National Public Data Breach Exposes 2.9 Billion Records: How to Check if Your Information Was Exposed

Data Breach graphic

A significant data breach including 2.9 billion records from the company National Public Data has compromised the personal information of many millions of Americans. National Public Data normally sells data to companies for the purpose of background checks, criminal records and more. But it appears that much, if not all of the data they’ve obtained over the years has been leaked. The breach includes sensitive data such as names, addresses, Social Security numbers and birthdates – information that identity thieves and scammers can use to their benefit.

How to Check If You Were Affected:

To determine if your personal information was part of the breach, here are a few trustworthy websites where you can enter some information to check if your data has been exposed:

These websites will require you to provide a portion of your information, and return any remaining data that matches the search inquiry.

What to Do if Your Information Was Exposed:

If your information was exposed in the breach, take the following steps:

  1. Freeze Your Credit: Contact the three major credit bureaus (Equifax, Experian, and TransUnion) to place a credit freeze on your account. This will prevent unauthorized individuals from opening new accounts in your name.
  2. Monitor Your Accounts: Regularly check your bank statements, credit card bills, and other financial records for any suspicious activity.
  3. Report Identity Theft: If you believe your identity has been stolen, file a police report and contact the Federal Trade Commission (FTC) to report the incident.

Staying Informed:

As more details about the data breach emerge, it’s important to stay informed about the situation. Keep an eye on news reports, official government announcements, and updates from the affected companies.

Remember: While this breach is a significant event, there are steps you can take to protect yourself and minimize the potential damage. By following the advice above and staying vigilant, you can help safeguard your personal information.

What you need to know about “credential stuffing”

Credential stuffing is a cyberattack that exploits stolen login credentials. Online accounts with PayPal, NortonLifeLock, 23andMe, and Roku are just some of the companies that have reported recent attacks on customer accounts. Here’s how it works:

  1. Data Breaches: Attackers obtain large databases of usernames and passwords through data breaches on various websites or services.
  2. Automated Login Attempts: They use these stolen credentials in automated programs to attempt logging in to other unrelated websites or services.
  3. Preying on Reuse: The attackers rely on the fact that many people reuse the same login credentials (username and password) across multiple accounts.

Imagine a thief who finds a box of keys stolen from various houses. They try these keys on different houses in the neighborhood, hoping some will unlock doors – that’s similar to credential stuffing.

Why it works:

  • People reuse passwords: As mentioned, credential stuffing works because many people use the same login information on multiple sites.
  • Large-scale attacks: Attackers can attempt logins on thousands of accounts very quickly using automated tools.

How to protect yourself:

  • Unique passwords: Use strong and unique passwords for every single online account you have. Password managers can be helpful for creating and storing strong passwords.
  • Multi-factor authentication (MFA): Enable MFA whenever available. This adds an extra layer of security by requiring a second verification step beyond just your username and password.
  • Beware of phishing attacks: Phishing attacks can trick you into revealing your login credentials on fake websites. Be cautious of suspicious emails or messages.