National Public Data (NPD) shockingly disclosed last week that it endured a security violation that could be traced back to December of the previous year. An alleged pilfered NPD database, encompassing a staggering 2.9 billion lines of data, including Social Security numbers, was flaunted on the dark web in April by a hacker group named USDoD for a whopping $3.5 million. Subsequently, the stolen data has been made public in diverse locations.
Now, “Krebs On Security” reports that a website strikingly similar to NPD, called recordscheck.net, was discovered hosting an archive that contained site logins and the source code for some of the site’s tools in plaintext. This would have provided sufficient information to access the same consumer records as NPD. The now-removed file contained email data belonging to NPD founder Salvatore Verini, an actor and retired sheriff’s deputy from Florida.
In an email interchange with “Krebs On Security”, Verini wrote that the file encompassed an old website version with “non-working code”, and the site would halt its operations “in the next week or so”. Verini refrained from further comments, citing an “active investigation”. “Krebs On Security” also unearthed that Verini composed a positive testimonial for Creation Next, a web developer company mentioned in the archived source code.
Since the leak on the hacker forum last month, several websites such as npdbreach.com, from Atlas Data Privacy Corp, and npd.pentester.com have emerged, claiming to offer searches to determine if your information is included in the leak. Utilizing these services, undoubtedly, implies that you need to input your name, birth year, and perhaps your SSN into someone’s form. As “Krebs” points out, given the numerous leaks that have already exposed similar information, the most advisable course of action might be to impose a freeze on your credit report with the major bureaus (Equifax, Experian, and TransUnion) and avail yourself of the free weekly credit reports to which you are entitled.