Several months after a hacking group claimed to have stolen nearly 3 billion records from a prominent data broker, a significant portion of this data has reportedly been leaked on a forum. According to Bleeping Computer, the data dump includes 2.7 billion records containing personal information of U.S. residents, such as names, Social Security Numbers, potential aliases, and all known physical addresses.
The unencrypted data is believed to have been sourced from a broker named National Public Data. This company allegedly compiles profiles by gathering information from public sources and then sells this data for purposes such as background checks and criminal record searches. Earlier this month, a proposed class-action lawsuit was filed against National Public Data in connection with the breach.
In April, the hacking collective USDoD attempted to sell 2.9 billion records they claimed were stolen from the company, containing personal data on individuals in the U.S., UK, and Canada. The group sought $3.5 million for the entire 4TB database. Since then, various entities have leaked portions of the data.
Previous leaks included phone numbers and email addresses, but these were reportedly absent from the latest, more comprehensive dump. As a result, you cannot check whether your information is included in this particular leak by using services like Have I Been Pwned?
The leaked data includes multiple records for many individuals, with separate entries for each address they have lived at. The dump consists of two text files totaling 277GB. Although it’s impossible for any independent body to verify that the data covers every person in the U.S., Bleeping Computer suggests the breach likely affects anyone living in the country.
The publication notes that several people have confirmed the accuracy of the information the dump contains about them and their family members, including deceased relatives. However, in some cases, Social Security Numbers were incorrectly associated with individuals. Bleeping Computer speculates that the data might have been stolen from an old backup, as it does not include current home addresses for some individuals whose details were checked against the dump.
To protect yourself from potential consequences of the leak, such as fraud and identity theft, consider taking the following steps:
- Be vigilant against scammers and phishing attacks that may seek to access your online accounts.
- Monitor your credit reports for signs of fraudulent activity, and notify credit bureaus Experian, Equifax, and TransUnion if you spot anything suspicious.
- Consider placing a freeze on your credit files to prevent others from opening accounts or obtaining loans in your name.
- Sign up for identity fraud protection services and consider removing your personal information from public databases, though these services may come with a fee.
- Use two-factor authentication (preferably through an authenticator app rather than SMS) wherever possible.
- Use a password manager, avoid reusing login credentials across different services, and regularly update passwords for your most sensitive accounts.
Source: Engadget
