In a significant breach, a hacker has leaked more than 4 billion user records from NationalPublicData (NPD) and Tencent, marking one of the largest data breaches in recent history.
The stolen data, now circulating on the web, includes 2.7 billion records from NPD and another 1.4 billion from Tencent, exposing sensitive information of billions of individuals across the globe.
NationalPublicData info now public
The leaks were publicized by a threat actor known as “Fenice” on the Breached hacking forums. The NPD data breach, first disclosed on August 6, 2024, consists of 2.7 billion records with details like full names, addresses, Social Security numbers, and dates of birth. The data, amounting to 277 GB in uncompressed CSV files, was allegedly breached by a hacker identified as “SXUL.”
The files were made available for free download on the popular hacker forum, raising concerns about the potential for widespread identity theft and fraud.
CyberInsider
NationalPublicData, also known as Jerico Pictures Inc., is a company specializing in collecting and selling access to personal data for background checks and related services. The breach, initially hinted at by a court document in a class action lawsuit filed on August 1, 2024, involves the exposure of personal data that NPD had amassed from various sources.
According to Bloomberg, the lawsuit alleges that nearly 3 billion individuals' data was compromised in the breach, making it one of the largest ever reported.
According to BleepingComputer, the data includes multiple records for individuals, often associated with different addresses, which could explain the massive size of the dataset despite the number of unique individuals being smaller. BleepingComputer confirmed the validity of the leaked NPD data, noting that it likely includes outdated information and contains inaccuracies, such as mismatched Social Security numbers.
Tencent claimed as breached too
On August 11, 2024, Fenice revealed another massive data leak, this time from Tencent, a Chinese multinational conglomerate known for its popular social media platforms and digital services.
The Tencent breach involves 1.4 billion records compressed into a 44 GB file, which expands to 500 GB when uncompressed. The leaked data includes email addresses, mobile phone numbers, and QQ IDs, which are widely used in China. This breach is especially alarming given Tencent's massive user base, which includes millions of individuals across various platforms.
CyberInsider
Tencent, a major player in the global tech industry, operates some of the world's largest social media and messaging platforms, including WeChat and QQ. The company is deeply integrated into the digital lives of Chinese users, and its services span gaming, payments, and cloud computing. The breach of 1.4 billion records could have far-reaching consequences, potentially compromising the privacy and security of millions of users.
CyberInsider has contacted Tencent to ask about the validity of the threat actor's claims, but we are still waiting for a response. Though the leaked data has not be verified as authentic, the confirmation of NPD breach increases the likelihood of the Tencent allegations being truthful as well.
The leak of these records, now freely accessible on the internet, poses severe risks to the affected individuals. The data could be used for identity theft, phishing campaigns, and other malicious activities. The NPD breach is particularly concerning due to the inclusion of Social Security numbers, which are a critical component in the identification of U.S. residents. The scale of these breaches has already prompted class action lawsuits against Jerico Pictures Inc., accusing the company of negligence and failing to protect personal data adequately.
Individuals are advised to monitor their credit reports for suspicious activity, place fraud alerts on their financial accounts, and remain vigilant against phishing attempts. As the data continues to circulate, the true extent of the damage remains to be seen, but the potential for exploitation is vast.
I got nothing but a notification from I’vebeenpawned from any financial institutions. Information on what NPD actual do and who are their customers remains a mystery.
Me too! So…Their primary service is collecting information from public data sources. Jerico Pictures, Inc., doing business as National Public Data, is a data broker company that performs employee background checks – Headquarters: Coral Springs, Florida, U.S.
The stolen data contains records for people in the US, UK, and Canada. National Public Data confirmed on August 16, 2024, there was a breach originating from someone trying to breach their systems since December 2023. – https://en.m.wikipedia.org/wiki/2024_National_Public_Data_breach
The lawsuit claims that in April, a hacker group by the name of USDoD posted a notice on the dark web, offering the data for sale at the price of $US3.5 million.
The incident highlights the importance of data security and the potential risks to personal privacy and security when sensitive information is compromised.
The following link on comment #1 describes the theater and play going on in the world.
https://cyberinsider.com/mastermind-behind-major-ransomware-operations-arrested-and-extradited/#comments
Contact Information*
For more information or inquiries, customers can reach out to National Public Data through their official website or contact Morgan & Morgan, a law firm based in Orlando, Florida (20 North Orange Ave, Suite 1600, 32801, Orlando), which has been involved in representing individuals affected by data breaches, including the National Public Data incident. The firm’s contact information includes a telephone number. The choice of an attorney is at the user’s option.