In what is probably the biggest data breach in the history of data breaches, National Public Data was hacked and a massive amount of personal data was taken.
National Public Data is a personal data aggregator – they collect publicly available information about people and sell it to companies doing background checks, criminal checks, and things of that nature. In an ideal world, where this type of treasure trove of data isn’t an enticing target, it’s a good business to be in.
It turns out that in December of 2023, they were hacked and 2.9 billion records were taken. We only know this because that data was put up for sale on the dark web. Well, more accurately, a class action lawsuit was filed once people saw the data out there.
And these records include Social Security Numbers. It also includes full names, dates of birth, your addresses going back thirty years, and likely more.
Table of Contents
How to Check If Your SSN Was Leaked
The simplest way is to go to npd.pentester.com, they’ve collected some information and can check knowing your first and last name, state, and birth year.
My data was leaked, they had all my addresses in Maryland (where I live now) as well as Pennsylvania (where I went to college). Funny enough, they also have an address in Pennsylvania that I didn’t live in but was a case of identity theft about twenty years ago.
Below that red warning was a list of all the Jim Wangs in the leak starting with a bunch of rows specifically for me.
I didn’t “start a comprehensive scan now” but that’s basically the up-sell by Pentester. Nice of them to create a free tool and I get why they did it.
What To Do Next?
I would do everything I list in my do-it-yourself identity theft protection post.
If you aren’t super paranoid (which I am not, I assume my data is out there), you will want to do this at a minimum:
- Freeze all of your credit reports – It’s easy and free and prevents anyone from opening a new line of credit using your name and information. The downside is you need to unfreeze your report before opening lines for yourself.
- Use a classified email address – Anyone buying this data will try to phish you for more, avoid this by hiding your email address.
- Use two-factor authentication everywhere – Also known as 2FA, it’s when a website or app requires you to enter in a code you receive in your email or phone. It just makes your accounts slightly more secure. Also, don’t log into anything important from a computer or app or a network you don’t control.
- Consider scrubbing your personal information from the web – This may have have limited the damage from the National Public Data breach if you did this before December 2023 but now that this is out, you can’t really un-ring that bell. A service like DeleteMe can limit the impact in the future.
I live under the assumption this data is already out there but putting it in a nice box with a bow makes it too easy.
Sadly, it is the world we live in and this is what we need to do to protect ourselves.