National Public Data, a company that compiles information for background checks, has confirmed a significant data breach involving Social Security numbers and other sensitive information of countless Americans.

The firm, located in Coral Springs, Florida, announced on its website that there seems to have been a security incident where some personal information might have been compromised. It’s believed that this situation originated from a third-party hacker attempting to infiltrate their databases in late December 2023, with some data potentially leaking in April and summer of 2024.

The breach details were initially revealed through a class action lawsuit submitted in the U.S. District Court in Fort Lauderdale, Florida, which was reported by Bloomberg Law. According to the law firm Schubert, Jonckheer & Kolbe, which filed the suit, 2.9 billion records were taken from National Public Data (NPD), including names, addresses, Social Security numbers, and family member information spanning at least thirty years.

NPD disclosed that the stolen data encompasses names, email addresses, phone numbers, mailing addresses, and Social Security numbers. They stated that they are working alongside investigators and have initiated “enhanced security measures to help prevent such breaches from occurring in the future and to safeguard our systems.”

How to determine if your Social Security number or data has been compromised

The cybersecurity firm Pentester has developed a tool to check if your details are part of the breach, which reveals names, addresses, history of addresses, and Social Security numbers. You can access it at npd.pentester.com.

Since financial institutions often require Social Security numbers for applications related to loans, credit cards, and investments, the availability of such information poses a significant threat, stated Richard Glaser, co-founder of Pentester.com, in an advisory on the company’s site.

<

He also recommended freezing your credit reports. “While names, addresses, and phone numbers can change, your Social Security number remains constant,” Glaser emphasized.

Data breach: Tips to safeguard your credit

NPD has advised customers to “carefully observe your financial accounts, and should any unauthorized actions occur, reach out immediately to your financial institution.” They also encourage obtaining a credit report and setting a fraud alert on your credit file.

Experts recommend that consumers take further measures by freezing their credit report. Odysseas Papadimitriou, CEO of the personal finance platform WalletHub, shared with YSL News, “A fraud alert is not as effective as freezing your report.” He elaborated, “Fraud alerts merely warn lenders, which they can easily overlook. On the other hand, a freeze effectively stops identity thieves from creating accounts under your name.”

He, along with other security specialists, advocates for this action as the stolen personal data is likely in the possession of hackers.

The class action lawsuit alleges that the cybercriminal group known as USDoD broke into NPD’s systems and accessed unencrypted personal data. Following this, they claimed to have posted a database containing information on 2.9 billion people on the dark web, trying to sell it for $3.5 million around April 8, 2024.