A staggering 2.7 billion records of personal information for people in the United States were leaked on a hacking forum. The tranche of leaked information includes names, social security numbers, residence locations, and physical aliases.
The source of the data breach has been traced to National Public Data. National Public Data is a company that facilitates personal data for use in background checks by companies before the hiring of personnel, to obtain criminal records, and for private investigators.
National Public Data obtains this information from public sources and profiles individual information, which is then provided to people in the US and other countries.
The breach into the National Public Data databases was effected by a threat actor known as USDoD in April this year. USDoD claimed that it has 2.9 billion records containing the personal data of people in the US, UK, and Canada and also said that it will be selling it.
The threat actor attempted to sell the data for $3.5 million and also boasted that it has records for every person in the three countries.
USDoD is a and was earlier indicted for trying to sell InfraGard’s user database in December 2023 for $50,000.
Since the breach, a number of well-known threat actors have made public partial copies of the data. With each leak, a different number of records and, in some cases, different data was made public.
One such threat actor known as “Fenice” leaked on August 6th almost the entire version of the stolen National Public Data data for free on the Breached hacking forum.
Fenice also stated that the data breach was conducted by another threat actor named “SXUL,” rather than USDoD.
The leaked data is a voluminous amounting to 277GB. It contained 2.7 billion plaintext records, rather than the original 2.9 billion number originally shared by USDoD.
The data breach also included their and family members’ legitimate information, including those who are deceased.
As already stated, the data breach is exhaustive and contained a person’s name, mailing addresses, and social security number. It could also contain other names associated with the person. None of this data is encrypted.
A lawsuit has also been filed against National Public Data, a data company based in Coral Springs, Florida, that provides background checks for employers, investigators, and other businesses. The lawsuit has been filed by Christopher Hofmann, a California resident who alleged that an identity theft protection service alerted him that his personal information had been leaked to the dark web in the “nationalpublicdata.com” breach.
Also Read: What Is Project 2025? Leaked Videos Reveal an Idea Propagated by Ex-Trump Officials