Data Breach at National Public Data Exposes Millions of Personal Records
Recent revelations have surfaced regarding a significant data breach involving National Public Data (NPD), a consumer data broker that recently compromised the personal information of hundreds of millions of individuals. The incident included the unauthorized exposure of Social Security Numbers, phone numbers, and addresses belonging to a vast number of Americans. KrebsOnSecurity reported that another NPD-affiliated data broker inadvertently published administrative passwords linked to its back-end database, making them accessible through a file on its website until earlier today.
In April, a cybercriminal known as USDoD began selling data harvested from NPD. Following that, in July, details emerged concerning the leaked information, which included names, addresses, and phone numbers for over 272 million individuals, some of whom are deceased. NPD officially acknowledged this breach on August 12, attributing the incident to a security flaw discovered in December 2023. In a subsequent interview, USDoD implicated another hacker for the July leak, asserting that it stemmed from shared access to the NPD database that had been circulating illicitly since December.
In a twist related to this breach, a tip led KrebsOnSecurity to uncover that RecordsCheck.net, a sister site of NPD, was hosting a compromised archive containing administrative usernames and passwords. This archive was publicly accessible until just prior to the article’s publication on August 19. It contained not only plain text credentials but also the source code for various components of RecordsCheck, revealing a website design that closely mirrored that of nationalpublicdata.com.
Analysis of the exposed archive, designated as "members.zip," indicated that all initial users of RecordsCheck shared a common six-character password which many failed to change. Notably, records from breach tracking service Constella Intelligence highlighted that these exposed passwords matched those from previous breaches linked to NPD’s founder, Salvatore “Sal” Verini, who has a background as both an actor and a retired sheriff’s deputy in Florida.
In an email correspondence with KrebsOnSecurity, Verini confirmed that the compromised archive had been removed but stated that it contained outdated information. He noted that the website is also scheduled to shut down imminently. Verini declined to elaborate further due to the ongoing investigation but expressed a commitment to transparency once more information becomes available.
The leaked source code revealed that RecordsCheck.net was developed by CreationNext, a web development firm located in Lahore, Pakistan. Attempts to reach the firm for a comment were unsuccessful. The company’s homepage notably features a testimonial from Verini, indicating a prior working relationship.
In light of this extensive breach, several websites have emerged to assist individuals in checking whether their personal data has been compromised. Among these resources is npdbreach.com, operated by Atlas Data Privacy Corp, along with another service at npd.pentester.com. These tools, however, have raised concerns as they indicate that NPD may have maintained outdated and largely inaccurate data on users.
For those affected by this breach, it is prudently recommended to initiate a freeze on credit files across major consumer reporting bureaus. Implementing a credit freeze significantly raises the difficulty for identity thieves in establishing new accounts fraudulently. Given the pervasive availability of sensitive information due to numerous data breaches, the necessity for individuals to protect their identities has never been more critical.
At this point, all Americans have the right to obtain free weekly copies of their credit reports from the three major credit bureaus, thanks to a recent extension of the program by the Federal Trade Commission initiated in October 2023. This proactive measure allows consumers to monitor their credit activity closely and address any inaccuracies they encounter.
In reviewing the implications of this breach through the lens of the MITRE ATT&CK framework, tactics that may have been employed include initial access via compromised credentials, persistence through the establishment of backdoor entry points, and privilege escalation actions that facilitated broader access to sensitive personal data. With these ongoing threats, business owners and professionals are urged to remain vigilant and take comprehensive measures to safeguard their information and that of their clients.
