In early 2024, National Public Data, an online background check and fraud prevention service, experienced a significant data breach. This breach allegedly exposed up to 2.9 billion records with highly sensitive personal data of up to 170M people in the US, UK, and Canada (Bloomberg Law).This article provides detailed information about the breach, the data exposed, and recommended actions to help you stay safe.
Breach Details
According to National Public Data, a malicious actor gained access to their systems in December 2023 and leaked sensitive data onto the dark web from April 2024 to the summer of 2024. This data contained the following details:
- Full names
- Social Security Numbers
- Mailing addresses
- Email addresses
- Phone numbers
Risks of the exposed data
The compromised data in this breach can be exploited for different cybercrimes and fraudulent actions. The following list shows possible risks associated with each category of exposed information:
- Full Names: Misuse of your identity for fraudulent activities, such as opening new accounts or making unauthorized purchases.
- Social Security Numbers: High risk of identity theft, which can lead to fraudulently opened credit accounts, loans, and other financial activities. It's important to monitor your credit reports. You might want to consider placing a fraud alert or credit freeze on your social security number.
- Addresses: Access to your physical address increases the risk of identity theft and physical threats. These threats can include fraudulent change-of-address requests and potential home burglaries.
- Phone Numbers: There is a high likelihood of increased phishing attacks through text messages and phone calls, potentially resulting in unauthorized access to personal and financial information. This also increases the risk of unsolicited (spam) calls.
- Email addresses: Increased risk of targeted phishing, account takeovers, unauthorized access, and a higher chance of spam emails.
Recommended Actions
Based on the type of information exposed, consumers should consider the following steps to reduce risks. Unless you know exactly what was exposed, you should assume all of the personal data types listed were exposed. As such, we recommend taking the following actions:
- Social Security Numbers:
- Phone Numbers:
- Stay alert for phishing attempts via texts and calls. Never share personal details with unknown contacts.
- Disregard messages from untrusted sources.
- Avoid clicking on links in unexpected text messages, regardless of the sender.
- Emails:
- Change your email password and enable two-factor authentication
- Update security questions and passwords for other accounts using this email address.
- Don't open any unsolicited messages or click links in messages from suspicious senders.
Microsoft Defender for Individuals identity theft monitoring
Microsoft Defender is part of the Microsoft 365 personal or family subscriptions and includes identity theft monitoring. If you’ve enabled identity theft monitoring, you’ll automatically receive an email or push notification if your data is found in the NPD breach or future breaches.
If you’ve enabled identity theft monitoring, you’ll also have access to the following features to help reduce the impact from this breach:
- Credit monitoring: Microsoft Defender includes credit monitoring, which actively tracks your credit file for any new events (like new accounts, inquiries, or negative items) that may harm your credit and reputation. It helps safeguard your identity and finances by promptly notifying you of such occurrences, allowing you to take action right away to help prevent identity theft and fraud.
- Expert recommendations: Microsoft Defender provides a list of recommended actions to take based on the data found in the breach. These actions help you protect yourself from malicious actors.
- Restoration support: Microsoft Defender subscribers have access to a team of restoration experts who can help answer questions and provide guidance on how to protect your identity and help restore identity theft.
- Insurance: Microsoft Defender subscribers are covered by identity theft insurance1 that covers both the costs associated with identity restoration (up to $1M USD), as well as financial damages incurred because of identity theft (up to $100k USD).
