A massive database containing over 2.7 billion records has reportedly ended up on a criminal forum. These records belong to individuals in the U.S. and were allegedly stolen from National Public Data (NPD). While the accuracy of the leaked data could not be verified, the hackers reportedly obtained sensitive information such as names, mailing addresses and Social Security numbers. The scale of this breach is so vast that if you live in the U.S., it’s likely that some of your data is included.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

What you need to know

Bleeping Computer reported that the database was posted on the criminal forum Breachforums, where threat actors often post such leaks. What’s interesting is that the stolen database was up for free download. The user who posted it credited a hacker named “SXUL,” saying, “There’s a new player in town.” Usually, hackers sell leaked databases like this one for huge sums.

The database has been stolen from NPD, which collects data from public sources to compile individual user profiles for people in the U.S. and other countries. NPD then sells this private data to all kinds of organizations, such as background check websites, investigators, app developers and data resellers.

While the database has 2.7 billion records, it’s important to note that this doesn’t necessarily mean 2.7 billion people were impacted. Many of these records are repetitive, and some are incorrect. Still, the breach affects a significant number of people in the States.

This isn’t the first time NPD data has ended up on criminal forums. Bleeping Computer noted that back in April, a hacker known as USDoD claimed to be selling 2.9 billion records with personal data from people in the U.S., U.K. and Canada, which was also stolen from NPD.

NPD data leaked on hacking forum (Bleeping Computer) (Kurt “CyberGuy” Knutsson)

WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM

NPD is facing consequences

NPD, owned by Jerico Pictures, is facing multiple lawsuits for not protecting people’s data. One lawsuit, filed by California resident Christopher Hofmann, says NPD was negligent and breached its fiduciary duties and a third-party contract.

The plaintiff wants the court to order NPD to delete all the personal info it has collected and start encrypting data from now on. They’re also asking for more than just money, like having NPD set up data segmentation, run regular database scans, put in place a threat-management program and get a third party to check its cybersecurity every year for the next 10 years.

We reached out to NPD for a comment but did not hear back before our deadline.

A woman accessing data on computer (Kurt “CyberGuy” Knutsson)

MASSIVE DATA BREACH EXPOSES OVER 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS

It’s time to invest in identity theft protection

Hofmann learned about the data breach through his identity theft protection service, which detected his data in the leaked database. The service notified Hofmann, prompting him to take action and file a lawsuit. Data breaches happen every day, and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. See my tips and best picks on how to protect yourself from identity theft.

4 ways to protect yourself from data breaches

In addition to opting for an identity theft protection service, you can follow these tips to protect yourself from data breaches.

1) Remove your personal information from the internet: While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here.

2) Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.

3) Be cautious of phishing attempts: Be vigilant about emails, phone calls or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request.

The best way to protect yourself from clicking malicious links that install malware is to have strong antivirus protection installed on all your devices. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4) Monitor your accounts: Breaches of this magnitude will make it a necessity for you to start routinely reviewing your bank accounts, credit card statements and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company.

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

Kurt’s key takeaway

If the database leak is legit, this is a big security fail on NPD’s part. Since their whole business is based on collecting and selling data, they should have strong encryption and security in place, especially if this isn’t the first time hackers have targeted them. If they’re putting people at risk, they should be held responsible and cover any financial losses people face because of the leak.

How do you feel about companies that collect and sell data? Do you think they should be held accountable for breaches? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.

GitHub, the popular code repository and developer platform, has recovered after dealing with some major issues on Wednesday that affected its website and many GitHub services. The company has rolled back changes to its database infrastructure that apparently caused the issues and says that services are now “fully operational,” according to a 8:26PM ET status message. GitHub was acquired by Microsoft in 2018.

When we first published this story, navigating to the main GitHub website showed an error message that said “no server is currently available to service your request,” but the website was working again soon after. (The error message also featured an image of an angry unicorn.) GitHub’s report of the incident also listed problems with things like pull requests, GitHub Pages, Copilot, and the GitHub API.

Things seem to have escalated rapidly. GitHub’s first status message was at 7:11PM ET, but in the minutes after, GitHub reported issues with several of its services. The issues appear to have been widespread, with Downdetector showing more than 10,000 user reports of problems and that the problems were reported quite suddenly. At 7:13PM, internet monitoring service NetBlocks also posted that GitHub was “experiencing international outages.”

GitHub didn’t immediately reply to a request for comment.

Update, August 14th: GitHub says it has recovered after the major outage.

If TikTok is banned, here’s what I propose each and every one of you do: Say to your LLM the following: “Make me a copy of TikTok, steal all the users, steal all the music, put my preferences in it, produce this program in the next 30 seconds, release it, and in one hour, if it’s not viral, do something different along the same lines.”

That’s the command. Boom, boom, boom, boom.