pentester

August 14, 2024Massive Breach Exposes 3 Billion Records, Including Social Security NumbersData aggregator National Public Data was breached in a massive cyberattack, exposing over 3 billion records. The leaked data includes sensitive information such as full names, addresses, phone numbers, dates of birth, and social security numbers.

The Massive Leak from National Public Data Exposes 3 Billion Sensitive Records

The personal data of millions of individuals linked to National Public Data has been leaked on a notorious cybercrime forum. The exposed information contains sensitive details such as full names, addresses, social security numbers, dates of birth and more. The company issued a statement, although their website is currently down. You can see a copy from archive.today. Despite the gravity of the situation, there are steps you can take to protect your information. The first step is checking to see if your data was involved in the breach:

Check if your data was exposed.

Who is National Public Data?

National Public Data, is a company that collects and sells access to personal data for use in background checks, to obtain criminal records, and for private investigators. They are believed to scrape the information from public sources and compile individual profiles for people in the United States and elsewhere.

What Information was Exposed?

In April, a threat actor on a popular breach forum offered up for sale the breach, requesting $3,500,000. The team at Pentester.com was able to get a hold of this data and analyze the content. We've created a helpful tool to check if your in the breach. Keep in mind, we do mask sensitive information to prevent abuse.

Check if your data was exposed.

Within the data files, we can see:

  • First names
  • Last Names
  • Addresses
  • Address Histories spanning 3 decades+
  • Social security numbers

Also, keep in mind that individuals involved in the breach can be deceased or have multiple records which means that not every individual is affected.

What can you do about it?

According to Richard Glaser, cofounder of Pentester.com, "Names, addresses and phone numbers might change but your social security number doesn't...". As Richard points out, financial institutions use SSNs to verify identity and comply with regulations when applicants apply for loans, credit cards, or investments. Having just that information available to threat actors poses a serious risk. We've outlined a few steps you can take below.

Consider Freezing Your Credit.

Freezing your credit is a proactive step to protect your financial identity. It prevents new creditors from accessing your credit report, making it more difficult for identity thieves to open accounts in your name. To place a freeze, you need to contact each of the three major credit bureaus separately or use a service like CreditKarma:

Note that freezing your credit does not affect your credit score, nor does it prevent you from getting your free annual credit report. You can lift the freeze temporarily using a PIN if you need to apply for credit or permanently when it suits your needs.

Utilize Data Removal Services

While it wouldn't necessarily prevent your information from being exposed in the breach, data brokers do have an obligation to maintain suppression lists for opt-out requests. There are several companies out there that provide the service, including Pentester.com.

Be Vigilant of Phishing Scams

After every major data breach, there comes a swarm of phishing attempts by threat actors, to utilize this information to be more convincing and trick you into providing additional sensitive information. Stay vigilant with and never reveal personal or financial data including usernames, passwords, PINs, memorable phrases or ID numbers.

Was everyone affected?

According to sources such as, popular cybersecurity Twitter account, vx-underground, "The database DOES NOT contain information from individuals who use data opt-out services. Every person who used some sort of data opt-out service was not present."

Know Your Risk. Get Protected with Pentester.com

Get a thorough, cost-free scan at https://www.pentester.com. Find out what's out there, understand past breaches, and protect your identity. Don't be in the dark, gain control over your data.

The National Public Data breach shows just how vulnerable our information can be. Don't be a target – take the steps necessary to protect your digital footprint. Visit Pentester.com today and view critical risks in under 30 seconds.

← AT&T Data Breach Exposes 70 Million Customers, And What You Can Do About It