SitRep: National Public Data Breach; Cyber Threat Landscape.

Overview

National Public Data (NPD), a data aggregator specializing in background checks, recently confirmed a massive data breach that exposed the personal information of potentially 100+ million individuals (Bleeping Computer, 2024; Krebs on Security, 2024). The breach included sensitive data such as Social Security numbers, names, email addresses, phone numbers, and mailing addresses (Bleeping Computer, 2024; Krebs on Security, 2024). The breach reportedly originated from a hacking attempt in late December 2023, with significant data leaks occurring in April and the summer of 2024 (Bleeping Computer, 2024; Krebs on Security, 2024).

A hacking group, identified as USDoD, offered the stolen data for sale on the dark web for $3.5 million (Bleeping Computer, 2024; Krebs on Security, 2024), but has claimed that it was not the originator of the data nor responsible for the breach; which they attributed to a hacker with the alias SXUL (Krebs on Security, 2024). The group claims the data has been circulating since December 2023 when it was originally stolen.

National Public Data (NPD) and its Founder