National Public Data's Recent Mega-Breach Affects Close to 3B – and Includes SSNs

Estimated Reading Time: 4 Minutes

This is one of those times when those with identity theft protection are likely very thankful. This isn’t your standard breach blog – at the risk of sounding too cavalier – because, yes, all breaches are serious. But this breach rivals only the 2013 Yahoo hack that impacted all 3B of its user accounts (with names, email addresses, phone numbers, birth dates, and hashed passwords and security questions and answers exposed).

This breach exposed the data of 2.9 billion people and included:

• Full names,
• Former and current addresses,
• Social Security numbers, and
• Personal data tied to parents, siblings, and other relatives (including some who have been deceased for nearly 20 years)

Unfortunately, too, most victims likely have no idea their details were part of such a serious hack. The reason is that the breached company in question, Jerico Pictures Inc., doing business as National Public Data (or “NPD”), scrapes information about individuals from non-public sources without their knowledge or consent. They’re a background search company businesses use to obtain criminal records, background checks, and more via XML integration.

And while a hacker group posted a “National Public Data” database containing the leaked information on a dark web hacking forum, seeking $3.5 million from a potential buyer, back in April, news of this is just being made public since a lawsuit was filed. The lawsuit is a class action complaint, with named plaintiff Christopher Hoffman, and states that he was alerted by his identity protection company on July 24 that his data was exposed on the dark web.

To date, NPD still has yet to provide any kind of notification to victims.

Ramifications of the National Public Data (aka Jerico Pictures, Inc.) Data Leak for Those Involved

Damage from leaked SSNs can affect victims for the rest of their lives, and, therefore, this breach poses a massive threat to those impacted. Criminals can commit almost any type of fraud with this unique government-given identifier, including opening new credit accounts, committing tax fraud, securing loans, applying for government benefits, such as unemployment or Social Security benefits, and much more.

For those without resolution services, resolving these types of crimes can be arduous, time-consuming, and stressful. Financial losses, damage to one’s credit score, inability to make legitimate claims for government benefits or tax refunds, and more are all par for the course here.

Tips for Your Customers to Help Protect Against the Negative Impacts of This Mega-Breach

If your customers have Iris identity monitoring, they should make sure their Social Security number is being actively monitored on the dark web (along with other personal information). With the sheer number of individuals impacted, we suggest that, at this stage, everyone assumes their sensitive data could potentially be involved and take the following key precautions.

• Always make sure you check your alerts in a timely fashion – time is of the essence in reducing the chances of identity theft and/or fraud resulting from the leaked information!
  
  
• If you have an Iris portal, navigate to the Fraud Protection Center for resources to help you place a fraud alert on your credit report to help prevent new account openings without your consent.
  
  
• You will also notice resources to help you place a security freeze on your credit file so no new credit can be opened in your name. We highly recommend considering this due to the severity of this breach.
  
  
• Remember that our Identity Theft Resolution team is available 24/7 if you ever need any help.
  
  
• Enable two-factor authentication where possible. This provides an extra layer of protection and is information that can’t be phished.
  
  
• With access to your SSN, scammers will likely be trying to uncover more personal information about you, leading to increased risks of phishing scams.
  
  
  • Be wary of all communications, verify the sender, and never click on any links or attachments you’re unsure of.
    
    
  • Scammers often use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
    
    
• Keep a close eye on your financial statements, credit reports, and government benefit statements for any unauthorized activity.

Lastly, if you’ve been wondering if it makes sense to offer identity protection services to your employees or customers, the answer is always yes! It’s breaches like these can profoundly rock consumer confidence. If your organization is proactively providing protection to your people, however, it can make the sting a little more palatable and also help to foster goodwill and loyalty.

Just make sure you find a provider that offers comprehensive identity monitoring services that will send alerts as soon as any compromised credentials or personal information is detected on the dark web. We’d be none the wiser here if the plaintiff in this case was never alerted to his sensitive information being found on the dark web.

It’s also important to find one that provides 24/7 resolution services. This is one of those breaches where we can predict a lot of ugly crimes to come as a result of the data exposed – and you want to ensure your customers have someone who can help them pick up the pieces and provide them the peace of the mind they’ll likely be searching for.