US company admits 3B records were leaked on dark web
National Public Data (NPD), a firm specializing in the resale of personal information for background checks, has confirmed a significant data breach. The incident involved the exposure of names, social security numbers, and physical addresses of nearly 2.9 billion individuals, among other details. For months, alleged perpetrators have been advertising and distributing the purportedly stolen data on dark web forums, without any acknowledgment or response from NPD.
NPD confirms data breach
The company has now acknowledged the breach on its Security Incident page, providing some information but leaving several questions unresolved. The incident is believed to have been orchestrated by a third-party malicious actor, who attempted to infiltrate the data in late December 2023. Potential leaks of specific data were identified in April and summer of 2024. The compromised information included names, email addresses, phone numbers, social security numbers, and mailing addresses.
Breach involved billions of rows of data
The data breach reportedly involved an astounding 2.9 billion rows of data, affecting an undetermined number of individuals. An analysis conducted by Troy Hunt, operator of Have I Been Pwned, revealed inconsistencies in how the leaked data is associated with specific individuals. NPD has stated that it has "cooperated with law enforcement and governmental investigators" and conducted a review of the potentially affected records.
NPD's response to data breach criticized
NPD has been criticized for its handling of the situation. The company's website does not disclose how many people have been affected by the breach, nor does it offer any compensation to those whose information has been compromised. Furthermore, it provides no direct contact channels for more information about the incident. Instead, NPD advises individuals to monitor their credit reports for any suspicious activity.