A massive data breach has exposed 2.7 billion personal records including Social Security numbers. Discover the details, implications, and steps to protect yourself from this security incident

Continue reading
Approximately 2.7 billion personal records have been exposed due to a significant data breach, which includes sensitive information such as Social Security numbers, names, physical addresses, and potential aliases.
The data is believed to have been collected by National Public Data, a company that aggregates and sells personal information for various purposes.
In April, a threat actor known as USDoD claimed to be selling 2.9 billion records from National Public Data, reportedly for $3.5 million. USDoD is known for previous data breaches, including an attempted sale of InfraGard’s user database.
On August 6, a threat actor named "Fenice" released a version of the data for free on the Breached forum. Fenice attributes the breach to another actor, "SXUL," not USDoD. The leaked data, totaling 277GB, contains nearly 2.7 billion plaintext records.
The leaked data contains personal details such as names, addresses, and Social Security numbers. Some records include additional names. Previous leaks included phone numbers and email addresses, but these are not part of this leak. The data appears outdated, lacking current addresses, and there are noted inaccuracies, such as mismatched Social Security numbers.
The breach likely affects many U.S. individuals due to the exposure of Social Security numbers. It is crucial to monitor credit reports for signs of fraud and consider setting up fraud alerts or using identity theft protection services. Be cautious of phishing attempts and fraudulent communications, especially since previous leaks contained contact information.
The breach has led to class action lawsuits against Jerico Pictures, which operates as National Public Data, for failing to adequately protect personal data.

A third-party software flaw inside one of Japan's largest telcos exposed login credentials for up to 14.2 million email accounts across six ISPs. The passwords? Some were hashed. Some may not have been