![\"\"](\"https:\/\/www.azuse.cloud\/wp-content\/uploads\/2024\/08\/th-458924136-300x141.jpg\")
<\/p>\n<\/p>\n
<\/p>\n
National Public Data is not a household name, maybe, but it should be. They’re a ‘data aggregator’, used by banks, credit card companies…these are the folks who keep your data for other folks to access. One would think that sensitive data should be secure, no? Well…\u00a0 no.<\/p>\n
\nIn a <\/span>statement<\/span> that offered little details, the Coral Springs, Fla.-based company acknowledged what numerous others have reported in recent days about a “third-party bad actor” accessing data from NPDs databases sometime in April 2024. The company described the data which the threat actor accessed as including full names, email addresses, phone numbers, Social Security numbers, and mailing addresses belonging to an unknown number of people.<\/span><\/p>\n
NPD is a data aggregator that claims businesses, private investigators, human resources departments, and staffing agencies use its data for background checks, to obtain criminal records and other uses.<\/span><\/p>\n<\/blockquote>\n
“Unknown number”…try almost 3 BILLION lines of records. That’s not 3 billion records, thankfully, but still millions upon millions of records. Who do they think they are, VA?<\/p>\n
\nNews of the breach has been circulating since at least April when <\/span>Dark Web Intelligence<\/span> posted on X about “USDoD” a hacker with a reputation for previous data heists, having obtained a database from NPD containing some 200 gigabytes of personal information on residents in the US, UK, and Canada. The threat actor claimed the NPD database contained some 2.9 billon rows of records. <\/span><\/p>\n
X-underground, a community focused on malware and cybercrime, <\/span>reviewed the dataset<\/span> and assessed the leaked data as being “real and accurate” and containing the first name, last name, SSN, current address, and addresses for individuals going back over 30 years. <\/span><\/p>\n
Troy Hunt, who maintains the “Have I Been Pwned” site, <\/span>reported finding 134 million unique<\/span> email addresses and millions of rows of criminal records. <\/span><\/p>\n<\/blockquote>\n
They say that this data was ‘scraped’ by NPD from many sources – I could believe that. I tested my name and birth year and it found multiple listings (even some addresses I had completely forgotten) but at least 25% of the Socials they showed were incorrect. pentester <\/a>has a tester similar to the one I used. I would strongly suggest testing to see if your data was leaked. If so, it is suggesting freezing your credit at the various credit reporting entities is the best response.<\/p>\n
Of course, the root problem is that we lazily allow the government and financial institutions to use an extremely INsecure number as the basis for all transaction – our Social Securiy Numbers. They were never intended to be a form of financial ID, and cases like this show the need for the Feds and banks to get off their collective derrieres and bloody well DO something to replace them.<\/p>\n
\n“NPD should have done lots of things better but there is one thing that’s on us: it’s past time to get rid of SSN,” says Ambuj Kumar, CEO of Simbian. Replacing SSN with a digital ID similar to what’s used in cryptography and in a technology like Apple Wallet is relatively easy and straightforward he says.<\/span><\/p>\n
“The impediments are purely psychological and inertia,” Kumar says. “Think of a digital ID as a government issued credit card number that is known only to the government and the individual,” he notes. “When applying for a mortgage, for example, a token is generated from the original number and this new number is shared with the bank. If there is a breach at the bank, the original number is still safe since the bank only saw the token.”DarkReading<\/a><\/span><\/p>\n<\/blockquote>\n
Makes sense to me.<\/p>\n","protected":false},"excerpt":{"rendered":"