Security News > 2024 > August > After nearly 3B personal records leak online, Florida data broker confirms it was ransacked by cyber-thieves
According to USDoD, the stolen data was collected by NPD between 2019 and 2024.
After weeks of silence, and countless people starting to get alerts from privacy and anti-fraud services that their personal info has been leaked, NPD has, in cagey language, confirmed it was compromised and that its data was stolen and shared.
"The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024," the background check firm added.
Troy Hunt, of HaveIBeenPwned.com fame, has a sobering analysis of the leaked data here, in which he points out that the file containing the Social Security numbers does not include people's email addresses, so if you get an alert that your email address has appeared in the disclosed NPD collection, don't assume your SSN is in there.
According to stats from Atlas Data Privacy, 272 million unique SSNs are in the stolen collection, most of them with a name and address, and about a quarter of the time a phone number.
Finally, as we earlier reported, people who use a data opt-out service to keep their info out of databases like NPD's found that their details were not among the leaked records, so on that basis, those services do work.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/08/16/national_public_data_theft/