National Public Data (NPD), a company that resells personal data for background checks, recently admitted to a significant data breach that compromised the personal information of countless individuals. The breach, a topic of discussion on dark web forums for months, has now been officially acknowledged by the company, though many critical details remain unclear.
A data breach was revealed after months of speculation
For several months, dark web forums have been buzzing with discussions about a supposed data breach at NPD. Posters have claimed that the breach exposed sensitive information, including names, Social Security numbers, physical addresses, and other personal data. Despite these claims circulating online, the NPD remained silent, providing no official confirmation or denial.
However, NPD finally addressed the issue this week by publishing a Security Incident page on their website. The page confirmed a breach had occurred but left many questions unanswered, adding to the growing concerns among those potentially affected.
Details of the breach and its implications
The data breach is believed to have resulted from a third-party attack in late December 2023. The attackers reportedly attempted to infiltrate NPD’s systems, and certain data is suspected to have been leaked in April 2024 and later during the summer. The information compromised in the breach includes names, email addresses, phone numbers, Social Security numbers, and mailing addresses.
The scale of the breach is staggering, with reports indicating that 2.9 billion rows of data were leaked. However, the exact number of individuals affected remains unknown. Troy Hunt, the operator of Have I Been Pwned, analysed the files posted on hacking forums and found inconsistencies in how the data was linked to specific individuals, raising further concerns about the accuracy and extent of the breach.
NPD’s response leaves many questions
In its statement, NPD mentioned cooperating with law enforcement and government investigators to review the potentially affected records. The company also indicated that it would notify individuals if any further significant developments were applicable to them.
However, NPD’s response has been criticised for its lack of transparency. The company has not disclosed the total number of people affected by the breach or offered compensation to those whose personal information was exposed. Furthermore, the website provides no direct contact avenues for individuals seeking more information or assistance. Instead, NPD advises people to monitor their credit reports closely.
The situation has left many feeling vulnerable and frustrated as they grapple with the potential consequences of having their sensitive information exposed. The lack of clear communication and support from NPD only adds to the uncertainty surrounding this significant data breach.
