Data Leaked In NPD Breach Could Be Used In Cyber Warfare


Global geopolitical tensions are as bad as they’ve been in a long time. In this context, cyber warfare threatens our way of life more than ever. Assume your sensitive data has been compromised and can be obtained by an adversarial nation-state, which could then use this data to wreak havoc on entire populations. 

Banks, medical providers, educational institutions–you name it–have all been hacked, and all this data now floats out there on the dark web. The National Public Database (NPD) hack potentially compromised billions of records, including most sensitively social security numbers.

EHA

All of this is now available on the dark web, available for anyone to use for the opening up of new accounts in your name or loans. Your identity is no longer your identity. 

How Bad Was The NPD Hack?

The fall out has only just begun. With Social Security numbers, email addresses, and the treasure trove of online data available from past hacks, bad actors could cause havoc by opening up accounts, taking out loans, etc. in the names of Americans, and destroying their credit. On a mass scale, this could cause distortions and pricing loans could become more difficult to price as a result. As loan prices creep up due to the confusion, the economy stalls.

NPD’s haphazard storage of American user data is shocking. NPD published the passwords to its back-end database in a freely available database on its website.

The extent of the breach, however, still remains unknown. NPD is legally required to disclose the breach, but failed to do so, saying it was investigating the claims it had been hacked. Multiple lawsuits, filed likely as fact-finding missions to see if a court can require the company to reveal what it knows, broke the story in the headlines, and forced NPD to confirm the breach. 

Jerico Pictures Inc., the Coral Springs entertainment company that apparently does business as NPD, has acknowledged that the breached information contained name, email address, phone number, social security number, and mailing addresses. 

The claims of 2.9 billion pieces of data are likely inflated. Still, if one-tenth of that number was compromised, then nearly the entire U.S. population could have had sensitive details, including its social security numbers, compromised and made available to any bad actor, nation-state or otherwise. Even if the data breach turns out to not be the largest and most sensitive in history, as it currently stands, the story remains troubling. NPD stored data in a way where anyone could access it, and release it. 

Reliable Information Is Sparse To Come By 

If details of 2.9 billion pieces of data are true, then the NPD breach is larger than the previous largest in history, the 2013 Yahoo data breach. All 3 billion Yahoo accounts were affected. Names, email addresses, phone numbers, and birthdates were acquired. It took four years for the whole truth to come out. 

NPD failed to acknowledge the hacks until August 12, 2024, despite the first breach taking place in December 203. The breach first hit the headlines when a class action lawsuit was filed in the U.S. District Court in Fort Lauderdale, Florida. 

The 2.9 billion records allegedly compromised (277.1GB uncompressed) date back at least three decades. The data was put up on the dark web for $3.5 million, and subsequently leaked. 

What Can You Do To Protect Yourself Against The NPD Hack? 

Presently, only anonymous threat actors passing the data around on the dark web, as well as possibly NPD, know the extent of the damage. The rest of us are left in the dark for now. It could be that way for a while.

Consider freezing your credit at the Big Three credit agencies, and use Tier 2 authentication across all of your accounts, which means second factor authentication where you need a second device to access an account. If you don’t want to use Tier 2 authentication on all of your accounts, then use it at least for banking, retirement, and stock accounts. 

Individuals must take actions which increase their self-sovereignty to protect themselves in an increasingly tense world, where cyber warfare could bring global geopolitical tensions to the intimate parts of your life.



Source link