National Public Data (NPD), a company known for reselling personal information for background checks, has confirmed a significant data breach that compromised a wide range of personal data, including names, Social Security numbers, and physical addresses.
The breach, which was first discussed on dark web forums, has been ongoing for several months, with the company initially remaining silent.
Earlier this week, NPD finally addressed the issue by publishing a Security Incident page, revealing some details but leaving many questions unanswered.
- The breach appears to have been initiated by a third-party hacker who attempted to access the data in late December 2023. The company suspects that certain information may have been leaked in April and summer 2024.
- The compromised data likely includes names, email addresses, phone numbers, Social Security numbers, and mailing addresses.
The scale of the breach is staggering, with reports indicating that 2.9 billion rows of data were leaked, affecting an unknown number of individuals. An analysis by Troy Hunt, the operator of Have I Been Pwned, highlighted inconsistencies in the way the data is connected to specific individuals.
NPD has stated that it is cooperating with law enforcement and government investigators and has reviewed the potentially affected records. The company has promised to notify affected individuals if there are any significant developments that may impact them.
However, NPD has not disclosed how many people were affected, offered any form of compensation, or provided clear channels for those impacted to seek more information. The company has advised those potentially affected to monitor their credit reports, but little else.
