In August, the cybersecurity world was rocked by one of the largest data breaches in history. A hacker posted 2.7 billion data records, including Social Security numbers, on a dark web forum. This massive leak is believed to have originated from the background-checking service National Public Data at least four months prior.
The Stolen Data
According to Bloomberg, each compromised record includes a person’s name, mailing address, and Social Security number. Some records also contain additional sensitive information, such as the names of relatives.
The Origins of the Breach
This breach is linked to an earlier incident on April 8, when a cybercriminal group known as USDoD claimed to have access to the personal data of 2.9 billion people from the U.S., U.K., and Canada. They were reportedly selling this information for $3.5 million, as stated in a class action complaint. It is believed that USDoD obtained the database from another threat actor using the alias "SXUL."
The stolen data supposedly came from National Public Data, also known as Jerico Pictures, and the criminal claimed it contained records for every person in the three countries. Notably, the malware website VX-Underground mentioned that this data dump does not include information on individuals who use data opt-out services.
Implications and Next Steps
The scale of this breach highlights the growing threat posed by cybercriminals and the importance of robust data protection measures. Individuals affected by this breach should remain vigilant and consider measures to protect their personal information, such as monitoring their credit reports and using identity theft protection services.
Stay tuned for more updates as this story develops.