Courses
Cloudwards Video Courses New

Cloudwards.net may earn a small commission from some purchases made through our site. However, any earnings do not affect how we review services. Learn more about our editorial integrity and research process.

Social security data breach

Social Security Data Breach: What to Do, How to Check, How to Protect Yourself in 2024

The National Public Data breach dumped 272 million social security numbers onto the dark web. To find out whether yours was among them and learn how to protect yourself, read this urgent article on the social security data breach.

Samuel ChapmanBrett DaySimona Ivanovski

Written by Samuel Chapman (Writer, Editor)

Reviewed by Brett Day (Writer, Editor)

Facts checked by Simona Ivanovski (Fact-Checker)

Last Updated: 2024-09-02T20:41:15+00:00

All our content is written fully by humans; we do not publish AI writing. Learn more here.

Key Takeaways: NPD Data Breach
  • A large trove of names, social security numbers and other identifying information was stolen from a background check firm called National Public Data in April 2024. In August 2024, an information broker shared the database for free on a hacking forum.
  • To see if your SSN has been leaked, go to npdbreach.com or npd.pentester.com, and search for your information.
  • If you discover your SSN in the stolen data, immediately place a freeze on your accounts with all three major credit bureaus in the U.S. This will prevent criminals from using your information to open new lines of credit in your name.

Facts & Expert Analysis: Social Security Data Breach & What to Do

  • Inaccurate numbers: Some articles claim that 2.9 billion individuals had their private data shared on the dark web, but this is misleading. Up to 2.9 billion records were stolen, but many of these concerned the same people.
  • Risks of a stolen SSN: The biggest danger of a compromised social security number is that a scammer could use it to gain control of your financial accounts or open new ones in your name. This is harder for them to do if you have two-factor authentication enabled.
  • Data broker complicity: A class action lawsuit aims to hold National Public Data liable for collecting data without obtaining consent and then failing to secure it against hackers. The whole incident spotlights the importance of opting out of data brokers altogether.

In a way, the data compromised in the National Public Data breach was stolen twice: first by the data broker itself — which allegedly scraped it from protected sources without its subjects’ permission — and then a second time by the hacker or hackers known as SXUL. We’ll explain how to tell if this social security data breach impacted you and what you can do about it.

The most important thing to know about the NPD breach is that it’s both more and less alarming than it seems. The reported theft of 2.9 billion records counts each individual line of data, not each impacted person. Since many people have changed addresses several times, the actual number of impacted people is much lower, though it could still be over 250 million.

On the scarier side, the compromised records are supposedly extensive, including names, social security numbers, birth dates, phone numbers, addresses and other personal data. That’s more than enough for a criminal to use for identity theft and financial crimes.

Don’t feel powerless, though, as you can take steps to mitigate the damage and protect yourself from the next breach. Start by securing your accounts with strong passwords and multi-factor authentication. Using one of the best password managers can help. You can also read our guide on how to protect your privacy.

Online Security

Check out our online security courses and grab a limited-time offer.
Enrollment available now!

Enroll Now

In addition to the specific advice we’ll share right now, make sure you’re following all the tips in our comprehensive online privacy guide. Our data privacy statistics also show just how costly identity theft can be.

What Happened to My Data in the National Public Data Breach 2024?

Jerico Pictures, which operates under the name National Public Data (NPD), is a Florida-based company that conducts background checks for employers and investigators. Although it doesn’t explain how it gets its data, a class-action lawsuit alleges that NPD “scraped their PII (personally identifiable information) from non-public sources.”

By its own admission, NPD was aware of an attempted hack as far back as December 2023, though the data theft itself occurred in April 2024. Investigations suggest that the weak point was a sister site of NPD, RecordsCheck.net, which left administrative credentials for NPD on an unencrypted and easily obtainable file on its website.

The hacker or hackers, who likely went by the name SXUL, gave the data to USDoD, a group that has served as a broker for previous data breaches. USDoD initially attempted to sell the stolen data for $3.5 million. However, it seems there weren’t any takers, as a member named “Fenice” turned up on BreachForums in August offering the entire file for free.

Since it’s difficult to trace the origin of stolen information, it’s hard to say whether this breach has led directly to any crimes. Also, security researchers are still verifying the 2.7 billion leaked records, with many already turning out to be inaccurate. Currently, our best guess is that 272 million unique SSNs were compromised, though many belong to deceased individuals.

NPD Response to Data Theft

In the United States, there are essentially no regulatory barriers to starting a data brokerage business, so it’s not surprising that many are totally incompetent at protecting your data and utterly helpless in a crisis. NPD released a statement on the breach that essentially tells all the victims of its blundering that they’re on their own.

npd breach page
National Public Data’s insulting “breach information” page sheds no light on what measures — if any — are being taken to mitigate the danger to the public.

Specifically, NPD says that it “will try to notify you if there are further significant developments applicable to you,” though NPD itself doesn’t appear to have notified anybody. It further claims to have “implemented additional security measures,” but with no specifics, it’s best to assume that these measures don’t exist.

How to Check If My Social Security Data Was Compromised

The good news is that cybersecurity companies have stepped into the gap where NPD has failed. Atlas Privacy — which is also attempting to verify the leaked information — has built a website where you can search the stolen records by name, SSN or phone number. Pentester offers another site that allows you to search by name, state and birth year.

Search for Your Social Security Number in the NPD Breach

We recommend using both npdbreach.com (the Atlas Privacy site) and npd.pentester.com (the Pentester site) to check for your SSN in the leaked NPD data. Make sure to check previous addresses and names if yours have changed. If your SSN appears on either site, proceed directly to the next section, which explains how to protect yourself.

atlas privacy breach site
The search tool at npdbreach.com lets you search by social security number, which helps you check for your prior names and addresses.

Search HaveIBeenPwned for Your Email Address

Although the social security data that “Fenice” shared in August did not include email addresses, other reviews of the data suggest that emails might be included elsewhere in the records. As a precaution, use HaveIBeenPwned.com to see if your email address has been part of a prior data breach, and change any password connected to a compromised account.

Get Your Free Weekly Credit Report

As of October 2023, Americans have the right to request one credit report per week from each of the three bureaus — Equifax, TransUnion and Experian. You can do this through AnnualCreditReport.com (which is so named because the previous policy only allowed one free credit report per bureau per year).

Check these reports often to look for unusual or illegal activity. If a report shows that someone opened a new credit line in your name, it’s highly likely that they did so with a stolen social security number. Contact the lender, your bank and the Federal Trade Commission (FTC) to report the malfeasance; it’s essential to start a paper trail as soon as possible.

How to Protect Yourself From a Social Security Data Breach

If you’ve discovered that your SSN was part of the NPD breach, take these steps immediately. The advice below pertains to individuals, but if you run a business, you may also want to sign up for a cyber insurance plan.

Freeze Your Credit

Contact each of the three credit bureaus and request a freeze on your credit. The bureaus will assign you a unique number you can use to lift the freeze. Credit freezes are free and don’t hurt your credit score. They simply make it more difficult for anybody to access your credit files without your permission, including the credit bureau itself.

equifax security freeze
Equifax and the other credit bureaus are legally prohibited
from charging you to place or lift a credit freeze.

Be warned that the credit bureaus also offer “credit lock” services. Although they purport to do the same thing, a credit lock is not the same as a freeze. A credit freeze is a regulated service guaranteed by federal law, while a lock comes with no protections requiring it to work as advertised.

Consider a Credit Monitoring Service

Credit monitoring automates the process of watching your credit reports. Signing up for these services means you should get notified anytime something suspicious happens on your account. Experian offers free credit monitoring, while Equifax and TransUnion handle free monitoring through Credit Karma.

Opt Out of Data Brokers

Most private data brokers like NPD are required to honor deletion requests from users. You can send these requests yourself, but there are hundreds of data brokers, so it’s easier to go with an automated service like Surfshark Incogni. These sites search data brokers for your information and send opt-out requests on your behalf, but they cost money.

Use Strong Passwords & Two-Factor Authentication

The more information that identity thieves have on you, the easier it is for them to impersonate you to your bank, credit card company and mortgage lender. Using long, unique passwords and two-factor authentication for each account will make it that much harder for them to pose as you.

Final Thoughts

Although the media has inflated the threat from the NPD breach, with many outlets erroneously stating that 2.9 billion people were affected, the exposure of 272 million social security numbers is still an extremely serious matter. As soon as possible, use Atlas Privacy or Pentester to check for your information in the breach and take mitigating actions.

We’d love to hear your comments on how the NPD breach has affected you. Was your SSN exposed? Have you used a credit monitoring or opt-out service? Do you agree that data brokers should be more closely regulated? Let us know, and thanks for reading.

FAQ: Social Security Number Data Breach Protection

  • If your SSN appears in a data breach, immediately freeze your credit with TransUnion, Equifax and Experian. This prevents the identity thief from posing as you to open new accounts.

  • Use the free tools at npd.pentester.com or npdbreach.com to search the stolen database for any information pertaining to yourself. Also, monitor your credit reports for suspicious activity or new accounts you didn’t open.

  • You can’t freeze your SSN, but you can freeze your credit with Experian, TransUnion and Equifax to prevent your SSN from being misused. Credit freezes are free and won’t hurt your credit score.

  • At npdbreach.com, search by your social security number to see if it appears in the leaked data.

↑ Top