The year of record-breaking data breaches continues unabated as public records data provider National Public Data has reportedly been hacked. According to HackRead.com, a hacker going by the pseudonym “Fenice” posted a collection of 2.9 billion records stolen from National Public Data on the cybercrime platform Breach Forums this week.
“Many different businesses use our service to obtain criminal records, background checks and more all via XML integration,” National Public Data says on its website. “All our data is updated regularly. We guarantee freshness and quality.”
After analyzing the leaked data, HackRead’s research team discovered that the files contained the full names, addresses, cities, counties, states, ZIP codes, and the Social Security Numbers (SSNs) of countless Americans. The total size of the collection is 277 GB.
3 billion records from National Public Data leaked online. Image source: HackRead
As HackRead notes, SSNs allow cybercriminals to “commit identity theft, open fraudulent credit accounts, secure loans, and even file false tax returns.” As a result, anyone impacted could lose money, see their credit score drop unexpectedly, or end up in a prolonged legal battle to reclaim their identity and have the damage undone.
Tech. Entertainment. Science. Your inbox.
Sign up for the most interesting tech & entertainment news out there.
By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.
While the leak is new, the data breach occurred back in April 2024. A hacker going by the alias “SXUL” claimed to have stolen nearly 3 billion records from National Public Data and its parent company, Jerico Pictures, Inc. The cyber criminal group USDoD then worked with SXUL in an attempt to sell the data to interested parties for $3.5 million.
HackRead doesn’t know if the sale was successful, but points out that Jerico Pictures is already facing litigation due to the data breach. The plaintiff alleges that Jerico Pictures failed “to properly secure and safeguard the personally identifiable information that it collected and maintained as part of its regular business practices.”
National Public Data has yet to issue a statement about the hack at the time of writing.