Monitoring the Gargantuan NPD Breach
“Local Florida man exposes…millions of Social Security numbers?” Ok, that’s not usually how those headlines go, and in this case it’s a Florida based firm, rather than an individual. National Public Data (NPD), a data broker owned by Jerico Pictures, Inc., provides information for background checks. This past April, a hacking group stole the records of almost 3 billion people, and is now selling the full 277.1 GB database for $3.5 million on the dark web, including SSNs, names, phone numbers and addresses. One unique feature of this dataset was how long it stretches back, with some addresses going back decades.
A lawsuit alleges that “this unencrypted, unredacted PII [personally identifiable information] was compromised, published and then sold on the Dark Web, due to the Defendant’s negligent and/or careless acts and omissions and their utter failure to protect customers’ sensitive data.” As NPD is not bound by regulations for critical infrastructure, they were not required to report the incident within 72 hours. Nor has the organization yet commented on the breach.
This is an event which is now categorized as a “five-alarm wake-up call,” says Teresa Murray, consumer watchdog director for the U.S. Public Interest Research Group. Each breach creates progressively fewer excuses for people not to take their data security seriously, and this one especially. As a result of NPD’s hack, the potential for a new wave of cyber crime and fraudulent activity soars.
Ironically, one of the recommended proactive measures people can take to protect their identity involves utilizing the services of major credit bureaus like Equifax and Experian, which are not strangers to massive data breaches. Nevertheless, people who suspect their information might have been compromised by NPD may want to look into a credit freeze. After all, all it takes to steal someone’s identity is access to their social media account or email, points out Bryan Lewis, CEO of Intellicheck.
That NPD did not securely encrypt the valuable data of citizens is inexcusable, in this current era when we know that the importance of doing so cannot be overstated. This is a concept that NetLib Security has made our core concern. Our Encryptionizer solution securely encrypts sensitive data at rest across all environments – physical, virtual and cloud. No additional programming is required. When cyber thieves inevitably try to access your data, encryption will render it useless to them.
While organizations get their data ducks in a secure row, the rest of us must continue to look after our own credit and bank accounts and monitor our data.