In a shocking revelation, nearly 2.7 billion personal records from individuals in the United States have been leaked on a hacking forum. This massive breach has exposed an array of sensitive information, including names, Social Security numbers, complete addresses, and potential aliases. The data is believed to have originated from National Public Data, a company specializing in the aggregation and sale of personal information for background checks, criminal record investigations, and private inquiries.

National Public Data, which gathers information from public sources to create comprehensive profiles, is at the center of this breach. The company’s database, which compiles personal data from U.S. residents and individuals from other countries, was allegedly compromised by threat actors seeking to monetize this valuable information. The breach was first brought to public attention by a threat actor known as USDoD, who claimed in April to have stolen 2.9 billion records from National Public Data. USDoD initially sought $3.5 million for the data, asserting that it included records from individuals across the U.S., UK, and Canada.

USDoD, notorious for its previous attempts to sell stolen data, was linked to a failed sale of InfraGard’s user database in December 2023. However, the situation evolved when a different hacker, identified as “Fenice,” released what is purported to be the most complete version of the stolen National Public Data records. On August 6, Fenice made these records available for free on the Breached hacking forum, revealing two text files totaling 277GB. This release contains nearly 2.7 billion plaintext records, slightly fewer than the 2.9 billion initially reported by USDoD.

Interestingly, Fenice has attributed the breach to another hacker, known as “SXUL,” rather than USDoD. The leaked data primarily comprises basic information: names, mailing addresses, and Social Security numbers. Some records include additional details, such as other names associated with the individuals. However, this particular batch of leaked data does not feature phone numbers or email addresses, which were present in earlier leaks.

The extensive nature of the data breach raises significant concerns. Affected individuals have reported that their personal details, as well as those of their deceased relatives, were included in the leak. This suggests that the compromised data is not only vast but also may be outdated, with some addresses checked being no longer current. This could indicate that the data was extracted from an old backup, further complicating efforts to assess its accuracy.

Furthermore, the fact that the leaked records are in plaintext format, without encryption, heightens the risk associated with this breach. The lack of encryption makes it easier for malicious actors to exploit the data, potentially leading to increased risks of identity theft and fraud. The breach’s magnitude has already resulted in multiple class action lawsuits against Jerico Pictures, the entity believed to be operating as National Public Data. These lawsuits claim that the company failed to implement adequate data protection measures.

For individuals in the U.S., this data breach is a cause for serious concern. Given the massive scale of the leak, it is highly likely that many people’s personal information has been compromised. It is strongly advised that affected individuals monitor their credit reports closely for any signs of fraudulent activity. Any suspicious activity should be reported to the credit bureaus immediately.

In addition to monitoring credit reports, individuals should remain vigilant against potential phishing attempts and SMS scams. Previous samples of the breached data included email addresses and phone numbers, which means scammers might use this information to craft convincing phishing messages aimed at acquiring additional personal details.

In conclusion, the National Public Data breach represents a severe lapse in data security, exposing billions of records containing highly sensitive information. As the full scope of the breach continues to unfold, it is crucial for individuals to take proactive measures to safeguard their personal information and remain alert to potential threats stemming from this massive data compromise.