WTF! Another Record Setting Data Breach!

WTF! Another Record Setting Data Breach!

Did the Largest data breach in history just happen? Yes it did! Were  3 billion records of personal data stolen and posted for sale on the Dark Web? Yes, they were! And was yours among them? The answer is probably yes again!

Florida based National Public Data is a company that collects personal information for background checks and offers its customers the ability to search billions of records with near instant results. This company, for lack of a better word, is the sucker that let it happen, deliberate or otherwise.  I dare not call them the victim. Why? Because, some if not all, the information they possessed was scraped, or  basically stolen, from non-public websites. A cyber criminal gang going by the name USDoD gained access to NPD’s network on April 8, 2024, and  subsequently stole the data NPD stole. USDoD was able to extract the billions of lines of unencrypted personal information. So the first question is; Why was this much data left unencrypted?

It was also revealed the the data also contained information from people in Canada and Great Britain.

NPD announced the  “Security Incident”  by stating,  “potential leaks of certain data in April 2024 and summer 2024.” According to NPD  the breach appeared to involve a third party “that was trying to hack into data in late December 2023.” So now the second question comes to mind; What did NPD do in response to the December incident?

So what exactly was lost? The stolen data includes, but is not limited to, full names; current and past addresses going back 30 years, Social Security numbers; family information of parents, siblings and other relatives that reaches back for over 20 years! And other personal information. So you can bet your full family tree, work history and residential history is now for sale on the Dark Web for about $3 million.

Now another interesting facts that was reported by “The Register” is that NPD reported to the State of Maine that only 1.3 million people were affected. The State of Maine requires companies o report the total number of people affected by a data breach and the number of Maine residents be reported separately.

Why am I telling you this? Because every company has a way to spin bad news. NPD reported that only 1.3 million people were affected but the the State of Main has only about 1.5 million people living there. So the question becomes, why are there 134 million unique email addresses in the stolen data? According to information security expert Troy Hunt, and maintainer of HaveIBeenPwned, who looked into the database and  pointed that unless every one of the 1.3 million people reportedly affected “… had 100 email addresses, which is pretty unlikely, there is a chance that more people are affected than what NPD told Maine’s AG.”

The catastrophe unfolded as a result of a lawsuit by a gentleman who received a notification from his identity theft protection service provider on July 24 notifying him that his data was exposed in a breach and leaked on the dark web.

This breach, if confirmed, would be one of the largest breaches in history.

So What The Hell Can You Do?

Start by establishing if your Social Security number  and associated data was breached. Cybersecurity company Pentester, has launched a tool to help you discover if you are victim of the breach. Go online and navigate to npd.pentester.com and enter your first and last name and birth year. You’ll see a list of breached accounts, including the last four digits of the leaked Social Security numbers.

Even if you did not see your information you might want to follow these steps. If you did see your name you definitely want to do these things.

Step 1 – Hire a good identity protection service to monitor your data. Here is the list of the Top Ten

Step 2 – If you are not planning on financing any purchases in the near future freeze your credit. Here’s how.

Step 3 – Change the passwords on all your financial accounts. Anything that involves selling, buying, banking or credit should get a new complex password along with multi-factor authentication.

Step 4 – Step up the screening of your emails and text messages. SUSPECT EVERYTHING!  Cybercriminals will address you by name in emails and text messages and use the information about your family to gain your trust. They may call, email or text you. The may send something in the mail and claim to be someone in authority, a tax official, law enforcement, a collection agency, etc.  SUSPECT EVERYTHING! If someone is asking for money or claiming you owe them YOU SHOULD BE THE ONE ASKING THE QUESTIONS! Not the other way around. Say nothing, tell them nothing!

Step 5 – Check with your local property ,land, or tax officials and ask how to protect your home from title thieves who actually steal homes, especially from senior citizens.

Step 6 – Get with your cell service provider and add protection to prevent SIM card swapping.