National Public Data cyber attack impacted over 1.3 million individuals

National Public Data, a background verification service provided by Jerico Pictures Inc., said the data security incident it suffered recently compromised the sensitive personal information of approximately 1.3 millions individuals.

 

Earlier this month, a threat actor going by the name “Fenice” leaked 2.9 billion records containing sensitive personal data belonging to the National Public Data (NPD), a background-checking service provider which collects personal data of individuals from non-public sources.

 

The huge trove of data is divided in two links, totalling a whopping 277 GB worth of information. The leaked database contains names, addresses, cities, counties, states, ZIP codes and Social Security Numbers in plain text which poses significant threat to affected individuals.

 

In April, another threat actor going by the name “sxul” claimed that they infiltrated the internal network of NPD and stole a personal information database which they offered to sell for $2 million on the dark web.

 

In a statement shared with the media, NPD acknowledged the massive data leak, stating that it detected suspicious activity in its internal network in December, followed by a threat actor leaking the stolen data on the dark web.

 

“The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024. We conducted an investigation and subsequent information has come to light,” NPD said.

 

“The information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es),” the company added.

 

In a filing with the Office of Maine Attorney General, NPD said that it has identified at least 1.3 million individuals whose sensitive personal data has been compromised as a result of the data security incident.

 

NPD has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general. However, it has decided not to provide any complimentary identity protection and credit monitoring services to the affected individuals.