More details about the cyberattack on National Public Data, a background check firm owned by Jerico Pictures Inc., have emerged since the company’s first public statement about the incident last week.
According to a recent filing with the Maine Attorney General’s Office, NPD says 1.3 million Americans were affected by the breach. However, other reports and expert commentary range from hundreds of millions of people to upwards of 2.7 billion affected. A lawsuit against NPD claims the number of people affected could be as high as 2.9 billion. At this time, it remains unclear exactly how many people were affected.
What we do know is that data stolen by hackers includes names, social security numbers, phone numbers, email addresses and postal addresses. That data was then leaked in April and this summer, according to NPD.
“We cooperated with law enforcement and government investigators and conducted a review of the potentially affected records and will attempt to notify you if there are any further significant developments applicable to you,” NPD said in a statement posted on its website. “We have also implemented additional security measures in an effort to prevent the recurrence of such a breach and to protect our systems.” Please note that the NPD website is still blocked on some browsers due to increased security.
The lawsuit against NPD seeks class action status and states that the amount of stolen data was put up for sale on the dark web by the cybercriminal group USDoD for $3.5 million. Additionally, the plantiff was only alerted to the NPD breach thanks to a notification from his identity theft protection service on July 24.
National Public Data and Jerico Pictures Inc. has not responded to CNET’s multiple requests for comment.
How to protect your identity after a data breach
Data breaches are popping up more often. More than 1,500 data breaches have occurred in the first half of 2024, affecting about 1 billion people, according to the Identity Theft Resource Center. This includes prominent breaches at AT&T and Ticketmaster this year.
If you are concerned about this latest data breach or simply want to protect your personal data, there are steps you can take. Remember, just because your data was compromised in a data breach doesn’t mean your identity is stolen. However, bad actors will have more complete profiles of you if you end up being targeted.
Fortunately, there is much you can do to protect your identity.
Change your password
If you receive notification that your data has been compromised in a breach, your first step should be to change your password for the affected account to prevent unauthorized access. If you use the same password for other accounts, it’s a good idea to update them as well.
A good rule of thumb is to use a unique password for each online account. If you find it difficult to manage, try keeping your passwords safe with a password manager.
Beware of phishing and smishing attempts
Be wary of targeted phishing and smishing attempts by cybercriminals who want to extract personal data from you. With so much information about us online and on social media, cybercriminals have become crafty in devising effective scams to trick victims.
It is important not to click on random links on your phone or email, which could lead to malicious software being downloaded to your devices.
Also, don’t give your financial account details or social security number on a whim to anyone, as this could lead to unauthorized access to your bank accounts or even identity theft.
Sign up for identity theft protection
It may be worth signing up for identity theft protection if you’re really worried about your identity being stolen. Individual coverage ranges from $7 to $15 per month. Family plans are also available.
Services like Aura, CNET’s top pick for identity theft protection, scan for your personal data on the dark web and monitor your credit and bank account activity. If your identity is stolen, the best identity theft protection companies will help restore your identity and provide insurance to cover stolen money and necessary expenses.
Aura
CNET’s pick for best overall identity theft protection
Freeze your credit
Freezing your credit with Equifax, Experian and TransUnion is the best way to prevent bad actors from opening new credit accounts in your name. I just froze mine and found the process surprisingly easy. You’ll have to free up your credit every time you want to apply for a new credit card or car loan, but in our opinion, the benefits outweigh any pain points.
Keep in mind that cybercriminals can still access your existing credit and bank accounts, so this is not a foolproof solution. But freezing your credit is free.
Keep an eye on your credit reports
If you choose not to freeze your credit reports, you can still download a free credit report every week from each of the three major credit bureaus. Be sure to monitor your credit profiles for new accounts you haven’t opened. You can download your free credit reports here.
You can also sign up for a credit monitoring service that can alert you when new accounts are opened in your name. CNET Money editor Evan Zimmer recommends Experian’s credit monitoring service, which ranges from $0 to $25 a month.
You should also get into the habit of checking your bank statements for any fraudulent charges.