news-15082024-183441

Massive Data Breach Exposes 2.7 Billion Records with Social Security Numbers

In a shocking revelation, it has come to light that almost 2.7 billion records of personal information for individuals in the United States have been leaked on a hacking forum. This massive data breach has exposed sensitive details such as names, social security numbers, all known physical addresses, and possible aliases of millions of people.

The data is said to have originated from National Public Data, a company known for collecting and selling access to personal data for various purposes such as background checks, obtaining criminal records, and assisting private investigators. It is believed that National Public Data gathers this information from public sources to create individual user profiles for individuals in the US and other countries.

Back in April, a threat actor going by the name USDoD claimed to be in possession of 2.9 billion records containing personal data of individuals from the US, UK, and Canada. This data was reportedly stolen from National Public Data. At the time, USDoD attempted to sell the data for $3.5 million, claiming that it included records for every person in the three countries.

USDoD is a notorious threat actor who has previously been associated with the attempted sale of InfraGard’s user database in December 2023 for $50,000. Despite attempts by BleepingComputer to contact National Public Data for a response, no reply was received.

Stolen Data Leaked for Free

Since the initial breach, various threat actors have released partial copies of the stolen data, each leak containing a different number of records and varying data. On August 6th, a threat actor known as “Fenice” made headlines by leaking the most comprehensive version of the stolen National Public Data data for free on the Breached hacking forum.

Interestingly, Fenice claimed that the data breach was actually orchestrated by another threat actor named “SXUL” and not USDoD. The leaked data consists of two text files totaling 277GB and containing nearly 2.7 billion plaintext records, slightly lower than the 2.9 billion figure initially shared by USDoD.

While it remains uncertain whether this leak encompasses the data of every person in the US, numerous individuals have verified that the information includes their own and their family members’ details, even including data of deceased individuals. Each record contains a person’s name, mailing addresses, and social security number, with some records containing additional information like other names linked to the person. It is essential to note that none of this data is encrypted.

Past leaked samples of the data also included phone numbers and email addresses, although these details are absent in this 2.7 billion record leak. Each person may have multiple records, one for each address they are known to have lived at, indicating that the breach did not impact 3 billion people as inaccurately reported in some sources.

Inaccuracies and Outdated Information

Some individuals have reported that their social security numbers were associated with unknown persons, highlighting inaccuracies in the leaked data. Moreover, the data may be outdated as it lacks current addresses for individuals checked, suggesting that it may have been extracted from an older backup.

The repercussions of this data breach have been significant, leading to multiple class action lawsuits against Jerico Pictures, suspected to be operating as National Public Data, for failing to sufficiently safeguard people’s data. If you reside in the US, it is highly likely that your personal information has been compromised in this breach.

Protecting Yourself

Given the vast number of social security numbers exposed, it is crucial to monitor your credit report closely for any signs of fraudulent activity and promptly report any suspicious findings to the relevant credit bureaus. Additionally, considering that previously leaked samples included email addresses and phone numbers, it is advisable to remain vigilant against phishing attempts and fraudulent SMS texts seeking to extract further sensitive information from you.

In conclusion, the exposure of 2.7 billion records containing personal information, including social security numbers, in this massive data breach raises serious concerns about data security and privacy. The repercussions of such breaches can be far-reaching and may have long-lasting effects on individuals whose information has been compromised. It underscores the need for stringent data protection measures and heightened awareness among individuals to safeguard their personal information in an increasingly digital world.