In a concerning development, National Public Data, a Florida-based background check company, recently announced a major data breach on its website. The breach, believed to have been orchestrated by a third-party bad actor, potentially exposed sensitive information including names, email addresses, phone numbers, Social Security numbers, and mailing addresses. The incident came to light as a result of an investigation conducted by the company, leading to an alarming class-action lawsuit that claims the breach has affected nearly 2.9 billion individuals.

According to the lawsuit, a hacker group known as USDoD had attempted to sell the leaked data for a staggering $3.5 million on the dark web. Although National Public Data has not yet provided specific details about how or when the breach occurred, the lawsuit alleges that USDoD gained unauthorized access to the company's network prior to April 2024, successfully exfiltrating unencrypted personal identifiable information (PII) belonging to billions of individuals.

Disturbingly, the leaked data also includes information from individuals who have been deceased for up to two decades, highlighting the extensive scope of the breach. Reports have emerged of consumers receiving alerts from financial institutions and credit bureaus regarding suspicious activity on their credit, further adding to the concern.

National Public Data has assured that it has notified those affected by the breach. However, for individuals who are worried but have not been contacted, cybersecurity firm Pentester claims to have obtained the leaked data and has created a search tool on their website for consumers to determine if their information was part of the breach. Meanwhile, NPDbreach.com, operated by the Data Dividend Project and Atlas Privacy, offers a similar screening capability.

Richard Glaser, co-founder of Pentester, revealed that the total number of leaked records in Pennsylvania alone amounts to 110,072,993. This figure includes multiple records for the same individuals as well as records of deceased individuals.

In response to the breach, cybersecurity experts emphasize the urgency of protecting personal information. Pedro Robles, an assistant teaching professor of Cyber Analytics and Operations at Penn State Lehigh Valley, advises individuals to remain vigilant and respond with common sense. He explains that cybercriminals are constantly testing networks and institutions to obtain data for various malicious purposes.

National Public Data's webpage on the data breach recommends several steps to mitigate risks. These include putting a fraud alert on credit files, freezing credit through major bureaus like Equifax, Experian, or TransUnion, and requesting regular credit reports to identify and report any unauthorized activities.

Experts also suggest following guidelines from the Social Security Administration, such as monitoring Social Security accounts, limiting access to Social Security numbers, enhancing online security, and staying updated on recent scams.

As the aftermath of this widespread data breach continues to unfold, it serves as a stark reminder of the critical need for robust cybersecurity measures to safeguard personal information and protect against ever-evolving cyber threats.