Overview
National Public Data (NPD), a data aggregator specializing in background checks, recently confirmed a massive data breach that exposed the personal information of potentially 100+ million individuals (Bleeping Computer, 2024; Krebs on Security, 2024). The breach included sensitive data such as Social Security numbers, names, email addresses, phone numbers, and mailing addresses (Bleeping Computer, 2024; Krebs on Security, 2024). The breach reportedly originated from a hacking attempt in late December 2023, with significant data leaks occurring in April and the summer of 2024 (Bleeping Computer, 2024; Krebs on Security, 2024).
A hacking group, identified as USDoD, offered the stolen data for sale on the dark web for $3.5 million (Bleeping Computer, 2024; Krebs on Security, 2024), but has claimed that it was not the originator of the data nor responsible for the breach; which they attributed to a hacker with the alias SXUL (Krebs on Security, 2024). The group claims the data has been circulating since December 2023 when it was originally stolen.
Comments