NPD Security Breach: 2.9 Billion Records Exposed

Major Security Breach: National Public Data (NPD) Exposed

Last week, National Public Data (NPD) confirmed that it suffered a significant security breach dating back to December of the previous year. The breach has stirred concern as it involves a vast database allegedly containing 2.9 billion lines of sensitive personal data, including Social Security numbers. This database was reportedly advertised on the dark web in April by a hacker group known as USDoD, with a staggering asking price of $3.5 million. Unfortunately, the stolen data has since been made publicly accessible across various platforms.

Discovery of Further Vulnerabilities

In a detailed report by Krebs On Security, it was revealed that a website mirroring NPD, called recordscheck.net, was found to host an archive containing crucial information such as site logins and even source code for certain tools, all stored in plaintext. This vulnerability could have allowed cybercriminals to access the same consumer records that were compromised in the NPD breach.

Additionally, the now-removed file was found to contain email information belonging to NPD's founder, Salvatore Verini, who has a background as an actor and retired sheriff’s deputy from Florida. Verini, in communication with Krebs On Security, stated that the archived file contained an outdated version of the website with "non-working code," emphasizing that operations for this site would cease in the upcoming week. He declined to provide further comments, citing an “active investigation.”

Implications of the Data Leak

Krebs On Security's investigation also uncovered that Verini had written a positive testimonial for Creation Next, a web development company referenced in the archived source code of recordscheck.net. This connection raises questions about the security practices of both NPD and associated entities.

Risks to Consumers and Suggested Actions

Since the data leak was posted on hacker forums last month, several websites like npdbreach.com and npd.pentester.com have emerged, offering services to help individuals ascertain whether their information is part of the leaked database. However, utilizing these services often requires users to enter sensitive personal details such as names, birth years, and potentially Social Security numbers, which could lead to further risks of identity theft.

Given the current threat landscape, experts, including those from Krebs, recommend that individuals consider placing a freeze on their credit reports with major credit bureaus: Equifax, Experian, and TransUnion. Moreover, consumers are urged to take advantage of the free weekly credit reports to monitor any irregularities that may arise.

A Call for Vigilance

As data breaches become increasingly common, it is crucial for consumers to stay vigilant regarding their personal information. Taking proactive measures can significantly reduce the risk of identity theft and help maintain control over their sensitive data.

Conclusion

The recent NPD breach serves as a stark reminder of the vulnerabilities present in our digital landscape. It underscores the importance of maintaining robust data security practices and being proactive in protecting personal information in the wake of these alarming incidents.