A firm named National Public Data (NPD) that sells personal information for background checking confirmed that it had been hacked big time. This is not just a minor glitch; it is a massive leak that has exposed a significant amount of data.
What Happened?
NPD had a minor insecurity issue. Some of them simply buy and sell personal information mainly for background check purposes, and although this seems like an ordinary business, it is a task that comes with so much responsibility. However, it seems that they have failed to ensure security online. Bugs, or the unsolicited visitors of the informational space, were still able to penetrate NPD’s networks and take a couple of very significant ones.
This information was not merely raw information that could be practically accessed anywhere. And here we’re discussing names, Social Security numbers, addresses, etc. This data has been circulating on dark web forums for months, which is like the trading floor for hackers who sell stolen information much like baseball cards. However, it was only in recent years that NPD has formally recognized the breach and provided some information to us about the incident.
The Slow Response
And now you might start wondering, “Okay, so they have been hacked – what did they do about it?” And it is here where things become rather disappointing. I have to say that NPD were extremely slow to respond to the breach.
Think about seeing your door ajar several months back but only deciding to shut it at this time.
Well, that’s kind of what happened here in that the researchers used the six dimensions to measure the readiness level of the four career clusters for adopting and implementing systems. Hackers were already revealing the data, and NPD did not say anything until they released a Security Incident page this week.
In their statement, NPD claimed that the breach likely originated with a ‘third-party bad actor,’ or hacker, attempting to gain access to their data sometime in the latter half of last year. The leak most probably occurred throughout spring and summer of this year, which is why our data was circulating among people who should not have had access to it.
What’s in the Breach?
Therefore, what kind of files, documents, information, and other items did these hackers manage to access, anyway? As stated by NPD, the end users have their identities compromised through theft of their names, e-mail addresses, phone numbers, Social Security numbers, and mailing addresses. To identity thieves, it is just like a catalog of all the stolen items, and all that needs to be done is for him to act like you.
Worse still, security expert Troy Hunt was quick to note that there was some disconnect on how the data was tied to individuals. This means that not only the information was taken, but it can be sorted, which means that tracking down and rectifying the issue will be even harder.
What’s Next?
If your information was in this breach, what should you do?
First of all, do not despair, no matter how obvious this information is, it is usually the initial step people neglect. What NPD has said is that it will work in collaboration with police and investigators to determine what happened and to communicate to the public if there is a significant new development.
Nonetheless, they have not offered much in terms of incentives or means through which one can get in touch with them for additional information.
For now, NPD is recommending that everyone monitor their respective credit reports. This is good advice because if someone uses your identity, this might appear on your credit report as a new account or unauthorized transaction.
The Bottom Line
This intrusion is a solid reminder that companies who possess and process our information need to be more careful. When one is in charge of protecting critical information he/she cannot compromise in securing it. Unfortunately, NPD learned this the hard way and now it is on us to make sure that our information is more secure.