A Florida firm has all but confirmed that millions of people’s sensitive personal info was stolen from it by cybercriminals and publicly leaked.
That information, totaling billions of records, includes the names, Social Security numbers, physical and email addresses, and phone numbers of folks in the United States, UK, and Canada. It’s the sort of records data brokers regularly buy and sell.
And it is now available via the dark web for anyone to download and use for fraud.
Back in April, crooks using the online handle USDoD wrote on a cyber-crime forum that they were selling for $3.5 million what was alleged to be 2.9 billion records, across multiple files in a 277GB archive, on US, Canadian, and British citizens, including their aforementioned names and phone and Social Security numbers where relevant, as well as their address histories going back 30 years and details of their parents and relatives.
That silo of personal info was stolen from an outfit called National Public Data, or NPD, a small information broker based in Coral Springs that offers API lookups to other companies for things like background checks. According to USDoD, the stolen data was collected by NPD between 2019 and 2024. The firm likely sourced that info at least from public records at the local, state, and federal level.
A cyber-thief using the handle SXUL pilfered the information and passed it to USDoD to sell, which sparked a lawsuit against NPD at the start of this month.
Some of the stolen information had been leaking out via the dark web in bits and pieces, though last week, someone using the handle Fenice dumped what’s claimed to be 2.7 billion records from that collection onto the internet for anyone to download for free if they know where to look. Note that it is a database with billions of rows, not billions of individuals; there are a lot of inaccuracies in the data, as well as a lot of dead people, and duplication.
After weeks of silence, and countless people starting to get alerts from privacy and anti-fraud services that their personal info has been leaked, NPD has, in cagey language, confirmed it was compromised and that its data was stolen and shared. According to the biz, it was ransacked in December, and the leaks started in April, leading up to now.
[…]
Source: Florida data broker says it was ransacked by cyber-thieves • The Register
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft