Background checking company National Public Data (NPD) has admitted to leaking sensitive information, including phone numbers, addresses and Social Security numbers, to hackers.
The company did not disclose the scale of the breach. 2.7 billion records involvedIt probably contains data on almost every American.
To make matters worse, a new report has revealed that another NPD data broker that shares access to the same consumer records exposed users’ passwords in its back-end database.
For security alerts and expert tips, sign up for KURT’s newsletter, The Cyberguy Report, here.
National Public Data confirmed that hackers accessed Social Security numbers, phone numbers and addresses. (Kurt “Cyberguy” Knutson)
What you need to know
KrebsOnSecurity It was reported that recordscheck.net, a sister site of the NPD, was hosting an archive containing usernames and passwords for site administrators.
Examination of the deleted archives revealed that they contained source code and plain text usernames and passwords for various components of recordscheck.net, a site that bears a strong resemblance to nationalpublicdata.com, with matching login pages.
The released archive, titled “members.zip,” suggests that all RecordsCheck users were initially given the same six-character password and were encouraged to change it, but that many did not.
According to KrebsOnSecurity, citing breach tracking service Constella Intelligence, passwords found in the source code archive match those leaked in previous data breaches, suggesting that millions of users could be affected in this case as well.
We reached out to RecordsCheck for comment but did not hear back by deadline.
Another NPD data broker exposed user passwords in a back-end database. (Kurt “Cyberguy” Knutson)
Confidential patient information exposed in data breach at major pharmaceutical company
National Public Data Responses
NPD founder Salvatore “Sal” Verini, a former Florida deputy sheriff, told KrebsOnSecurity that the exposed archive (a .zip file containing the credentials for recordscheck.net) has been removed from the company’s website. Verini also said the site will be taken down “in the next week or so.”
“The ZIP file was removed, but it was an older version of the site that contained codes and passwords that did not work,” Bellini said, declining to provide additional information, saying the matter is under investigation and he could not comment further.
Identity theft protection is essential to combat data breaches. (Kurt “Cyberguy” Knutson)
World’s largest database of stolen passwords uploaded to crime forum
A reminder to invest in identity theft protection
News of NPD’s data breach surfaced after a California man filed a lawsuit against the company, Bloomberg reported. He discovered the breach through an identity theft protection service that notified him that his data was included in the leaked database. Many people online have since reported receiving similar warnings from protection services, allowing them to take action before it was too late.
Identity theft protection services are practically a must in 2024. If you read CyberGuy articles, you’ve probably seen frequent reports about data breaches. AT&T BreachDell’s breach or Advance Auto Parts leak.
One of the best things about having identity theft protection is that it likely includes identity theft insurance. Up to $1 million to cover losses and legal costs And at the White Glove Fraud Resolution Team, U.S.-based case managers to help you recover your losses. Check out our tips and best choices for protecting yourself against identity theft.
Click here to get FOX Business on the go
4 additional tips to protect yourself from a data breach
While identity theft prevention is the first thing I recommend you do, there are also steps you can take to protect yourself.
1. Be careful with your password: recordscheck.net leaked passwords, but as we said before, many users didn’t change their automatically assigned passwords. This is a huge mistake. Always create strong passwords for your accounts and devices, and avoid using the same password for multiple online accounts.
Consider using Password Manager Securely store and generate complex passwords. It helps you create unique, hard-to-crack passwords that hackers can’t guess. It also tracks all your passwords in one place and types them for you when you log into your accounts so you don’t have to remember them yourself. Learn more about me Check out the best password managers of 2024, reviewed by experts.
2. Remove your personal information from the Internet: No service can completely wipe your data from the internet, but in light of recent data breaches like the NPD incident, using a data deletion service is a wise choice. These services aren’t cheap, but neither is privacy.
Click here to read more US news
They do the hard work by continuously monitoring and systematically removing your personal information from countless websites, giving you peace of mind and being one of the most effective ways to protect your data online. Check out my recommended data deletion services here.
3. Be careful with mailbox communication: Bad actors may also try to commit fraud through the mail. Data leaks give them access to your address. They may impersonate people or brands you know and use themes that require urgent action, such as delivery delays, account suspensions, and security alerts.
4. Check your credit report regularly: Get a free copy of your credit report from each of the three credit reporting agencies mentioned above. Review your report carefully for suspicious or fraudulent activity. If you find any inaccuracies or signs of fraud, report them to the credit reporting agencies immediately.
Massive health savings account data breach puts 4.3 million Americans at risk
Important points about the cart
The NPD data leak and security incidents related to its sister sites highlight the irresponsibility of these companies when handling sensitive public information. There is an urgent need for governments to step in and impose strict legal measures rather than light penalties, which should include fines. Anyone working with sensitive data should ensure that they encrypt it and take measures to prevent it from falling into the wrong hands.
Click here to get the FOX News app
Do you think current regulations are enough to deal with data breaches or do they need to be stricter? Let us know by email. Cyberguy.com/Contact Us.
If you want to receive more of my tech tips and security alerts, subscribe to the free CyberGuy Report newsletter at the link below. Cyberguy.com/Newsletter.
Have a question for Kurt or tell us the story you’d like to see featured?.
Follow Kurt on his social channels:
Answers to the CyberGuy’s most frequently asked questions:
New Arrivals from Cart:
Copyright 2024 CyberGuy.com. All Rights Reserved.
