Search This Blog

Powered by Blogger.

Blog Archive

Labels

Massive Data Breach Worsens as New Details Emerge Across US, UK, and Canada

A massive data breach exposed 2.7 billion records, compromising personal information across the US, UK, and Canada.

 


Several days ago, the company whose data breach could have potentially exposed all Americans' Social Security numbers to identity thieves confirmed that they were victims of a data breach, stressing that they obtained even more sensitive data than previously reported. As a result, almost 2.7 billion personal records of Americans have been disclosed on a hacking forum, revealing the names, social security numbers, all known addresses, and possible aliases of people in the United States. Data supposedly comes from National Public Data, which is a government database. 

To furnish background checks, and criminal records, in addition to helping private investigators and lawyers to determine the truth of a suspected crime, this company collects and sells the access to personal data. According to reports, National Public Data takes this information from public sources to compile the profiles of individuals living in the US and other countries to facilitate their shopping and travel. 

According to reports, the data was collected from a company called National Public Data, and it contains information such as social security numbers for US citizens and other details that might be of interest to them. The information contained in this statement is typically used by private investigators and others in the background check and legal process. It was reported on National Public Data's site in April 2024 and summer 2024 that a "Security Incident" notice had been posted on its website regarding potential data leaks that may have occurred in April or summer of 2024. 

According to a class action lawsuit filed in the U.S., the company claimed the breach involved a third party hacking into data in late December 2023, and that the breach took place on December 19, 2023. USDoD, the hacking group, claimed in April that it had stolen personal information from National Public Data from 2.9 billion people. Proceedings were held at the District Court in Fort Lauderdale, Florida. 

X published a post on a popular hacker forum in which this hacker group offered to sell data from the United States, Canada, and the United Kingdom for $3.5 million, citing the fact that the data came from many countries. A hacker was reported to have tried selling the data, initially rumored to contain 2.9 billion records, for $3.5 million according to Bleeping Computer, a website dedicated to computer security. 

A hacker reported that the hacking breach encompasses thousands of records belonging to everyone living in the countries affected by this breach. Despite the positive aspects of the breach, it does highlight serious concerns about the security of personal information and highlights how important it is to protect this information.  Approximately 2.7 billion plaintext records have been exposed in the two massive text files totaling 277GB which represent a breach of privacy. 

In comparison, the US Department of Defense originally estimated that there were 2.9 billion records in its database, which is a significant decrease. As a result of the leak, sensitive information about individuals, such as names, addresses, and social security numbers, has been exposed. It is also possible to find some records containing additional information, such as alternative names for individuals that appear on the record. 

Some reports mentioned that several incidents where individuals' personal information has been compromised, including those who are deceased in the past few days, and who have confirmed that they were affected by the breach. It is important to make a point that none of the data in this system is encrypted, which makes misuse and identity theft even more likely. 

There are two types of records - ones that contain information about a person - that include their name, mailing address, and social security number, while others may include additional information, such as a person's past addresses, or other names associated with that person. A significant data breach has recently come to light, affecting millions of individuals across the United States, the United Kingdom, and Canada. The scope of this breach is far more extensive than initially anticipated. Notably, none of the compromised data was encrypted, leaving sensitive information vulnerable to exploitation. In the past, leaked samples from this breach included phone numbers and email addresses. 

However, these particular details are absent from the most recent leak, which involves a staggering 2.7 billion records. It's important to clarify that this figure does not equate to the number of affected individuals. Each person may have multiple records within the dataset, corresponding to different addresses they have been associated with over time. 

Consequently, the claim that 3 billion people were impacted by this breach is inaccurate and reflects a misunderstanding of the data. Moreover, some individuals have reported to BleepingComputer that their social security numbers were linked to other people they do not know, raising concerns about the accuracy of the information within the dataset. This suggests that not all the data is reliable and may contain errors.

Another critical aspect of this breach is the potentially outdated nature of the data. Investigations have revealed that the compromised information does not include the current addresses of the individuals affected. This suggests that the data may have been sourced from an older backup, rather than a recent database. The breach has prompted multiple class action lawsuits against Jerico Pictures, a company believed to be operating under the name National Public Data. 

The lawsuits allege that the company failed to adequately protect the personal information of millions of individuals. For residents of the United States, this breach likely means that some of their personal information has been exposed. Given that hundreds of millions of social security numbers are included in the compromised data, individuals are strongly advised to monitor their credit reports closely for any signs of fraudulent activity. If any such activity is detected, it should be promptly reported to the credit bureaus. 

 Additionally, although the current leak does not contain phone numbers and email addresses, these details were included in previous breaches. Therefore, individuals should remain vigilant against phishing attempts and SMS scams that may try to exploit the situation by tricking them into revealing further sensitive information. This breach serves as a stark reminder of the importance of data security and the potential consequences when companies fail to protect the personal information entrusted to them.
Share it:

CyberCrime

Cyberhacerks

Cybersecurity

Cyberthreats

Data Breach

National Public Data