2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

A cataclysmic data breach has cast a long shadow over the privacy of billions of individuals. Reports claim that a staggering 2.9 billion records, including Social Security numbers, have been compromised in a cyberattack targeting National Public Data (NPD), a company specializing in background checks.

This unprecedented scale of data exposure highlights the vulnerabilities inherent in our interconnected world and the immense value placed on personal information by cybercriminals. The fallout from this breach has the potential to ripple through societies globally, with far-reaching consequences for individuals, businesses, and governments alike.

What We Know of the NPD Breach

NPD is an online background check and fraud prevention service that gathers information from various sources, including public record databases, court records, and state and national repositories.

A complaint filed in the U.S. District Court claims that NPD experienced a data breach around April 2024, alleging the following:

• Sensitive data, such as full names, current and previous addresses (going back at least 30 years), Social Security numbers, and details about family members, including some who have been deceased for nearly two decades, were compromised.
• The company allegedly obtained this information from non-public sources without the consent of the person filing the complaint or the potentially billions of others affected by the data collection. 

NPD reportedly had a legal and ethical responsibility to protect and secure this information from unauthorized access and breaches, a duty it allegedly failed to uphold.

The Scale of the Breach

The sheer magnitude of this data breach is almost incomprehensible. With an estimated 2.9 billion records compromised, it dwarfs previous data breaches in scale and scope. For perspective, the global population is 8.2 billion, meaning this breach potentially affects nearly half of the world’s population. The implications of such massive data exposure are far-reaching, potentially impacting individuals, businesses, and governments globally.

The industries and sectors affected by this breach are equally vast. Given the nature of the stolen data, the financial sector will likely be a prime target for cybercriminals. However, the repercussions extend beyond finance, as this data can be used for various fraudulent activities, from identity theft to medical fraud.

Who Is Behind the NPD Breach?

Typically, regulations require companies to promptly report data breaches, informing customers through emails, news reports, and sometimes notifications to state attorneys general. However, in this instance, no such notifications were sent to potential victims, and no records of filings with state attorneys general were found.

The primary plaintiff uncovered the breach after receiving an alert from their identity theft protection service, which indicated that their personal information had been compromised in the “nationalpublicdata.com” breach. This highlights another way people might learn about a data breach before the company involved discloses it — through identity theft protection services.

Moreover, in June, The Register reported that a hacker group called USDoD claimed responsibility for hacking the records of nearly 3 billion individuals, putting them up for sale on the dark web for $3.5 million. The group asserted that these records included personal data from U.S., Canadian, and British citizens.

How to Protect Yourself From Data Breaches?

There are many ways to prevent data breaches and stay safe from them. Here are a few things that you can do to ensure your safety:

1. Use Strong, Unique Passwords

Weak passwords are easy for hackers to guess or crack, especially if they’re common or reused across multiple sites.

When creating passwords, use at least 12 characters, combining uppercase and lowercase letters, numbers, and special symbols. Steer clear of using easily guessed details like your name or birthdate. Using a password manager can help you generate and store complex passwords without remembering each one.

2. Enable Multi-Factor Authentication (MFA)

Even if your password is compromised, MFA adds an extra layer of security by requiring a second verification form, such as a code sent to your phone or generated by an authentication app.

Activate multi-factor authentication on all accounts where it’s available, especially on email, banking, and social media platforms. This can typically be done in the account settings under the security section. Choose a convenient but secure method, like an app-based authenticator rather than SMS, which can be vulnerable to SIM-swapping attacks.

3. Sign Up for Identity Theft Protection

Identity theft protection services monitor your personal information across the web, including the dark web, and alert you to any signs of misuse. They often include insurance and recovery assistance if your identity is compromised.

Research and choose a reputable identity theft protection service that fits your needs. These services typically offer continuous monitoring, alerts for suspicious activity, and support for recovering from identity theft. Some even monitor your Social Security number, email addresses, and more.

4. Use Encryption

Encryption ensures that your data is unreadable to anyone who doesn’t have the decryption key. This is crucial for protecting sensitive information from being intercepted or accessed by unauthorized parties.

Use encrypted messaging apps like Signal or WhatsApp for private communications. Enable full-disk encryption for files stored on your devices, often built into modern operating systems (e.g., BitLocker for Windows and FileVault for Mac). Additionally, consider using encrypted cloud storage services to store sensitive documents.

5. Keep Your Software Updated

Software updates often come with bug fixes for security vulnerabilities that attacks might exploit. Running outdated software increases the risk of being targeted by malware or other attacks.

Enable automatic updates on your operating system, web browser, and apps whenever possible. Regularly check for updates to any software that doesn’t automatically update, including antivirus programs, firewalls, and other security tools. Updating firmware on devices like routers and smart home gadgets is also important.

6. Be Wary of Phishing Scams

Phishing attacks trick you into giving away personal information or installing malware by posing as legitimate contacts or companies. These scams can be highly convincing and are a common way for hackers to access your accounts.

Always double-check the sender’s email address, especially if you receive an unexpected message asking for personal information. Also, don’t click on links or download attachments from suspicious sources.

7. Freeze Your Credit

Freezing your credit prevents new accounts from being opened in your name, which can help stop identity thieves from using your personal information to take out loans or open credit cards.

Contact each of the major credit bureaus (Equifax, Experian, and TransUnion) to place a freeze on your credit. This is usually free and can be done online or over the phone. If you need to apply for new credit, you can temporarily lift the freeze and reapply it afterward.

Also, stay informed about the current data breaches and cybersecurity news to take immediate action and protect your information if necessary. Subscribe to cybersecurity news sources or set up Google Alerts for terms like “data breach” or “identity theft.” When you hear about a breach involving a service you use, consider changing your passwords immediately — and monitor your accounts closely.

Learn how to use password managers to further strengthen your cybersecurity posture and stay safe from data breaches.