monitor and protect against identity theft. Note that these services often come with a fee.
- Strengthen Security Measures: Use two-factor authentication (preferably through an authenticator app rather than SMS) to secure your online accounts. Employ a reputable password manager, avoid reusing login credentials across different platforms, and regularly update passwords for sensitive accounts.
Taking these precautions can help safeguard your personal information and mitigate the risks associated with this extensive data breach.
