The recent data breach involving National Public Data (NPD) has highlighted significant vulnerabilities in the handling of Social Security numbers (SSNs) and other personal information. Jerico Pictures, Inc., doing business as National Public Data, is a data broker company that performs employee background checks. Their primary service is collecting information from public data sources, including criminal records, addresses, and employment history, and offering that information for sale. What’s the point now, the organization entrusted with our data has experienced this massive data breach. Our personal data is no available on the dark web for sale. Below is a detailed timeline of the events surrounding the breach, an examination of how to protect oneself from identity theft, and a discussion on modernizing identity verification in the United States.
Timeline of Events
Before the Breach
- December 30, 2023: A third-party bad actor attempted to hack into the data of NPD. The breach involved the theft of personal information, including SSNs, names, addresses, email addresses, and phone numbers.
Discovery and Initial Response
- April 2024: The hacker group USDoD claimed to have accessed NPD’s database, posting a sales thread on Breachforums. The post advertised 2.9 billion records, including names, addresses, phone numbers, and SSNs, for $3.5 million.
- April 8, 2024: The stolen data was reportedly leaked on the dark web. Despite the massive volume, the data did contain inaccuracies and duplicates, casting doubt on the full extent of the breach.
Public Disclosure and Legal Actions
- August 1, 2024: A class action lawsuit was filed, bringing widespread attention to the breach. The lawsuit alleged that NPD failed to protect personal information and did not adequately notify affected individuals.
- August 12, 2024: NPD publicly acknowledged the breach, stating that a data security incident had occurred and involved personal information, including SSNs.
- August 15, 2024: NPD posted a breach disclosure notification on its website, confirming the involvement of a third-party bad actor and the potential leaks in April and summer 2024.
Aftermath and Ongoing Concerns
- August 2024: Various cybersecurity experts and news outlets analyzed the leaked data, finding it to be a chaotic mix with many inaccuracies. Despite this, the breach has raised concerns about identity theft and the misuse of personal information.
Impact of the Breach
- Number of Records: The breach involved 2.9 billion records, although many were duplicates. The total number of unique individuals affected is estimated at 292 million, with 272 million including SSNs.
- Scope: The breach affects a significant portion of the population in the U.S., U.K., and Canada, though the data includes many deceased individuals and outdated information.
Protecting Yourself from Identity Theft
In light of this breach, individuals can take several steps to protect themselves from potential identity theft:
- Monitor Credit Reports: Regularly check your credit reports from the three major bureaus: Equifax, Experian, and TransUnion. Look for any unauthorized activity or unfamiliar accounts.
- Place a Fraud Alert: Contact one of the credit bureaus to place a fraud alert on your credit file. This will notify creditors to take extra steps to verify your identity before opening new accounts.
- Freeze Your Credit: Consider freezing your credit, which prevents new credit accounts from being opened in your name without your consent. This is a more secure option compared to a fraud alert.
- Use Identity Theft Protection Services: Enroll in services that monitor your personal information and alert you if it appears on the dark web or is used fraudulently.
- Enable Two-Factor Authentication: Strengthen your online accounts by enabling two-factor authentication, adding an extra layer of security.
Modernizing Identity Verification
The breach underscores the need for more secure and modern methods of identity verification. Here are some potential strategies:
- Biometric Authentication: Implementing biometric systems, such as fingerprint or facial recognition, it’s who you physically, which can provide a more secure and unique form of identity verification compared to SSNs and difficult to replicate for obvious reasons.
- Digital Identity Solutions: Developing digital identity platforms that use blockchain technology can enhance security and provide individuals with more control over their personal information.
- Decentralized Identifiers: Encourage the use of decentralized identifiers (DIDs) that allow individuals to manage their identity data without relying on centralized databases vulnerable to breaches.
- Continued Legislation and Enforcment of Regulations: Strengthen data protection laws to hold companies accountable for safeguarding personal information and mandate timely notification of breaches.
The National Public Data breach has exposed significant vulnerabilities in the handling of personal information. No system or organization is 100% secure so let find another system of identifying individuals and proving who we are in order to operate and live in the United States. By adopting more advanced security measures and modernizing identity verification processes, individuals and organizations can better protect themselves against the growing threat of data breaches and identity theft.