.webp)
In one of the most significant data breaches in recent history, nearly 2.7 billion records containing sensitive personal information have been allegedly leaked on a popular hacking forum. The data was supposedly obtained from National Public Data (NPD), a US-based data broker. NPD collects and sells personal information for various lawful purposes, including background checks and criminal record searches. A threat actor known as "SXUL" is said to be responsible for the breach, the data was initially offered for sale by a different group called "USDoD.” The leak has sparked widespread concern over the potential for identity theft and fraud, leading to at least four class-action lawsuits against NPD. The company has yet to confirm the breach or provide guidance to those affected, further exacerbating the situation.
The breach is believed to have occurred due to inadequate security measures at National Public Data, where the data was stored without encryption, making it easily accessible to anyone with unauthorized access. The compromised data, totaling nearly 2.7 billion records, was first offered for sale by a group known as "USDoD" in April 2024, who claimed to have obtained personal data for 2.9 billion people across the US, Canada, and the UK. The data was later leaked for free by another threat actor, "Fenice," who claimed responsibility for the breach. The repository storing the personal data was compromised, allowing the attackers to exfiltrate the information and subsequently put it up for sale on the dark web.
The first indications of the breach emerged when large files containing personal data were shared on hacking forums. Individuals who reviewed the data confirmed its legitimacy, which prompted a deeper investigation into the source of the leak. The fact that the data was leaked in multiple stages by different threat actors further complicated the situation, making it difficult to trace the exact timeline of the breach.
The breach has had a profound impact, not only on National Public Data but also on the millions of individuals whose information was exposed. The leaked data includes names, Social Security numbers, addresses, and online monikers. At least four class-action lawsuits have already been filed against NPD, with plaintiffs arguing that the breach has exposed them to a heightened risk of identity theft and fraud. The compromised data, although partially outdated, still poses a significant risk to individuals, as even old information can be used for malicious purposes.
The breach involved the compromise of sensitive personal data rather than critical infrastructure systems. However, the leak's scale and the information's sensitivity make this breach particularly damaging. The lack of encryption and the ease with which the data was accessed highlight serious deficiencies in NPD’s data protection practices.
To date, National Public Data has not publicly detailed its response actions, and the widespread availability of the leaked data suggests that initial containment efforts were either delayed or ineffective. The company has not confirmed the breach or provided guidance to those affected, leaving many individuals unsure of how to protect themselves from potential fraud or identity theft.
The apparent lack of a coordinated response from National Public Data suggests that the company’s incident response plan may have been inadequate or not properly implemented.
Effective incident response requires immediate action to contain the breach, assess the damage, and communicate with stakeholders. The company’s failure to address the breach promptly and transparently has likely exacerbated the situation, leading to increased scrutiny and potential legal consequences.
There has been no public disclosure of any ransom demands or negotiations related to this breach. However, the initial attempt to sell the stolen data for $3.5 million by the group "USDoD" highlights the value of the information and the motivations behind such breaches. The fact that the data was later leaked for free suggests that the attackers may have shifted their strategy, possibly due to the lack of a willing buyer.
In response to the breach, National Public Data must prioritize the implementation of stronger security measures to prevent future incidents. This includes encrypting all sensitive data, both at rest and in transit, to ensure that even if data is exfiltrated, it remains unreadable to unauthorized parties. The company should also enforce strict access controls, limiting access to sensitive information based on the principle of least privilege. Multi-factor authentication should be implemented across the organization to further protect against unauthorized access. Regular security audits and penetration testing should be conducted to identify and address vulnerabilities in the network’s infrastructure.
The breach serves as a stark reminder of the evolving threat landscape and the importance of proactive cybersecurity measures. National Public Data and other organizations in similar industries must recognize that the risks associated with data breaches are ever-present and continuously adapt their security practices to mitigate these risks. Lessons learned from this incident should inform future security practices, including the need for real-time monitoring, rapid response capabilities, and transparent communication during a breach. Organizations must also invest in ongoing cybersecurity training for employees to ensure that they are equipped to identify and respond to potential threats.
To prevent similar incidents, organizations must prioritize the implementation of comprehensive data security protocols:
Additionally, strict access controls should be established, limiting access to sensitive information to authorized personnel only. Multi-factor authentication should be mandatory across the organization to prevent unauthorized access. Regular security audits and vulnerability assessments are essential to identify and address potential weaknesses in an organization’s infrastructure.
On this episode of the CyberWatch podcast, there are updates to software across the application and OS spectrum. New malicious campaigns are threatening victims of all sizes, and researchers have performed dissections on malware to give defenders new clues about just what it is they're fighting. All this today, in CyberWatch.
As we conclude our 'ransomware readiness week' of this Cybersecurity Awareness Month, it's time to take a critical look at your organization's defenses. Ransomware attacks are becoming more sophisticated, and no business is immune. In our latest article, we explore essential strategies to bolster your ransomware preparedness. Don't miss this vital information to help protect your business from emerging threats.
Ethical hacking has become an essential response to an IT industry kept on its toes by a spectrum of bad actors with malicious intent. This article introduces two prominent methodologies that help the good guys fight back: penetration testing (pen-testing) and red teaming. Learn more here.
Host Geoff Hancock was joined by guests Mike Rush, Director of Threat Intelligence at Access Point Consulting; and Evie Manning, Senior Director of Threat Hunting and Intelligence at Access Point Consulting. Together, they talked about cyber threat intelligence and the applications that can make it work for small and medium-sized businesses.
