A data theft on the national public internet has leaked 110 million Pa. records: Here's how to find out if your record was among them

BETHLEHEM, Pennsylvania – Social media and news outlets alerted consumers this week that their data may have been compromised in a massive data breach.

National Public Data, a Florida-based background check company, posted details of its security breach on its website, saying information such as names, email addresses, phone numbers, social security numbers and mailing addresses may have been leaked.

“The incident appears to have involved a malicious third party attempting to hack into data in late December 2023. Potential data leaks may have occurred in April and summer 2024,” the website says.

“We conducted an investigation and subsequently information came to light.”

A class action lawsuit filed in Florida alleges that the personal information of nearly 2.9 billion people may have been leaked onto the dark web after a hacking group called USDoD attempted to sell the data for $3.5 million.

“Although the defendant has not yet disclosed details about how or when the data breach occurred, based on the information and intelligence available, a cybercriminal group known as USDoD gained access to the defendant's network before April 2024,” the lawsuit states.

“And he succeeded in exfiltrating the unencrypted personal data of billions of people stored on the defendant’s network,” the “data breach.”

The lawsuit alleges that the leak included information from people whose lives stretched back more than two decades, as well as address information from individuals from the past 30 years.

How to tell if you are affected

Some consumers, such as the plaintiff named in the class action lawsuit, report being contacted by financial institutions or credit reporting agencies about suspicious activity related to their credit scores.

The complaint states that the plaintiff was notified by Experian in late July 2024 that his data “including his social security number was being sold on the dark web following a breach involving the defendant and/or its website www.nationalpublicdata.com.”

National Public Data’s Security Incident website also states that those affected have been notified.

For those who are concerned but have not been contacted, cybersecurity firm Pentester claims to have obtained the leaked data and created a search tool for consumers to determine if their data was part of the breach.

Richard Glaser, co-founder of Pentester, said in an email that based on the raw data obtained, the total number of records leaked in Pennsylvania is 110,072,993.

This number includes multiple entries for both individuals and deceased persons.

NPDbreach.com, operated by the Data Dividend Project and Atlas Privacy, offers the same screening features as Pentester.

The websites ask for information such as first name, last name, zip code, state and year of birth to search for leaked data.

What can you do?

Pedro Robles, assistant professor of cyber analytics and operations at Penn State Lehigh Valley, said in light of the recent data breach, “It is more important than ever to protect your personal information.”

“It is crucial not to feel overwhelmed and to respond with common sense,” Robles said. “Cybercriminals are constantly challenging networks and institutions to obtain data for various purposes.”

“The fact that the news was delayed for almost a year has led to many interpretations and we may never know all the facts.”

National Public Data's data breach website advises consumers to place a fraud alert on their credit file or place a hold on it with one of the three major credit bureaus (Equifax, Experian or TransUnion).

A credit freeze remains in place until the consumer asks the credit agency to temporarily lift it.

The company also recommends requesting a credit report from credit bureaus to review accounts for inquiries that consumers may not recognize so they can report them.

“If your personal information has been compromised, visit the FTC’s website at IdentityTheft.gov to report the identity theft and learn steps to recover,” the website says.

“Even if you don't find any suspicious activity in your initial credit reports, it's a good idea to check your credit reports regularly so you can identify problems and fix them quickly.”

Further suggestions

Robles also recommends following the Social Security Administration's suggestions for protecting personal information.

The SSA advises consumers to monitor their Social Security accounts, limit access to their Social Security numbers, increase online security – by using strong or unique passwords and enabling multi-factor authentication – and stay informed about current fraud cases.

For those whose Social Security number has been compromised, the SSA recommends:

• Report identity theft at IdentityTheft.gov. Consumers can also call 1-877-IDTHEFT.
• File a report with the police
• Report cybercrime to the Internet Crime Complaint Center to alert law enforcement and regulatory agencies
• Monitor credit reports regularly
• To prevent fraudulent tax returns, contact the IRS through its Identity Protection Specialization Unit at 800-908-4490, extension 245.