National Public Data finally confirms it was hit by data breach — and that millions of users are at risk

Data Breach
Image Credit: Shutterstock (Image credit: Shutterstock)

National Public Data has finally confirmed it suffered a massive data breach that resulted in the theft and subsequent public leaking of millions of sensitive personal records.

The compromised information leaked includes names, Social Security numbers, email addresses, home addresses, and phone numbers for individuals living in the US, Canada, and the UK.

An estimated 2.9 billion records have reportedly been circulating the dark web since April 2024, highlighting the scale and scope of the breach at the background check service.

Nearly three billion personal records leaked

National Public Data, which collects public records at various government levels, confirmed that the breach occurred in December 2023, and leaks followed in April 2024. 

In a statement (via The Register), the company confirmed: “We conducted an investigation and subsequent information has come to light.”

The data, which spans over 30 years and includes address histories and family connections, was stolen by a hacker using the alias SXUL. The data was later passed to another cybercriminal, known as USDoD, to sell, and was initially offered for sale at $3.5 million.

Last week, a threat actor named Fenice released 2.7 billion records from the collection for free.

The breach has sparked a class-action lawsuit, with the leaked data still posing significant risks for identity theft and fraud. Individuals impacted by the breach are being advised to monitor their financial accounts for suspicious activity and be cautious of potential phishing attempts exploiting the leaked information. 

Troy Hunt, known for breach notification website HaveIBeenPwned.com, highlighted that the leak includes 134 million unique email addresses and 272 million SSNs, with an average age of 70 years for the affected individuals.

While some of the information may be outdated the sheer scale of the breach underscores the critical need for robust protection practices in an increasingly digitally connected world.

More from TechRadar Pro

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!