2.7 billion data records were stolen.

Social Insecurity

Security experts are warning that a background check site may have been breached, resulting in the potential exposure of billions of Social Security and address records that could cover everyone in the United States.

As BleepingComputer reports, a hacking forum lit up when a user claimed to have access to a huge cache of documents gleaned from data brokerage National Public Data.

Though it doesn't share its methodology on its website, NPD is believed to scrape its data from publicly available records to create individual user profiles generally used by private investigators or in background or criminal records checks.

The hack reportedly doesn't just affect people in the US. The 2.9 billion files are also said to contain personal information for people in the United Kingdom and Canada as well.

When the alleged NPD hack was first posted to these forums back in April, the person selling the cache for a cool $3.5 million claimed it contained information on every person in all three countries. After that initial sale post earlier this year, others later posted portions of the cache for free on the hacker forum Breached likely greatly accelerating their dissemination online.

Historic Breach

Along with containing tons and tons of records that link names to Social Security numbers and addresses, the unencrypted cache is also said to attribute potential aliases of individuals as well.

While Bleeping Computer was not able to confirm whether the breach truly did impact every person in the US, the UK, and Canada, its reporters did verify with some people whose names, Social Security numbers, and addresses were contained within it that they were correct. However, their current place of residence was out of date. Others they spoke to, however, said that their Social Security numbers were linked to people who were not them.

As Bleeping Computer notes, it's important to know that each "record" is associated with every address a person has lived at. If you've moved around a lot, that means your corresponding record from this breach could have multiple address records connected to your name.

A background check company called Jerico Pictures that's believed to conduct business under the National Public Data moniker has been hit with a class-action lawsuit over its alleged failure to protect all that data.

The company itself, meanwhile, has seemingly not responded to any requests for comment, though as the Los Angeles Times reports, it has been telling users that it has purged its entire database and is "investigating" the "third-party claims" about the breach.

Experts told the LA Times that in the case of suspicion of identifying data theft, the best course of action is to freeze your credit cards.

More on big breaches: Bumble and Hinge Let Creeps See Your Exact Location


Share This Article