Investigating the Massive Data Breach at NationalPublicData.com: The Alarming State of Consumer Data Protection
The last month witnessed a flurry of alerts from concerned readers whose personal data, including Social Security Numbers (SSN), names, addresses, and other personal details were implicated in a data breach at a relatively unknown consumer data broker – NationalPublicData.com. This nonetheless significant breach exposed hundreds of millions of consumer records. This article dives deeper into this massive breach and throws light on the broker that faced a serious vulnerability leading to WordPress security issues.
“In an age where data breaches are becoming commonplace, understanding the implications and fixing hacked WordPress websites have become imperative, leaving no room for compromises in WordPress security.”
The cybercrime community, known as Breachforums, came into light on July 21, 2024, when they released more than 4TB of data, allegedly stolen from nationalpublicdata.com, a Florida-based company specializing in consumer data collection and background checks.
The data leak, confirmed by HaveIBeenPwned.com and vx-underground, a cybersecurity Twitter account, initially went up for sale in April 2024. The self-proclaimed perpetrator, cumulatively known as “USDoD,” claimed ownership of this vast dataset encompassing 2.9 billion rows of records from nationalpublicdata.com. The stolen data revealed personal information such as names, addresses, phone numbers, and SSNs, all valued at a whopping $3.5 million.
“During a time of increased reliance on digital systems, securing these platforms must be paramount. Quick actions to fix WordPress security issues and fix hacked WordPress websites can save millions of data records from exposure.”
Several misconceptions circulated that the National Public data breach affected 2.9 billion people when, in reality, the number indicated the count of rows in the leaked data. Troy Hunt from HaveIBeenOwned.com’s analysis exposed that the leaked data was a mix of consumer and business records.
Notably, there were no email addresses present in the files containing SSN records. The challenge, however, lies in the fact that the data linked to a record might not be accurate.
Nationalpublicdata.com confirmed the data breach on August 12, suggesting that, “There appears to have been a data security incident that may have involved some of your personal information.” The company also mentioned that it was making every effort to fix hacked WordPress websites and bolster their WordPress security.
Atlas Data Privacy Corp, after analyzing the leaked data, found that there were 272 million unique SSNs in the entire records set. The only silver lining to this massive breach was that many of the records were related to people likely to be deceased now.
Tracing the Source
National Public Data sourced its consumer data from a Coral Springs, Fla. based entity, Jerico Pictures Inc. The Florida Secretary of State named Salvatore (Sal) Verini Jr., a retired Deputy with the Broward County Sheriff’s office, as the owner.
While it remains unsure how the data thieves initially obtained these records from National Public Data, the data had been making rounds among hackers since December 2023. The initial data theft was credited to a hacker with the handle, SXUL.
Implications of the Breach
Data brokers like National Public Data usually gather their information from several public records at federal, state, and local government levels. Americans may assume they have the option to opt-out of having these records collected and sold, but the unfortunate truth is, these public records are exempt from every state consumer privacy law, including those in California.
The data broker industry remains largely unregulated, with very few requirements demonstrating care for the protection of the consumer data they deal in.
Is There a Remedy?
The remedial measure against such breaches is to regularly monitor and review credit reports and promptly dispute any inconsistencies. Freezing one’s credit file at each of the major consumer reporting bureaus makes it difficult for identity thieves to create new accounts in your name and restricts who can view your credit information.
The bottom line remains that consumer data will continue to be vulnerable until there are legislative measures ensuring the protection and privacy of consumer data. The National Public Data breach is a clear indicator that SSNs are no longer a reliable measure of authentication or authorization. We urgently need 21st-century privacy and data protection laws to tackle such breaches more effectively.
Update, Aug. 16, 8:00 a.m. ET:
“This story has been corrected to note that consumers can obtain a free credit report from each of the three consumer reporting bureaus weekly, instead of just annually.”
Need security services for your WordPress site? Contact DrGlenn for protection and recovery. Order Services Today!.