Millions of Americans' personal records, stolen from National Public Data (NPD), a background check and the personal lookup company, have appeared on illicit web forums for free. Experts warn that exposed Social Security numbers can lead to an increase in cybercrime, such as phishing and fraud.
In June, cybercriminals operating under the moniker USDoD tried to sell the stolen data for $3.5 million, claiming that it contained 2.9 billion records on US citizens.
More than a month later, a threat actor under the alias Fenice posted a database with 2.7 billion records for free on the illicit marketplace BreachForums.
The threat actor provided links to what it claims to be “the full NPD database,” which has been previously stolen by another threat actor, SXUL.
The provided data sample includes Social Security numbers, full names, addresses, phones, and other personal data. The full database is 277GB large.
“There is a new player in town,” threat actor Fenice said. “I have an even bigger database to share that is not related to NPD, wait for the next chapter.”
NPD is a background check company from Coral Springs, Florida. It is owned by Jerico Pictures.
Following the massive breach, Bloomberg Law reports that NPD has been hit with a class-action lawsuit. According to the complaint, NPD collected data on millions of individuals from non-public sources without their knowledge, including current and past addresses for nearly two decades. The plaintiff accuses the company of negligence, unjust enrichment, and other violations.
The Hackread.com research team analyzed the leaked data and confirmed that it contained personal details of unsuspecting users, including full names, addresses, cities, counties, states, ZIP codes, and Social Security numbers (SSNs) in plain text. Vx-underground, an anonymous threat analyst group, previously were able to find parents and nearest siblings using the data.
Researchers believe that malicious actors seeking financial gain will use the data to carry out a wide range of attacks, such as identity theft or phishing. Some examples include impersonating tax authorities or relatives and investment scams.
Your email address will not be published. Required fields are markedmarked