Following a massive data breach, your private information might be lingering on the dark web.
National Public Data, a Florida-based company that aggregates data to create background checks, confirmed it was hacked earlier this year, with Social Security numbers among the information that was compromised.
The Coral Springs company posted a notice toits website that says "there appears to a have been a data security incident that may have involved some of your personal information. The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024."
News of the breach initially came from a class action lawsuit filed in U.S. District Court in Fort Lauderdale, according to USA TODAY. Law firmSchubert, Jonckheer & Kolbe, which filed the suit, claims that 2.9 billion recordswere stolen from NPD and alleges that the company did not adequately protect the information.
Here's what to know about the data breach and how you can takes steps to protect yourself.
How did National Public Data's data breach happen?
According to the suit, cybercriminal group USDoD accessed the network of National Public Data (also known as Jerico Pictures Inc., of Coral Springs, Florida) and stole unencrypted personal information. Around April 8 of this year, the group posted a database on the dark web, claiming it contained information on about 2.9 billion people and putting it up for sale at $3.5 million.
USA TODAY notes the plaintiff in the case, Christopher Hofmann of Fremont, California, was notified by an identity theft protection service that his data had been compromised and found on the dark web as a result of the data breach.
What information is included in the NPD data breach
Along with Social Security numbers, hackers stole names, phone numbers, mailing addresses and email addresses, according to National Public Data.
The law firm that filed the suit,Schubert, Jonckheer & Kolbe, also reported that information about people's histories and relatives were breached. In total, about 2.9 billon records dating at least three decades were stolen.
What is National Public Data doing about the data breach?
On its website, NPD officials shared that the company is working toward finding the source of the breach and fortifying its systems.
"We cooperated with law enforcement and governmental investigators and conducted a review of the potentially affected records and will try to notify you if there are further significant developments applicable to you," National Public Data's website reads. "We have also implemented additional security measures in efforts to prevent the reoccurrence of such a breach and to protect our systems."
How to know if your information has been stolen
According to USA TODAY, cybersecurity firmPentester acquired the leaked data and created a tool you can use to see if your information is in the breach. The tool is accessible atnpd.pentester.com.
National Public Data also offered the following tips to monitor whether your information has been stolen:
- Closely monitor your financial accounts. If you see any unauthorized activity, contact your financial institution to report the fraud.
- Review your credit reports for charges you don't recognize. You can obtain a free credit report from each of the three U.S. credit reporting agencies (Equifax, Experian, and TransUnion) by calling 877-322-8228 or going towww.annualcreditreport.com.
- Contact any one of the three major credit bureaus to place a free fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. The initial alert will stay for one year, after which you can renew it.
What should I do if my information was stolen?
If you notice fraudulent charges or suspect your information has been stolen, National Public Data advises reporting the identity theft to the Federal Trade Commission atidentitytheft.gov.
For additional tips, financial news website Money.com shares the following steps if your information was stolen:
- Scan for viruses and malware that hackers may be using to steal your data.
- Renew and strengthen passwords with upper and lower case letters, numbers, and special punctuation marks. Never use personal details and make sure to use a different password for all your online accounts.
- Review your credit report. Notify credit bureaus and report unauthorized use of credit card numbers.
- Request for the credit bureau to freeze your credit.
- Use multifactor authentication for your online banking and other high-risk accounts containing personal information.
- Be aware of cybercrime like phishing when checking email and social media.
How to freeze your credit
It's free to have your credit report frozen. But you must contact all three major credit reporting agencies:
You can submit your request online, by phone, or by mail.Agencies must freeze your credit report within one day when you submit it online or by phone, according to the General Services Administration. Freeze requests sent by mail must be enacted within three business days. Agencies must lift the freeze within an hour if you request it be unfrozen online or by phone, and within three business days by mail.
USA TODAY contributed to this report.
