The Biggest Data Breach in Modern History – Is Your Personal and Business Data Safe?

The world of cybersecurity has been rocked by a data breach so colossal that it's being called the biggest of modern times. Imagine a treasure trove of sensitive information—2.9 billion records, to be exact—containing details of citizens from the US, Canada, and the UK, weighing in at a staggering 4 terabytes. This digital goldmine is now in the hands of a notorious threat actor, known only by the alias “USDoD.” And, if that’s not shocking enough, it’s up for sale on the dark web for a jaw-dropping $3.5 million.

The Impact: Not Just Numbers, but Lives and Livelihoods

This isn't just another headline about stolen data—it’s a cyber crisis of unprecedented scale. With personal information of nearly three billion people compromised, the ripple effects are beyond comprehension. From small and medium-sized businesses (SMBs) to individual citizens, no one is safe. The leaked data could lead to identity theft, financial fraud, and even targeted attacks on critical infrastructure. If you think this doesn't affect you or your business, think again. The implications are profound, and the time to act is now.

Behind the Breach: The Face of “USDoD” Unmasked

Who is behind this massive cyber heist? None other than the same threat actor responsible for infiltrating the FBI’s InfraGard—a network we’re proud members of—demonstrating an audacity that few in the hacking world can match. Known as “USDoD,” this hacker has not only stolen billions of records but has also been publicly exposed (or “doxed”) after getting into a heated exchange with CrowdStrike, a leading cybersecurity company that famously claims to “stop breaches.”

In a twist worthy of a Hollywood thriller, “USDoD” engaged in a trash-talking match with CrowdStrike, even exposing some of their proprietary Indicators of Compromise (IOC). CrowdStrike responded by tracking down and exposing his real identity. This cyber outlaw has been revealed as a Brazilian citizen, sparking an international debate: Should he be extradited to face justice in the U.S.? The story has become a global spectacle, but behind the drama lies a serious threat to our digital security.

Call to Action: Freeze your credit files and stay vigilant. Business owners, invest in specific security layers and realize the overwhelming risks taken by failing to do so.

A True Cyber Crime Story

I’m about to tell you a true story. One that has caused many to stand up and shout: enough. Enough of the attacks and enough of the lame excuses victims make after not taking basic precautions to avoid risks and remaining essentially negligent in their security posture. It’s shocking. It’s real. The following is our personal opinions and not necessarily the opinions of any employers or partners. Opinions expressed here come as a result of interviewing 250+ business leaders, cybersecurity experts, hackers, threat actors and government leaders over the past several years.

Also please scroll to the end before leaving since we share specifically what you individually can do personally as well as what your role as a business leader/owner need to do and how to meet the duty you owe to your brand.

Overview

These days, a small mistake can have colossal consequences. National Public Data (NPD), a consumer data broker, recently made a grave error that exposed millions of Americans' sensitive information online. But the story takes a shocking twist—an affiliated company, RecordsCheck, accidentally published its own administrative passwords on its homepage. This blunder made their back-end database vulnerable, exposing source codes, user credentials, and outdated but reusable passwords.

The breach was initially uncovered when a cybercriminal named USDoD began selling stolen data from NPD in April 2024. By July, this information—names, addresses, phone numbers, and more—was leaked online, affecting over 272 million people, including deceased individuals. NPD acknowledged that the breach stemmed from a security incident dating back to December 2023.

However, a new layer of the breach came to light when a reader discovered a "members.zip" archive on RecordsCheck’s website. This file, publicly accessible until mid-August, contained plain-text usernames and passwords, and shockingly, many users never updated their default credentials.

The revelation also highlighted a worrying trend: hackers leveraging old breaches to exploit new vulnerabilities. RecordsCheck's source code showed the site was developed by a firm in Lahore, Pakistan, raising questions about security practices and accountability.

As the dust settles, experts warn Americans to take immediate steps—freezing credit files, monitoring financial accounts, and securing personal information.

We give you specific steps on how to do this at the end of this writing.

?Reality Check: Real-Life impact of Data Breaches

In recent weeks I've traveled across a couple Midwest states, fly-over states that are the heart of our great country. I drove by three specific midsize businesses that I had known and had some business dealings with over the past several years. Two of the three are closed down. I sat down with the c-suite leadership of the third. The third eights with approximately 40% of its prior workforce.

What was the Straw that broke the camels back? Do you want me to blame Trump? or Biden? Kamala? Nope-not our thing. It goes back to business ownership, initiative and decisions. It's unfortunately about accountability for where we invest, or refuse to invest, our funds-especially when it comes to cybersecurity.

After over 250 interviews conducted in our podcast, CCJ, where we dug into business leaders, threat actors and cybersecurity leaders, we have a unique perspective. After review of the data, the straw that broke the camel’s back might be surprising. Too many of us, it’s not a surprise at all.

Data breaches. And the unforeseen fallout of them long-term.

As for the Technical industry, we’ve done a terrible job at measuring cyber security risk, cyber security levels (because not all data breaches are created equal) and assessing proximation date of breaches how they were handled how they were prepared for ahead of time or not, and the end result. The cybersecurity industry has also done business leaders a disservice by over promising and underdelivering. You (vendor) do not stop breaches nor do you stop social engineering. But you are useful-very useful and critically needed. Just be forthright in your advertising claims and dont let the income you earn give you a sense of overly inflated self-importance.

What I learned after interviewing various people involved in those three businesses were life lessons and the importance of act taking action on the advice people have been providing. The lack of taking the advice from people who are genuinely trying to help is that business owners and leaders are operating their companies with massive high risk blind spots. It' slike mentorship-so many people seek a mentor and then fail. WHy? They faiol to actually take the actions recommended by the mentor. They dont do the push ups required. SO back to Blind Spots.

?Blind spots.?

Blind spots: areas of significant risk that businesses are operating with that they don’t even know to take action about.?

And that my friends gets to the heart of security awareness.

It gets to the heart of the difference between cyber security and compliance. Compliance is the evidence Sherry fact that action has been taken on a specific control up to a baseline minimum. It doesn’t mean it was effective.

Cyber security awareness is the actual learning of your risk. Leadership is about taking action and driving help for those who were previously blind.?

What Happened in the Biggest Breach in Modern History

In December 2023, National Public Data (hereafter “NPD”), a company offering access to extensive public records, experienced a significant breach. Sensitive personal data from over 2 billion (with a B) people were compromised, and this means nearly all Americans.

The stolen information soon found its way to underground marketplaces, putting countless individuals at risk. This breach, already a major incident, took an even darker turn when, months later, in August 2024, it was discovered that one of NPD’s sister sites, RecordsCheck.net, had accidentally published its own admin passwords on its homepage.

Published It’s Own Admin Passwords.

On its homepage.        

This is where the story gets complicated—and concerning. The security blunder on RecordsCheck.net allowed anyone who stumbled upon the page to access the site’s administrative back end. This is more than just a careless mistake; it highlights a glaring failure in cybersecurity practices, one that should have been avoided with basic protocols in place. Let’s break down what happened and why this matters, particularly for small-to-medium-sized business (SMB) owners in the United States.?

How the Breach Happened

The initial breach in December 2023 was the first domino to fall. NPD, like many companies offering public records access, stored a vast amount of sensitive data—everything from social security numbers and birth dates to home addresses. This kind of information is a goldmine for cybercriminals, and it’s precisely what was exposed during the breach. Once the data was leaked, it didn’t take long for it to circulate in dark web markets, where stolen identities and personal records are bought and sold.

What escalated this situation was the subsequent incident involving RecordsCheck.net. This site, closely linked to NPD, used shared databases and systems, meaning it was a critical component of the overall operation. When RecordsCheck.net accidentally published a file containing its admin login credentials on its homepage, it was akin to leaving the front door wide open in a neighborhood filled with thieves. Anyone who accessed that page had the potential to exploit these credentials, gaining access to the backend systems of the site—and potentially more sensitive data.

The exposure wasn’t just a brief, easily contained error. The passwords remained publicly accessible for an unknown period, adding to the damage that had already been done by the initial breach. This event demonstrates a failure not just in securing data but in the entire cybersecurity infrastructure of the company.

First Notice

It all started to come to life on X (F/K/A Twitter)

On April 8, 2024, HackManac posted information about 2.9 billion records of US, Canada and UK citizens (a 4 terabytes database) exfiltrated from National Public Data being offered for sale by USDoD at $3.5 million.

The media largely ignored this post. NPD did not respond.

The breach was first brought to light in April 2024 when "USDoD," attempted to sell the stolen data for $3.5 million on Breachforums. The data leak has since been confirmed by various cybersecurity sources, including HaveIBeenPwned.com and vx-underground, which identified the leaked information as matching the data first advertised by USDoD (DataBreaches.Net) (TechRepublic).?

Who is USDoD?

Who the infamous Hacker was behind all this actually came out in the past couple days. Thanks to him being DOXXED. Fact-checking friends will realize that he was, in fact, DOXXED a few months back but now it’s all coming to light.

?The entity behind the NationalPublicData.com breach, known as "USDoD," is a notorious figure in the cybercriminal world, though not widely recognized in mainstream databases like MITRE ATT&CK or Malpedia.

USDoD is a single individual rather than a group, and has a history of executing similar high-profile hacks and data leaks. This individual was previously associated with other significant breaches targeting organizations such as: FBI’s Infragard, Airbus and more.

He has given interviews and his true identity and location has been exposed, find that below.

How 2.9 Billion Breach Happened

The breach was first brought to light in April 2024 when a hacker, known by the alias "USDoD," attempted to sell the stolen data for $3.5 million on Breachforums. The data leak has since been confirmed by various cybersecurity sources, including HaveIBeenPwned.com and vx-underground, which identified the leaked information as matching the data first advertised by USDoD (DataBreaches.Net) (TechRepublic).

The breach of NationalPublicData.com is particularly alarming due to the scale and the nature of the data involved. Over 2.9 billion records were compromised, including deeply sensitive personal information such as Social Security numbers. The attack was meticulously planned and executed, likely over an extended period. The hacker used advanced techniques to exfiltrate the data without detection, which is remarkable given the enormous size of the database. Typically, databases of this magnitude include various complex records like scans, PDFs, and legal documents, making them challenging to steal in bulk without raising alarms (SecurityWeek).

After successfully extracting the data, USDoD attempted to monetize it by offering the entire dataset for $3.5 million on a dark web forum called BreachForums.

This kind of large-scale data sale is a hallmark of USDoD's operations, reflecting a sophisticated understanding of both technical and criminal aspects of cybersecurity (DataBreaches.Net).

The hacker's declaration, "I'm not a group, I'm not a gang, I'm an only one-man army," reinforces the belief that USDoD operates independently, driven by motives that are not entirely clear but likely involve a mix of financial gain and notoriety (SecurityWeek). This breach is consistent with their modus operandi, where they not only target organizations but also look to disrupt and challenge the broader cybersecurity ecosystem.

Who Owns National Public Data-Selling All Your Personal Information For Profit as a Data Broker?

Where did National Public Data get its consumer data? The company’s website doesn’t say, but it is operated by an entity in Coral Springs, Fla. called?Jerico Pictures Inc.?The website for Jerico Pictures is not currently responding. However, the legendary Brian Krebs investigated and found?cached versions of it at archive.org?show it is a film studio with offices in Los Angeles and South Florida.

Namely it's this guy, Salvatori Verini, as Brian Krebs found out. Enough said about this pice of work and his data broker collection practices with substandard security posture.

Sal Verini’s profile page at imdb.com.

?

As Brian Krebs explained, it's unclear how the thieves originally got their hands on these records from National Public Data. Krebs reached out to USDoD, a group best known for hacking Infragard, an FBI program that shares information about cyber and physical threats with trusted private sector individuals.

USDoD confirmed they sold the same data set that recently leaked on Breachforums but insisted the leaker didn’t get it from them. They explained that the data stolen from National Public Data has been passed around several times since it was first taken in December 2023. "The database has been floating around for a while," they said. "I wasn’t the first one to get it." USDoD also mentioned that the original thief goes by the name SXUL. It looks like this hacker deleted their Telegram account a few days ago, likely due to the media frenzy surrounding the breach.?

A Word on Data Brokers

Data brokers such as National Public Data typically collect information by sifting through government records across federal, state, and local levels. This encompasses data from voting registries, property filings, marriage certificates, motor vehicle records, criminal records, court documents, death records, professional licenses, bankruptcy filings, among others. While many Americans may believe they have the option to prevent their records from being collected and sold, experts indicate that this isn't possible. These so-called "public" records are exempt from all state consumer privacy laws, including those in California.

DOXXING of USDoD

The Shocking Unmasking of The Man Behind the Mask

?In a dramatic twist, the notorious threat actor known as USDoD—also called EquationCorp.—has unveiled his true identity, sending shockwaves through the cyberworld. A Brazilian citizen stands behind one of the largest data breaches in history, a revelation that not only deepens the mystery but also casts a shadow over the international hunt for justice. The breach, infamous for compromising over $3 billion worth of Social Security Numbers (SSNs), now carries new weight as global tensions rise over what this means for the future of cyber warfare.

In a revealing interview, the hacker known as "USDoD" clarified that his motivations are neither political nor financial; instead, he seeks challenges. He gained notoriety for high-profile breaches, including the FBI’s InfraGard program and Airbus, using social engineering and impersonation.

He emphasizes that he’s not pro-Russia or a terrorist, despite media portrayals. His activities are driven by personal reasons and a desire to test his skills, even at the risk of getting caught. (DataBreaches.net).

USDoD engineered a staggering breach, infiltrating systems and seizing over 120 million SSNs, an attack that has left a lasting scar on the world of cybersecurity. The damage, estimated at a jaw-dropping $3 billion, exposes vulnerabilities across major institutions, leaving a trail of chaos in its wake.

?"This breach stands as a testament to the growing sophistication of cybercriminals,” said cybersecurity expert Brian Krebs, “who can inflict significant damage with relative impunity."

More than just numbers, the stolen data carried intimate personal and financial details, fueling waves of identity theft and fraud. The impact is a grim warning of what awaits when cybersecurity fails to meet the ever-advancing threats of our digital age.

The Interviews-Hacker Takes to Public Relations?

As Daily Dark Web reported as only they can, In a dimly lit room, behind a veil of secrecy, the figure known only as U.S. Dod, a name that strikes a chord in the deepest alleys of the cybersecurity world, sat down for an exclusive interview. The elusive architect behind SparrowCorp, a name whispered with a mix of fear and respect, was ready to share his journey. His story, an intriguing blend of shadows and sharp intellect, began in the unassuming corridors of NetSec and evolved into the powerful digital force that is SparrowCorp.

From a young age, U.S. Dod had an affinity for the hidden and the forbidden. He wasn’t the typical hacker driven by chaos or personal gain. Instead, his work was methodical, calculated, and imbued with a sense of higher purpose. Dod’s early days at NetSec, a breeding ground for cybersecurity talent, were marked by his uncanny ability to outthink adversaries and his talent for infiltrating systems that others deemed unbreachable. His skills were razor-sharp, honed through countless hours of coding and decoding, navigating the digital maze where few dared to tread.

But it was his creation of SparrowCorp that cemented his legend. With SparrowCorp, Dod aimed to push the boundaries of what was possible in the world of cybersecurity. While details about SparrowCorp’s operations remain shrouded in mystery, those in the know speak of its capabilities in hushed tones. SparrowCorp is more than a company—it’s a fortress, a sentinel in the digital landscape capable of detecting and thwarting even the most sophisticated cyber threats. Dod’s vision was clear: to create a platform that would not only protect but also outmaneuver the cybercriminals who sought to exploit the vulnerable.

What makes him different? He has not gone after volume or gang notoriety. He works solo. He targets whales.

?And is incredibly effective.

Throughout the interview, Dod remained an enigma—never revealing too much, always leaving a sense of intrigue in his wake. His responses were thoughtful, calculated, much like his approach to cybersecurity. He spoke of the importance of evolving beyond traditional methods, of staying one step ahead in a game where the rules were constantly changing. He hinted at new technologies SparrowCorp was developing, tools that would redefine the standards of digital security.

As the interview concluded, one thing was evident: U.S. Dod wasn’t just a player in the cybersecurity realm; he was a game-changer. His work with SparrowCorp had already sent ripples through the cyber world, and whatever came next was sure to make waves. In a domain where anonymity is often the key to survival, Dod had made a name for himself. Not through publicity or self-promotion, but through the sheer power and effectiveness of his creations.

In the interview with Hackread.com, which included a brief video message, USDoD admitted that he had been "doxed by CrowdStrike," the cybersecurity firm that was recently in the spotlight for a flawed update that disrupted Windows devices worldwide. Here's an interview from Daily Dark Web.

?CROWDSTRIKE vs HACKER USDoD

The notorious hacker recently made waves after breaching the U.S.-based API firm National Public Data, leaking over 3.2 billion Social Security Numbers (SSNs) online. This act followed another high-profile attack in which USDoD infiltrated the FBI’s InfraGard platform, exposing the personal information of 87,000 members. These incidents are just a few in a long list of major data breaches and web scraping operations linked to the hacker.

But how did the clash between USDoD and CrowdStrike begin? It all started in July 2024, when the hacker claimed responsibility for scraping and leaking a 100,000-line Indicator of Compromise (IoC) list from the company. In less than a month, CrowdStrike responded by revealing the hacker’s identity.

?The Brazilian Revelation: A Tangled Path to Justice

Now, USDoD’s admission of his Brazilian citizenship has thrown the pursuit of justice into turmoil. Brazil’s notorious resistance to extraditing its citizens adds a formidable barrier to any U.S. efforts to bring this mastermind to account. With this revelation, the breach moves beyond borders, sparking international legal battles and heightening the uncertainty of whether justice will ever be served.?

In a recent interview, USDoD stated:

"So congrats to Crowdstrike for doxing me, they are late for the party, intel421 Plus and a few other companies already doxed me even before the Infragard hack. I want to say thank you, it is time to admit I got defeated and I will retire my Jersey. Yes, this is Luan speaking. I won’t run, I’m in Brazil, the same city where I was born. I am a huge valuable target and maybe I will talk soon to whoever is in charge but everyone will know that behind USDoD I’m a human like everyone else, to be honest, I wanted this to happen, I can’t live with multiple lives and it is time to take responsibility for every action of mine and pay the price doesn’t matter how much it may cost me. This is not my end. Thank you, see you around. Don’t worry Brazilian authorities, I’m coming to meet you, I’m not a threat, in fact, I can do much for my country."

This statement highlights the legal and diplomatic hurdles that U.S. authorities face in attempting to bring him to justice. However, given the U.S. government’s track record with international pursuits, it's uncertain whether Brazil’s legal protections will hold firm in this high-profile case.

?Can the U.S. Extradite Him?

According to the Brazil and US Extradition Treaty, the U.S. could request his extradition to face charges for his cybercrimes. However, Brazil has a long-standing practice of refusing to extradite its own citizens, which could complicate the U.S.'s efforts to bring him to trial. If Brazil opts not to extradite, the hacker could still face legal consequences under Brazilian law, depending on how the country addresses cybercrime.

As USDoD himself mentioned:

"As long as I am here, I am untouchable. The world may hate me, but Brazil’s laws keep me safe."

Yet, his expressed desire to turn away from cybercrime and contribute positively to Brazil might influence how authorities approach his case. This could potentially shift the focus towards rehabilitation.

Stranger things have happened.

What Should Business Leaders do? Specific steps.

So, what does this mean for SMB owners in the U.S.? This story underscored critical lessons for all businesses, regardless of size. Special attention is given here to the most vulnerable-SMB’s (under 1000 employees).

These are top of mind and yet every week I meet leaders at organizations who still don’t implement these basic requirements (remember back in the day with no seat belts, high speeds and Marlboro Red ads on TV?-things have changed and life expectancy has gone up to nobody’s surprise when fundamentals are actually done for your own benefit.?

No Business is Too Small for Cyber Threats:

• The fact you are located an hour+ from a major metro area is irrelevant! When you get online you enter their world. One of the biggest misconceptions among SMBs is that cybercriminals won’t target them because they’re “too small” to be worth the effort. In reality, smaller businesses are often easier targets precisely because they tend to have weaker cybersecurity defenses. Hackers know this and often prioritize them over larger corporations, which have more resources to invest in security. The NPD incident is a stark reminder that even businesses handling “public” data are vulnerable, and SMBs can be prime targets if they aren’t careful.
• You as a business leader owe your brand a duty. Not just to invest in it’s growth (sales marketing) but to value your brand and to invest in protecting it. That’s means actually putting money where the talk comes from and doing at least the fundamentals. What are those?

While varying by industry, many must-haves across the board include:

Start at the Beginning with a Security Assessment

• -learn what stage you are at in cybersecurity maturity (it will surprise you I am confident) and identify all the technology you actually have and how it’s configured (and misconfigured) to your systems. Threat Hunting (24/7 eyes on Glass). How you can sleep without someone watching your shop boggles our minds. This is usally an outsourced SOC as a service or MSIEM/MDR offering from a reputable MSSP (shout out to NetGain and their partner Arctic Wolf and Huntress)

Basic Policy Enforcement Implementation

• Most need to have policies that are actually enforced. Ones like AI use, Password, MFA The mistake made by RecordsCheck.net was basic, yet catastrophic: poor password management. Having strong passwords, regularly updating them, and ensuring that they are stored securely (never, ever on a public-facing page) are all fundamental practices that every business must enforce. For SMBs, this is a relatively easy fix, but it’s often overlooked. Implementing robust password policies and utilizing password managers can go a long way in preventing similar mishaps.

Shared Systems and Third-Party Risks

• One of the lessons from the NPD breach is the danger of shared systems and the vulnerabilities that come with them. Many SMBs rely on third-party vendors for various services, from payment processing to HR or Accounting support. If one of these vendors suffers a breach, your business could be at risk, too. The interconnectedness means that you are only as strong as your weakest link. This makes vetting your partners and ensuring they follow rigorous security practices essential to your business’s safety. This is handled in the Assessment part suggested above.

Invest in Cybersecurity Training

• Educate your employees about the importance of cybersecurity. Many breaches occur due to human error, like clicking on a phishing email or using weak passwords. Regular training can help your team recognize threats and act responsibly when handling sensitive data.

Implement Multi-Factor Authentication (MFA)

• MFA adds an extra layer of security beyond just passwords. Even if a password is compromised, MFA requires an additional verification step, such as a text message or authentication app, making it much harder for attackers to gain access.

Perform Regular Security Audits

• Regularly auditing your systems can help identify vulnerabilities before they are exploited. This includes reviewing access logs, updating software, and ensuring that all systems are patched and up to date.

Use Encryption

• Encrypting sensitive data ensures that even if it is stolen, it cannot be easily read or used by attackers. This is particularly important for customer information, financial records, and anything else that could be damaging if exposed.

Have a Response Plan (Practice it with Tabletops)

• No system is foolproof, which is why it’s critical to have an incident response plan in place. If a breach does occur, knowing how to respond quickly and effectively can mitigate the damage. This includes having legal, PR, and IT resources ready to manage the fallout.

INDIVIDUAL PROTECTION-What You Should Do.

Consider placing fraud alerts, reviewing your credit, and freezing your credit to protect yourself. And Place a Credit Freeze on Your Children’s Credit (ID thefts on children can be used for years until they become adults and nobody see it, since they arent pulling their credit-as many parents fail to do this).

As a next step, you may want to reach out to the three main U.S. credit reporting agencies—Equifax, Experian, and TransUnion—to obtain a free credit report from each. You can do this by calling 1-877-322-8228 or visiting www.annualcreditreport.com. It’s also advisable to set up a free fraud alert on your credit file, which prompts creditors to contact you before opening any new accounts or modifying your existing accounts. Contacting just one of the three major credit bureaus will trigger a fraud alert across all three. This initial alert stays on your credit report for one year, and you can renew it after that period.

??????????? ??????????? Equifax: equifax.com/personal/credit-report-services or 1-800-685-1111

??????????? ??????????? Experian: experian.com/help or 1-888-397-3742

??????????? ??????????? TransUnion: transunion.com/credit-help or 1-888-909-8872

After placing a fraud alert, request a free credit report from each bureau and review it for any accounts or inquiries that you do not recognize, as these could be signs of identity theft.

If you discover that your personal information has been misused, visit the FTC’s website at IdentityTheft.gov to report the theft and receive guidance on recovery steps. Even if no suspicious activity is found initially, it’s recommended to check your credit reports regularly to quickly identify and address any potential issues.

We strongly urge you to freeze your credit. This prevents potential creditors from accessing your credit report, making it more difficult for identity thieves to open new accounts in your name.

To initiate a freeze, contact each of the major credit bureaus using the links or phone numbers provided above. The freeze will remain in effect until you request that it be temporarily lifted or permanently removed.?

You should also freeze the credit of any children you care for. Often their ID thefts go one for over a decade since many parents fail to do this no-cost step.

Why Data Brokers Need More Regulation

This incident underscores the vulnerabilities in data aggregation practices. Experts argue that companies like NationalPublicData.com, which act as data brokers, often collect vast amounts of personal data without adequate security measures. Without any regulation.

An important point to understand. Data brokers are widely unregulated. How can that be ok?

You need training, certification and government approval to CUT MY HAIR…but to manage, take without my knowledge or consent and then to screw with all our personal private data-no parent is in the room. A Ridiculous state of affairs in the US.

The breach has reignited calls for stronger regulations and transparency in how data brokers operate, with suggestions that such entities should be required to notify individuals when their data is collected and to implement stricter encryption protocols (TechRepublic).

The legal and regulatory implications of this breach are still unfolding, with several lawsuits already filed against NationalPublicData.com. The outcome of these legal actions could set significant precedents for how data breaches are handled in the future (SecurityWeek).

This event highlights the critical need for both companies and regulators to prioritize data security and privacy to prevent such massive breaches from occurring again.

A Final Word

The National Public Data breach is a cautionary tale for businesses of all sizes. It serves as a reminder that cybersecurity cannot be an afterthought—it needs to be woven into the fabric of every business operation. For SMBs, this means taking proactive steps to protect their data, educate their employees, and ensure they are prepared for the worst-case scenario. Cyberattacks aren’t just a risk for large corporations; they are a very real threat to every business.?

Got a next-gen firewall? Great it’s needed. But it’s not enough. Got a small company helping you IT support? Great but again it’s not enough.

By continuing the “way it’s always been” is tantamount to negligence.

These are the allegations that will fill the paperwork of coming lawsuits arising out of the next data breach to hit the organization, should things not change.

?

Stay Vigilant,

David Mauro, Vice President, NetGain Technologies

Cybersecurity, IT and Compliance Services

[email protected]

(614) 584-4583

www.NetGainIT.com

Let's Connect

Intelligent Cybersecurity Services

24/7 SOCaaS, MDR/MEDR, Incident Response Planning, vCISO, VMS, Pen Testing, Managed & Live Security Awareness Trainings

Let's Connect.

• Podcast Site CyberCrimeJunkies.com.
• Audio Podcast (Apple, Spotify, everywhere)
• X @CyberCrimeJunky
• Video Episodes YouTube @Cybercrimejunkiespodcast

Catch up on Past Editions.

Vigilance, Volume 6 (July 2024) Banking on Cyber Crime: Rising Threats Engulfing the Financial Sector

Vigilance, Volume 5 (June 2024)

Beyond Compliance: Elevating Cybersecurity Using Essential Goals (May 2024)

Vigilance. Volume 4 (January 2024)

Vigilance. Volume 3 (Dec. 2023)

Vigilance. Volume 2 (Nov. 2023)

Vigilance. Volume 1 (Nov. 2023)

New FTC Rule Accelerates Data Breach Reporting

Espionage Hackers And Spies

Take Down of The Boy Who Broke the Internet

Hacking Healthcare. What A Breach Does To Your Life. #MoveITBreach2023

Modus Operandi. Profiling Cyber Criminals.

Under Cover. Exposing LOCKBIT Ransomware Gang

What it Means to Have a Good Security Culture.

Ransomware Real Life Stories Effect on People

Business Benefits for Having Security Assessments Done.

New Insight on Operational Resiliency and Crises Management

Are you real? What will Deepfake do to Security Risk? Shocking Examples?