Background check company National Public Data (NPD) has been hacked by criminals who obtained 2.9 billion records of private U.S. consumer data, including names, addresses, phone numbers and Social Security numbers.
The Florida-based company said that cybercriminals have been attempting attacks since last year, but the breach only become public after a class action lawsuit was recently filed with the U.S. District Court in Ft. Lauderdale, FL.
The lawsuit alleges that the hacker group USDoD breached National Public Data’s system in April, stole the personal data of millions of Americans, and then attempted to sell the records on the dark web for $3.5 million. NPD released a statement confirming its cooperation with law enforcement, efforts to strengthen its systems, and a review of the affected records for additional issues.
Monitoring Credit
The company has not yet provided specific data on how many people were affected by the breach or how they were notified. National Public Data advised consumers to monitor their accounts closely and to contact their financial institution if they discover any unauthorized activity.
NPD also recommended that consumers should contact the three U.S. credit reporting agencies (Equifax, Experian, and TransUnion) to obtain a free credit report. Additionally, the company suggested placing a fraud alert with the credit bureaus and considering a credit freeze.
The Identification Equation
However, as data breaches like the recent Cash App breach become more frequent, it isn’t enough to put the onus on consumers to monitor and freeze their credit.
“The reality is that most consumers’ Social Security numbers are already available on the dark web and have likely been compromised several times over,” said Tracy Kitten, Director of Fraud and Security at Javelin Strategy & Research. “Social Security numbers don’t carry the high level of certainty they once did, and financial institutions have known it for years. That’s why Social Security numbers are never used in isolation as an identity verification method.”
“Because personal data like dates of birth and phone numbers have been leaked, many developed markets around the world are pushing for the implementation of a global digital identity program that takes personal identifiers such as Social Security numbers out of the identification equation,” she said.