Regardless of how careful you are online, your personal data can still end up in the hands of hackers—and a new data breach that exposed the data of 2.9 billion people is the perfect example of this.
As reported by Bloomberg, news of this massive new data breach was revealed as part of a class action lawsuit that was filed at the beginning of this month. A complaint submitted to the US District Court for the Southern District of Florida claims the exposed personal data belongs to a public records data provider named National Public Data, which specializes in background checks and fraud prevention.
The personal data of 2.9 billion people, which includes full names, former and complete addresses going back 30 years, Social Security Numbers, and more, was stolen from National Public Data by a cybercriminal group that goes by the name USDoD. The complaint goes on to explain that the hackers then tried to sell this huge collection of personal data on the dark web to the tune of $3.5 million. It's worth noting that due to the sheer number of people affected, this data likely comes from both the U.S. and other countries around the world.
Here’s everything we know so far about this massive data breach along with some steps you can take to stay safe if your personal information was exposed online.
The result of overscraping
So how does a firm like National Public Data obtain the personal data of almost 3 billion people? The answer is through scraping which is a technique used by companies to collect data from web sites and other sources online.
What makes the way National Public Data did this more concerning is that the firm scraped personally identifiable information (PII) of billions of people from non-public sources. As a result, many of the people who are now involved in the class action lawsuit did not provide their data to the company willingly.
According to the complaint, one of the plaintiffs who resides in California first found out about the breach because he was using one of the best identity theft protection services which notified him that his data was exposed and leaked on the dark web.
As part of the class action lawsuit, this plaintiff is asking the court to have National Public Data securely dispose of all the personal information it acquired through scraping. However, he also wants the firm to compensate him and the other victims financially while implementing stricter security measures going forward.
How to stay safe after a data breach
With full names, addresses and Social Security Numbers in hand, there’s a lot that hackers can do with this information, especially when it was made available for sale on the dark web.
While we haven’t heard anything yet from National Public Data, the company will likely have to put out a data breach notification soon given the mess that scraping non-public sources for data has gotten it into. These data breach notifications will likely arrive in the mail, so you’re going to want to keep a close eye on your mailbox for the time being.
Normally after a breach of this size, the company responsible will offer free access to either identity theft protection or credit monitoring for up to two years. In the meantime though, you’re going to want to be careful when checking your inbox or even your messages as hackers often use this type of data to launch targeted phishing attacks. At the same time, you’re going to want to carefully monitor your bank accounts and other financial accounts for signs of fraud or suspicious activity.
Since this is almost as big of a data breach as the one that Yahoo! suffered back in 2013 which saw data on 3 billion people exposed online, this likely isn’t the last we’ll be hearing about it. Tom's Guide has reached out to National Public Data for more information on the matter and we'll update this piece if and when we hear back from them.