We break down the NPD data breach, covering every aspect of the incident, from the compromised personal information to the steps you should take to safeguard yourself in the aftermath.
What is NPD?
National Public Data (NPD) is a background check service that aggregates and provides access to a wide array of personal information about individuals. The service pulls data from public records, which can include federal, state, and local government documents, legal filings, and other sources that are legally available to the public.
NPD is often used by companies and organizations for background checks, offering a comprehensive view of an individual’s identity, including their name, address, phone number, and even Social Security numbers. This type of service is integral in various industries for verifying the backgrounds of employees, tenants, or any individuals requiring such vetting. NPD’s ability to centralize vast amounts of sensitive information from public records makes it a critical tool for those needing accurate and detailed personal data.
What personal information was compromised in the NPD data breach?
The NPD data breach resulted in the exposure of a significant amount of sensitive personal information. The compromised data includes key identity markers such as names, Social Security numbers (SSNs), and dates of birth, which are highly valuable to cybercriminals for identity theft and other forms of fraud. Additionally, the breach also exposed contact information like email addresses, phone numbers, and mailing addresses.
This combination of personal data is particularly dangerous because it not only allows criminals to impersonate individuals but also provides them with the means to carry out targeted phishing attacks. Moreover, since the data stems from public records, the breach affects a wide range of people, potentially including both the living and deceased, increasing the risk of fraudulent activities across different demographic groups.
How did the NPD data breach occur, and who is responsible?
The NPD data breach is linked to a hacking attempt that began in late December 2023, which seems to have been the starting point for the unauthorized access to National Public Data’s systems. The breach itself came to light after a threat actor, initially using the alias USDoD, offered a massive dataset for sale in April 2024. This dataset reportedly contained 2.9 billion records, which were allegedly extracted from NPD’s databases. Later, in early August 2024, another cybercriminal known as Fenice leaked a more comprehensive version of the database for free, comprising 2.7 billion records.
The individuals or groups responsible for this breach appear to be sophisticated and well-coordinated cybercriminals who specifically targeted NPD to gain access to its vast repository of sensitive information. The breach likely involved exploiting vulnerabilities within NPD’s data storage or security protocols, although the exact technical details of how the hackers gained entry have not been fully disclosed by NPD.
The ongoing nature of the data leaks, coupled with the fact that different versions of the database were shared at different times, suggests a prolonged attack or multiple breaches that compromised NPD’s data security over several months. NPD has acknowledged the breach and has been cooperating with law enforcement, but the full scope of the breach and the identities of those responsible remain under investigation.
When did the NPD data breach happen, and how long was the data exposed?
The NPD data breach is believed to have originated from a hacking attempt that began in late December 2023. This breach was not immediately detected, allowing the unauthorized access to continue undisturbed for several months. The first public indication of the breach occurred in April 2024, when a threat actor, using the alias USDoD, offered to sell a large portion of the stolen data.
However, it wasn’t until August 2024 that a more comprehensive version of the database was leaked by another cybercriminal known as Fenice according to a BleepingComputer report. This timeline indicates that the data was potentially exposed and vulnerable for several months before the full extent of the breach was made public. During this period, multiple copies of the database were shared and sold, leading to the broad dissemination of sensitive information across various cybercriminal communities.
What steps has National Public Data taken in response to the NPD data breach?
In response to the NPD data breach, National Public Data has taken several actions to address the security incident and mitigate its impact. Upon discovering the breach, NPD initiated an internal investigation to understand the scope of the compromised data and the vulnerabilities that were exploited. The company has been cooperating with law enforcement agencies to track down the perpetrators and prevent further dissemination of the stolen data. Additionally, NPD has been reviewing the potentially affected records to determine the exact information that was compromised and identify the individuals impacted by the breach.
NPD has acknowledged the breaches that occurred in April 2024 and the summer of 2024, which were linked to the December 2023 hacking attempt. The company has expressed a commitment to notifying affected individuals if significant developments arise, although the process of reaching out to potentially millions of people presents a substantial challenge. Furthermore, NPD has likely implemented or is in the process of implementing enhanced security measures to prevent future breaches, though specific details on these measures have not been disclosed. The company’s focus now is on damage control, legal compliance, and restoring trust among its users and clients.
How many individuals were affected by the NPD data breach?
The exact number of individuals affected by the NPD data breach remains unclear, but it is evident that the breach has impacted a substantial number of people. The leaked database is reported to contain 2.7 billion records, though many of these records may refer to the same individuals.
Some SSNs are exposed in the data leak
According to Troy Hunt, the creator of the Have I Been Pwned (HIBP) service, one version of the database analyzed included 134 million unique email addresses, suggesting that at least this many individuals could have been affected. However, given the breadth of information included—such as names, Social Security numbers, and addresses—the actual number of affected individuals may be even higher, potentially reaching hundreds of millions.
Additionally, the database may contain outdated or inaccurate information, as some records were found to be associated with incorrect names or outdated addresses. This further complicates efforts to determine the full scope of the breach and identify all affected individuals. Nonetheless, the scale of the data breach suggests a widespread impact, affecting people across various demographics, including both the living and deceased, as confirmed by reports from those who found their own and their family members’ details in the leaked data.
How to check if you are affected by the NPD breach?
If you are concerned that your personal information may have been compromised in the NPD data breach, there are a few steps you can take to determine if you have been affected:
- Use data breach monitoring services: One of the most reliable ways to check if your data has been exposed is to use a service like Have I Been Pwned or npd.pentester.com, which allows you to search for your email address or phone number in databases of known breaches. This service, maintained by security expert Troy Hunt, has analyzed portions of the leaked NPD database and may be able to alert you if your information is included.
- Monitor your financial accounts: Regardless of whether you find your information in a breach database, it’s important to monitor your bank accounts, credit cards, and other financial services for any unusual activity. Unauthorized transactions or changes to your account details could be a sign that your information was compromised in the breach.
- Check your credit reports: Request a free copy of your credit report from major credit reporting agencies (Equifax, Experian, and TransUnion) and review it for any discrepancies or unauthorized accounts. If you spot anything suspicious, consider placing a fraud alert or credit freeze to protect your credit.
- Be vigilant for phishing attempts: With your contact information possibly exposed, be on the lookout for phishing emails, texts, or calls that attempt to trick you into revealing further personal details. Phishing attempts often follow data breaches as criminals try to exploit the leaked information.
- Sign up for identity theft protection: If you are particularly concerned about your exposure, you may want to consider enrolling in an identity theft protection service. These services can help monitor your personal information and alert you to potential misuse, as well as assist in recovery if your identity is stolen.
Answering every question you have about the EVIT data breach
Is pentester.com legit?
npd.pentester.com is a website that claims to offer penetration testing services, which are assessments designed to identify vulnerabilities in a company’s digital security. Penetration testing is a legitimate and critical service within the cybersecurity industry, typically conducted by security professionals to help organizations strengthen their defenses against potential cyberattacks.
However, the legitimacy of any specific website offering these services depends on various factors. Research the website’s reputation by looking for reviews, testimonials, or mentions in cybersecurity forums and communities. Legitimate services will often have verifiable reviews or case studies available.
Check if the company or individuals associated with the website have recognized certifications in cybersecurity, such as Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP). These certifications are standard in the industry and add credibility. Legitimate businesses should have clear contact information, including a physical address and phone number. Additionally, they should be transparent about who they are, what services they offer, and their pricing structure.
Verify if the company is registered and operates as a legitimate business entity in its country of operation. You can often find this information through business registries or databases. Since penetration testing involves accessing sensitive systems, ensure the company follows strong security practices. This includes using secure methods of communication and having clear policies on data handling and confidentiality.
Featured image credit: Kerem Gülen/Midjourney
