The data broker company, National Public Data, has recently published information on leaked data. While initially, the information was uncertain, later the firm confirmed the statement that read,
“There appears to have been a data security incident that may have involved some of your personal information… The information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es).”
The breach, which occurred on December 30, 2023, was later published by the Maine Attorney Journal. As further reported by NPD and the firm, the total number of victims reported was 1.3 million, out of which 2760 were Maine residents.
The National Public Data reported, “The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024.”
Meanwhile, the April and summer dates are the same as HackManac announced the availability of a 4 TB database that contained 2.9 billion rows of national public data for $3.5 million.
The venerable infosec expert and maintainer of HavelBeenPwned, Try Hunt, focused on the database and found 134 million unique email addresses. Hence, only when every one of the 1.3 million people had access to 100 email addresses, which is unlikely, and there are chances that more people would have been affected than what was stated by the National Public Data.
Later, a notice was issued to the affected individuals by the NPD. It read, “There seems to have been a data security breach that may have compromised some of your personal information. The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024. We conducted an investigation, and subsequent information has come to light.”
Further, the letter gave details on what information had been breached, saying, “The information suspected of being breached included a name, email address, phone number, social security number, and mailing address(es).”
While NPD disclosed only 1.3 million individuals suffered from the data breach, it is important to note that the numbers have gradually increased in the month. In April 2024, the FBCS data breach disclosed that an estimated 1.9 million individuals had been impacted; however, it spiked to 3.2 million in May 2024. Currently, it has a total of 4.2 million.
On the contrary, a detailed analysis of the national public data breach currently remains confidential.