HQ/EMEAFind out how we can help your business
A hacker named USDoD has leaked almost 2.7 billion records of personal information owned by individuals in the United States on a hacking forum. Based on reports, the billions of records contain names, social security numbers, all known physical addresses, and potential aliases.
The information was allegedly obtained from National Public Data, a corporation that collects and sells access to personal data for background checks, criminal records, and private investigators. Moreover, the National Public Data is thought to scrape this data from public sources and construct individual user profiles for persons in the US and other nations.
USDoD claimed responsibility for the leak and selling of billions of records.
USDoD claimed in April that it sold 2.9 billion records, including personal data from persons in the United States, the United Kingdom, and Canada, taken from National Public Data.
At the time, the threat actor offered to sell the data for $3.5 million, claiming it had records for everyone in the mentioned countries. The culprit is a notorious threat actor who has previously been linked to an attempted sale of InfraGard’s user database for $50,000 in December last year.
Since then, other threat actors have released partial versions of the data, with each leak containing a different number of records and, in some cases, different data. Moreover, earlier this month, a threat actor known as “Fenice” shared the full version of the stolen National Public Data information for free on the Breached hacker forum.
However, Fenice claims that the data breach was executed by a separate threat actor named ‘SXUL’ rather than USDoD. The leaked data consists of two text files totalling 277GB, each containing almost 2.7 billion unencrypted records, as opposed to the USDoD’s original 2.9 billion.
Still, whether or not these claims are factual, potentially impacted individuals in the United States should be careful, as this data breach most certainly exposed some personal information. Furthermore, because the data contains hundreds of millions of social security numbers, it is recommended that users monitor their credit reports for fraudulent activity.
Users should be wary of phishing and SMS texts that trick them into disclosing more sensitive information since the earlier released samples included email addresses and phone numbers.
