Cyber Blog

A massive data breach at National Public Data (NPD) has exposed the Social Security numbers, names, addresses, email addresses, and phone numbers of millions of Americans. The breach affected 2.9 billion records, and a security tool from Pentester.com can help you check if your data was compromised.

National Public Data, a Coral Springs, Florida-based company that specializes in background checks, has confirmed the breach on its website, stating that “a data security incident may have involved some of your personal information.” The breach, allegedly caused by a third-party hacker, occurred in late December 2023, with potential data leaks reported in April and summer 2024.

The breach came to light following a class action lawsuit filed in U.S. District Court in Fort Lauderdale, Florida, as first reported by Bloomberg Law. The lawsuit, filed by Schubert, Jonckheer & Kolbe, claims that NPD’s records dating back at least three decades were compromised, including sensitive information like names, addresses, Social Security numbers, and familial connections.

In response, NPD has acknowledged that the compromised data includes names, email addresses, phone numbers, mailing addresses, and Social Security numbers. The company stated that it is cooperating with investigators and has strengthened its security measures to prevent future breaches.

How to Check If Your Data Was Involved

Cybersecurity firm Pentester.com has obtained the breached data and created a tool that allows individuals to check if their information was compromised. The tool provides details such as names, addresses, address histories, and Social Security numbers, and can be accessed at npd.pentester.com.

Richard Glaser, cofounder of Pentester.com, emphasized the serious risks posed by the exposure of Social Security numbers, which are commonly used in financial transactions, loan applications, and investments. Glaser advised freezing credit reports as a precautionary measure, noting that “names, addresses, and phone numbers might change, but your Social Security number doesn’t.”

NPD has also urged consumers to monitor their financial accounts closely and to report any unauthorized activity to their financial institutions immediately. The company recommended obtaining a credit report and placing a fraud alert on credit files.

However, Odysseas Papadimitriou, CEO of personal finance site WalletHub, suggested taking stronger measures, such as freezing credit reports. “Placing a fraud alert is not as effective as freezing your report,” he told USA TODAY. “A fraud alert is more of a heads-up to lenders, which they can easily ignore. A freeze, on the other hand, stops fraud in its tracks by preventing identity thieves from opening accounts in your name.”

Security experts agree that freezing your credit report is a prudent step, given the likelihood that the stolen data is now in the hands of hackers.

The class action lawsuit alleges that the cybercriminal group USDoD was responsible for breaching NPD’s network and stealing unencrypted personal data. The group is believed to have posted the stolen database, containing information on 2.9 billion individuals, on the dark web around April 8, 2024, offering it for sale at $3.5 million.