Records of 2.9 Billion People Exposed in National Public Data Breach

Records of 2.9 Billion People Exposed in National Public Data Breach

The records of 2.9 million people have been exposed from a cyberattack on background check company National Public Data, according to a class-action lawsuit filed in Florida against the company. And National Public Data is now acknowledging the security breach on its website.

This breach is one of the largest in history, along with the 2013 Yahoo cyberattack that exposed 3 billion records. The lawsuit alleges that a cybercriminal group called USDoD gained access to National Public Data’s network prior to April 2024. On April 8, USDoD claimed on the dark web that they had stolen the personal data of 2.9 billion people and offered to sell the database for $3.5 million.

National Public Data had not publicly confirmed the breach before August 13. It now states on its website, “There appears to have been a data security incident that may have involved some of your personal information. The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024.”

What is National Public Data?

National Public Data, which is owned by Jerico Pictures, is a background check company. It gathers personal information on individuals from public record databases, court records and  nonpublic sources and provides it to private investigators, consumer public record sites, human resources, staffing agencies and more.

Because National Public Data gathers information on individuals without their consent, those who are impacted by the security breach might not even be aware that their information has been exposed. The plaintiff in the class-action lawsuit alleges that he never directly provided his information to NPD and learned that his information was exposed after receiving an alert from his identity theft protection service provider in July  that his data was compromised in a “nationalpublicdata.com” breach.

What information was stolen?

National Public Data states on its site that the information suspected of being breached contained names, email addresses, phone numbers, Social Security numbers and mailing addresses. According to the lawsuit, the exposed information has records spanning decades—including records of individuals who have been deceased nearly two decades.

If your personal information was impacted by the breach, there is no guarantee that you will be notified. National Public Data states on its site that it has reviewed potentially affected records and will try to notify individuals if there are further significant developments applicable to them.

What thieves can do with the information

Thieves can do a lot of damage with the information that was exposed in the National Public Data breach. They can …

  • Steal identities;
  • Take over existing accounts by providing personal information to verify identity;
  • Create new fraudulent accounts;
  • File fraudulent tax returns to steal refunds; or
  • Claim government benefits, such as unemployment benefits.

How to protect your personal information

It’s not too late to protect your personal information if it was exposed in the National Public Data breach. Follow these steps to limit the damage.

  • Freeze your credit reports. Contact all three credit bureaus—Equifax, Experian and TransUnion—to place a security freeze on your credit reports. It’s free and will prevent thieves from opening new accounts and lines of credit in your name. If you need to apply for credit in the future, you can lift the freeze.
  • Sign up for account, credit and identity monitoring. A comprehensive monitoring service such as Carefull makes it easy to keep constant tabs on your financial accounts, credit reports and identity to be alerted to unusual transactions, signs of fraud and misuse of your personal information. Plus, Careful includes up to $1 million in identity theft insurance coverage.
  • Be alert to scammers. With your personal information, it will be easier for scammers to impersonate your financial institutions, service providers and even government agencies. They might call, email or text to alert you to some problem that requires your attention and use the last four digits of your Social Security number to verify your identity—making you believe that they are who they say they are because they have such sensitive information about you. Don’t provide any personal information or account information to anyone who contacts you out of the blue. Contact the company or agency directly to find out if it was trying to reach you.

Get protected today

Verify your TCB email to take advantage of Carefull's features. Carefull costs $9.99 per month, but as a TCB customer, this service is completely free* to you.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Connect your accounts and Carefull does the work for you, safely and securely.

Carefull costs $9.99 per month, but as a TCB customer, this service is completely free* to you.

See how the platform works

*TCB will pay the monthly fee on your behalf to Carefull, if you, are a deposit customer of the bank. If you close your account TCB will no longer pay this fee. You will be responsible for the first monthly fee assessed by Carefull after your account is closed and any other fees thereafter.