On August 6, 2024, a massive data breach resulted in the leak of approximately 2.9 billion records, including highly sensitive information such as Social Security numbers. The breach, attributed to the threat actor “Fenice,” involved data stolen from National Public Data, a company known for aggregating and selling personal information. The leaked data, which has been distributed for free on a hacking forum, includes names, addresses, and potential aliases, revealing the depth of exposure for individuals affected by the breach.
National Public Data, also known as Jerico Pictures, is a firm that compiles personal data from public sources to provide background checks and other investigative services. The exposed records, totaling 277GB, were found to be in plaintext and not encrypted, raising serious concerns about the adequacy of the company’s data protection measures. The leaked information not only affects living individuals but also includes data on deceased persons, further highlighting the scope of the breach.
The breach follows previous attempts by the threat actor “USDoD” to sell similar data, though the most recent leak by Fenice appears to be a more comprehensive release. The compromised data was reportedly extracted from older backups, leading to some inaccuracies such as outdated addresses and mismatched Social Security numbers. This has prompted concerns about the accuracy and relevance of the leaked information, potentially impacting the effectiveness of identity verification processes.
In response to the breach, multiple class action lawsuits have been filed against National Public Data for failing to secure its data adequately. Affected individuals are advised to closely monitor their credit reports for signs of fraudulent activity and remain vigilant against phishing attempts that may exploit the compromised information. The incident underscores the critical need for enhanced data protection practices and raises awareness about the risks associated with large-scale data aggregators.
Reference:
