Massive Data Breach Exposes 2.7 Billion Records: What You Need to Know
In a staggering data breach, almost 2.7 billion records of personal information belonging to people in the United States have been leaked on a hacking forum. This breach has exposed highly sensitive data, including names, social security numbers, all known physical addresses, and possible aliases. The data, which is believed to come from National Public Data—a company that aggregates and sells personal information for background checks, criminal records, and private investigations—has left millions of Americans vulnerable to identity theft and other malicious activities.
The breach first came to light in April when a threat actor known as USDoD claimed to have stolen 2.9 billion records from National Public Data, covering individuals in the US, UK, and Canada. At the time, USDoD attempted to sell the dataset for $3.5 million, claiming it contained records for nearly every person in the three countries.
On August 6th, a different threat actor named “Fenice” released the most comprehensive version of this stolen data for free on the Breached hacking forum. Fenice attributed the original breach not to USDoD, but to another hacker known as “SXUL.” The leaked data comprises two text files totaling 277GB and includes nearly 2.7 billion plaintext records. While this number is slightly lower than the original 2.9 billion records claimed by USDoD, the sheer volume of the exposed data is alarming.
The data leak includes personal information such as names, mailing addresses, and social security numbers, with some records featuring additional details like aliases. Notably, none of this data is encrypted, making it easily accessible to anyone who downloads it.
The breach has widespread implications, potentially affecting nearly every individual in the United States. However, it’s important to clarify that the breach doesn’t mean 2.7 billion unique individuals were impacted. Instead, the data likely includes multiple records for the same person, each corresponding to different known addresses. Additionally, the data may not be current, as checks revealed that the information does not include up-to-date addresses, suggesting it might have been obtained from an old backup.
The release of this data has already led to multiple class action lawsuits against Jerico Pictures, the company believed to be operating as National Public Data, for failing to protect this sensitive information adequately.
If you reside in the United States, it’s highly likely that some of your personal information has been compromised in this breach. Given that the leaked data includes hundreds of millions of social security numbers, it’s crucial to monitor your credit report for any signs of fraudulent activity. If you detect any suspicious activity, report it immediately to the credit bureaus.
Furthermore, as previously leaked samples of this data included email addresses and phone numbers, be on the lookout for phishing attempts or SMS texts designed to trick you into providing even more personal information. Cybercriminals often exploit such data breaches to launch targeted attacks, so keeping your eyes out is necessary.