Last week, National Public Data (NPD) confirmed that they had suffered a security breach dating back to December of last year. The breach involved a massive 2.9 billion lines of data, which included sensitive information such as Social Security numbers. This stolen NPD database was advertised on the dark web in April by a hacker group known as USDoD for a hefty sum of $3.5 million. Subsequently, the stolen data made its way to various public platforms, putting countless individuals at risk of identity theft and fraud.
Recent reports from Krebs On Security shed light on yet another troubling development. A website similar to NPD, named recordscheck.net, was discovered hosting an archive that contained site logins and source code for some tools in plaintext. This finding raised concerns as it provided ample information to access the same consumer records as NPD. The website’s now-removed file even included email data linked to NPD’s founder, Salvatore Verini, a former actor and sheriff’s deputy from Florida. Verini, in an email exchange with Krebs On Security, claimed that the file contained an outdated website version with “non-working code” and mentioned plans to shut down the site shortly due to an “active investigation.”
The Fallout
Further investigations revealed that Verini had written a glowing testimonial for Creation Next, a web development company mentioned in the archived source code. Since the leak on the hacker forum last month, numerous websites like npdbreach.com and npd.pentester.com have emerged, claiming to offer searches to determine if individuals’ information was compromised in the breach. However, using these services requires users to input personal information such as their name, birth year, and possibly their Social Security number into unidentified forms, raising more concerns about privacy and security.
In light of these alarming developments, it is crucial for individuals to take proactive measures to safeguard their personal data. Implementing strong password practices, enabling two-factor authentication, and regularly monitoring financial statements for any suspicious activity are recommended steps to protect against identity theft and fraud. Additionally, being cautious about sharing sensitive information online and verifying the legitimacy of websites before submitting any personal data can help mitigate risks associated with data breaches.
The NPD security breach serves as a stark reminder of the increasing threats posed by cybercriminals in today’s digital age. As technology continues to advance, both individuals and organizations must prioritize cybersecurity to prevent unauthorized access to sensitive information. By staying informed about data breaches and taking proactive steps to enhance security measures, we can collectively work towards creating a safer online environment for all.