Title: Massive Data Breach Exposes 2.7 Billion Records Including SSNs
In a shocking revelation, it has come to light that almost 2.7 billion records of personal information for individuals in the United States have been leaked on a hacking forum. This massive data breach has exposed sensitive details such as names, social security numbers, all known physical addresses, and even possible aliases of countless individuals.
The data in question is reported to have originated from National Public Data, a company known for collecting and selling access to personal data for various purposes such as background checks, obtaining criminal records, and assisting private investigators. It is believed that National Public Data gathers this information by scraping data from public sources to compile individual user profiles for individuals not only in the US but also in other countries.
The breach was first brought to light in April when a threat actor going by the name USDoD claimed to be selling 2.9 billion records containing personal data of individuals in the US, UK, and Canada. This data was allegedly stolen from National Public Data. The threat actor attempted to sell the data for a staggering $3.5 million, claiming it encompassed records for every person in the three countries.
USDoD has a history of involvement in such activities, having been linked to a previous attempted sale of InfraGard’s user database in December 2023 for $50,000. Despite efforts to reach out to National Public Data for clarification, BleepingComputer received no response to their inquiries.
Since the initial breach, multiple threat actors have released partial copies of the stolen data on various platforms, each sharing a different number of records and, in some instances, even different types of data. However, on August 6th, a threat actor known as “Fenice” leaked the most comprehensive version of the stolen National Public Data data for free on the Breached hacking forum. Interestingly, Fenice attributed the data breach to another threat actor named “SXUL,” rather than USDoD.
The leaked data consists of two text files totaling 277GB and contains nearly 2.7 billion plaintext records, slightly lower than the original 2.9 billion figure shared by USDoD. While the exact extent of the leak’s coverage remains uncertain, numerous individuals have confirmed that their legitimate information, including that of deceased family members, was included in the breach.
Each record in the leaked data contains vital information such as a person’s name, mailing addresses, and social security number. Some records even include additional details like other names associated with the individual. It is worth noting that none of this data is encrypted. Previous samples of the leaked data also included phone numbers and email addresses, although these were not present in the 2.7 billion record leak.
It is crucial to understand that each individual may have multiple records, with each record corresponding to a known address where the person has resided. This indicates that the data breach did not impact 3 billion people, as erroneously reported in some articles that did not thoroughly research the data. Some individuals have reported discrepancies in the data, such as social security numbers being linked to unknown individuals, suggesting inaccuracies in the leaked information.
Furthermore, there are indications that the data may be outdated, as it does not contain the current addresses of the individuals checked. This raises concerns that the data may have been sourced from an older backup, potentially compromising its accuracy and relevance.
The repercussions of this data breach have been severe, leading to multiple class action lawsuits against Jerico Pictures, believed to be operating as National Public Data, for failing to adequately safeguard individuals’ data. If you are a resident of the US, it is highly likely that your personal information has been exposed in this breach.
Given that the leaked data includes hundreds of millions of social security numbers, it is imperative that individuals affected monitor their credit reports for any signs of fraudulent activity. Any suspicious activity should be reported promptly to the relevant credit bureaus for investigation and mitigation.
Additionally, considering that previous samples of the leaked data contained email addresses and phone numbers, individuals should remain vigilant against phishing attempts and fraudulent SMS texts aimed at eliciting further sensitive information.
Impact on Individuals
The massive data breach involving 2.7 billion records has sent shockwaves through the cybersecurity community and raised significant concerns about the protection of personal information. With names, social security numbers, addresses, and aliases exposed, individuals are at risk of identity theft, financial fraud, and other malicious activities.
Many individuals have expressed distress upon discovering that their personal information was part of the leaked data. The inclusion of deceased family members’ details has added an emotional and practical burden on those affected. The breach has underscored the importance of robust data protection measures and proactive monitoring of personal information for potential misuse.
Legal Ramifications
The breach has not only impacted individuals but also raised legal challenges for entities involved in the data collection and storage process. National Public Data, under scrutiny for its role in the breach, is facing multiple class action lawsuits for its alleged negligence in safeguarding sensitive information.
The lawsuits against Jerico Pictures, operating as National Public Data, highlight the accountability of organizations in protecting individuals’ data from unauthorized access and misuse. The legal proceedings serve as a reminder of the legal obligations that companies have in ensuring the security and confidentiality of personal information entrusted to them.
Preventive Measures
In light of the data breach, individuals are advised to take proactive steps to safeguard their personal information and mitigate the risks associated with potential identity theft and fraud. Monitoring credit reports, reporting suspicious activities, and being cautious of phishing attempts are crucial preventive measures to protect against further harm.
Educating individuals on cybersecurity best practices, such as using strong passwords, enabling two-factor authentication, and being vigilant of online threats, can help enhance personal data security. Collaboration between individuals, cybersecurity professionals, and law enforcement agencies is essential in combating cyber threats and ensuring the safety of sensitive information.
In conclusion, the massive data breach involving 2.7 billion records, including social security numbers, has exposed the vulnerability of personal information in the digital age. The incident serves as a wake-up call for individuals, businesses, and regulatory authorities to prioritize data security and privacy protection to prevent future breaches and safeguard individuals’ sensitive information. Vigilance, collaboration, and proactive measures are key in mitigating the risks associated with data breaches and ensuring the integrity of personal information in an increasingly interconnected world.