The National Public Data breach is a sobering reminder that our personal data — everything from our usernames and passwords to our birth dates and Social Security numbers — are just a few keystrokes away from falling into the hands of criminals.
National Public Data is a private company based in Florida that collects information for background checks. Its databases held 2.7 billion people’s full name, address, date of birth, Social Security number and phone number, alternate names and birth dates and email addresses.
NPD was hacked in April, and possibly again this summer, and all that information became available for purchase on the dark web — the seedy underbelly of the internet where criminal activity thrives.
There are a few ways to check if your information was part of the leak. You can use https://npd.pentester.com/ or https://npdbreach.com/ to see if you were part of this specific leak and which pieces of your personal information may have been compromised.
Even if you have no reason to think NPD would have your information, it’s still important to double-check. Criminals can do a lot of damage to your credit, finances — even your reputation — with just your full name, date of birth and address, let alone your Social Security number.
If your information has been leaked, you can protect your credit by putting a freeze on it with the three major credit bureaus: Experian, Equifax and TransUnion. Unfortunately, you have to contact them each individually, and if you plan to make any major purchases (like a car or a house) or open any new accounts (like a credit card or with a new bank) that require a credit check, you have to contact each agency to lift the freeze temporarily. Call it a “thaw,” if you will.
One of things that worries experts about the NPD hack is that it not only compromised identifying personal information, but also people’s email addresses. Those things in combination make it easier for scammers to impersonate someone (spoof their email) or create sophisticated phishing emails targeting specific users. Phishing scams are designed to get people to voluntarily offer up personal information — usually Social Security or credit card numbers — or click on malicious links, often by pretending to be legitimate companies or by scaring people into clicking links to avoid supposed late fees or other strange charges to their accounts.
Unfortunately, it’s fairly common for people’s email addresses to be leaked as part of — for lack of a better word — minor data breaches. So many apps and websites require us to put in our email addresses, even if we don’t make an account. That information gets stored and can be compromised. Same with usernames and passwords.
You can check to see if your email address — and related information — has been leaked in any data breach at https://haveibeenpwned.com/. If your email address has been part of any known hack, this site will tell you, along with which data breach compromised your address and what other kind of information may also have been exposed by that hack.
There are some things we can do to protect ourselves: use unique passwords for every site (we know — much easier said than done), two-factor authentication and specific online security services, like antiviral software to safeguard our information or like credit monitoring to alert us when something has happened.
The hazard of modern life is even the most basic things we do anymore require us to give up personal information that is then stored electronically. And unfortunately, that information is never as safe as we wish it to be.