A large database holding over 2.7 billion entries allegedly wound up on a criminal website.

These documents belong to people in the United States and were reportedly stolen from the National Public Data (NPD). While the authenticity of the disclosed data could not be confirmed, the hackers allegedly obtained sensitive information such as names, mailing addresses, and Social Security numbers. This breach is so large that if you live in the United States, it’s possible that part of your information was compromised.

What You Need to Know
Bleeping Computer said that the database was posted on the criminal forum Breachforums, where threat actors frequently post such dumps. What’s interesting is that the stolen database was available for free download. The individual who shared it credited a hacker named “SXUL,” stating, “There’s a new player in town.” Typically, hackers sell leaked datasets like this one for exorbitant prices.

READ MORE: Not Just Taylor Swift—Hackers Claims These Tours Are At Risk In Ticketmaster Breach

The database was taken from NPD, which gathers information from public sources to create individual user profiles for people in the United States and other nations. NPD then sells this sensitive information to a wide range of entities, including background check websites, investigators, app developers, and data resellers.

While the database contains 2.7 billion records, this does not necessarily imply that 2.7 billion persons were affected. Many of these records are duplicates, and others are inaccurate. Still, the breach impacts a large number of people in the United States.

This is not the first time NPD data has appeared on criminal forums. Bleeping Computer reported that in April, a hacker known as USDoD claimed to be selling 2.9 billion records containing personal information from persons in the United States, the United Kingdom, and Canada, which had also been stolen from NPD.

READ MORE: The Mystery Surrounding An Alleged Data Breach By A Data Broker

NPD is experiencing penalties.
NPD, owned by Jerico Pictures, is facing various lawsuits for failing to protect people’s data. One complaint, brought by California resident Christopher Hofmann, claims that NPD was negligent and violated its fiduciary duties and a third-party contract.

The plaintiff wants the court to force NPD to destroy all of the personal information it has gathered and begin encrypting data immediately. They’re also asking for more than just money, such as having NPD set up data segregation, run frequent database scans, implement a threat-management program, and have a third party audit its cybersecurity every year for the next decade.

We contacted NPD for a comment but did not receive a response before our deadline.

It’s time to invest in identity theft protection!
Hofmann discovered the data breach through his identity theft protection service, which identified his information in the exposed database. The agency notified Hofmann, causing him to initiate a lawsuit. Data breaches occur on a daily basis, and the majority never make headlines; however, with an identity theft protection service, you will be notified if and when you are affected. See my top strategies and recommendations for preventing identity theft.

Four techniques to safeguard yourself against data breaches.
In addition to using an identity theft protection service, follow these guidelines to protect yourself from data breaches.

1) Remove your personal information from the internet: While no provider can ensure that your data will be completely removed from the internet, using a data removal service is a wise decision. They are not inexpensive, and neither is your privacy. These services handle all of the work for you, actively monitoring and meticulously deleting your personal information from hundreds of websites. It provides me peace of mind and has shown to be the most effective technique to remove personal information from the internet. Limiting the information available reduces the danger of scammers cross-referencing data from breaches with information found on the dark web, making it more difficult for them to target you. See my best selections for data removal services here.

READ MORE: Hackers Have Compromised The Personal Information Of 6.9 Million Consumers Of 23andMe

2) Be aware of mailbox communications: Bad actors may attempt to swindle you via snail mail. The data breach grants them access to your address. They may imitate persons or brands you recognize and employ urgent themes like missed delivery, account suspensions, and security alerts.

3) Be wary of phishing attempts: Keep an eye out for emails, phone calls, or messages from unexpected sources requesting personal information. Avoid clicking on strange links or supplying critical information unless you can confirm the request’s veracity.

The easiest approach to avoid following bad links that install malware is to install robust antivirus protection on all of your devices. Get my top selections for the greatest antivirus protection in 2024 for Windows, Mac, Android, and iOS.

4) Monitor your accounts: With breaches of this magnitude, you must begin routinely examining your bank accounts, credit card bills, and other financial accounts for any fraudulent activity. If you discover any questionable transactions, immediately notify your bank or credit card company.

Source