Remember that data broker nobody had ever heard of, but managed to leak a database which contained the data of some 2.9 billion people? It’s back, and this time with a search function.
National Public Data suffered an alleged breach in 2024 against a data base that, it turned out, carried 272 million unique social security numbers (SSNs.) Granted, that there are limits to the safety of using a nine-digit ID in 2025, but the news that the folks at National Public Data have decided it’s time for a comeback made me slightly nauseous.
After the fall-out of the aforementioned leak and others, the site shut down in December amid a wave of lawsuits against parent company Jerico Pictures. But the people at PCMag noticed that the domain nationalpublidata[.]com has been brought back to life.
In an update page about the security incident, the new owner states:
“Jerico Pictures, Inc., the Florida company that suffered a major data breach in 2024, no longer operates this site. We have zero affiliation with them.”
Data brokers scrape, collect, and aggregate data, combining disparate details into comprehensive dossiers. Sometimes your information ends up there because of public records. And sometimes it’s the result of poor security, or, as we see a lot unfortunately, a leak, ransomware attack, or other type of data breach.
On their “About us” page the new owners note:
“We collect the data you find on our people search engine from publicly available sources, including federal, state, and local government agencies, social media pages, property ownership databases, and other reliable platforms. After the data is in our hands, we verify and filter it to make sure it is indeed accurate and up-to-date.”
Their goal:
“National Public Data is a people search website where you can find accurate information about US citizens. Our database gives you access to millions of public records to help you find the data you need the most for various purposes. Privacy, speed, and ease of use are at the heart of what we do. Start your search today and discover what you can learn.”
If you live in the US, it might be prudent to check what information they have about you and where they might have scraped that from. Did you know you can have a lot of that information removed?
In the meantime, the “info spillers” are back, and they seem to be making up for lost time. The real question isn’t if your data is at risk. It’s what you’re going to do about it now.
Protecting yourself after a data breach
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
- Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened and follow any specific advice they offer.
- Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
- Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
- Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims and verify the identity of anyone who contacts you using a different communication channel.
- Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
- Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
- Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online and helps you recover after.
We don’t just report on data privacy—we help you remove your personal information
Cybersecurity risks should never spread beyond a headline. With Malwarebytes Personal Data Remover, you can scan to find out which sites are exposing your personal information, and then delete that sensitive data from the internet.
Source link
