Hackers Leak 2.7 Billion Records: Social Security Numbers and Addresses Compromised
Massive Data Breach Hits National Public Data
In one of the largest data breaches to date, nearly 2.7 billion records containing personal information of individuals in the United States have been leaked on a hacking forum. This extensive database, which includes names, Social Security numbers, physical addresses, and possible aliases, was exposed in two text files totaling 277GB.
Source of the Leak: National Public Data
The stolen data reportedly originates from National Public Data, a company specializing in the collection and sale of personal information for use in background checks, criminal record searches, and by private investigators. The firm is believed to aggregate this information by scraping publicly available sources to create comprehensive user profiles for people in the U.S. and other countries.
In April, a notorious threat actor known as “USDoD” claimed to possess 2.9 billion records containing personal data from National Public Data, spanning the U.S., U.K., and Canada. At the time, the hacker attempted to sell the data for $3.5 million, boasting that it included information on every individual in those three countries.
USDoD, already linked to an attempted sale of InfraGard’s user database in December 2023, never received payment for the data and did not follow through with the sale. BleepingComputer attempted to contact National Public Data regarding the breach but received no response.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
Data Leaked for Free on Hacking Forum
On August 6th, a hacker known as “Fenice” leaked the most complete version of the stolen data for free on the Breached hacking forum. Fenice clarified that the breach was carried out by another threat actor named “SXUL,” not USDoD. The leaked data, consisting of nearly 2.7 billion plaintext records, is slightly smaller than the original 2.9 billion records initially claimed.
National Public Data data leaked on a hacking forum
Source: BleepingComputer
The database includes a person’s name, mailing addresses, Social Security number, and in some cases, additional information such as known aliases. Unlike previous leaks, this dataset does not contain phone numbers or email addresses. While BleepingComputer was unable to verify if the leak includes data for every person in the U.S., multiple individuals confirmed that their legitimate information, including that of deceased relatives, was included.
Accuracy and Potential Issues
It’s important to note that each person may have multiple records in the database—one for each address they have lived at. This means the breach does not equate to 2.7 billion individuals but rather 2.7 billion records. Additionally, some individuals reported inaccuracies, such as Social Security numbers linked to unknown persons.
Moreover, the data appears outdated, as it does not contain current addresses for those checked by BleepingComputer, indicating it may have been sourced from an old backup.
Trending: Digital Forensics Tool: Elyzer
Legal Ramifications and Data Protection Failures
The breach has already sparked multiple class action lawsuits against Jerico Pictures, the company believed to be operating as National Public Data, for failing to adequately protect the personal information of millions of Americans. The lawsuits allege negligence in safeguarding sensitive data, leading to widespread exposure and potential fraud.
What You Should Do
If you live in the U.S., it’s highly likely that some of your personal information has been leaked. Given the inclusion of Social Security numbers in the breach, it’s critical to monitor your credit report for any signs of fraudulent activity and report it immediately to the credit bureaus.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
