What You Should Do About the NPD Data Breach

Yes, You Should Freeze Your Credit! 

Have you heard about a recent data breach full of Social Security Numbers? Are you concerned about the potential impact of the recent NPD Data Breach?

We’ve got you covered with the context, and the precautions you can take protect yourself (skip down to “What You Can Do to Protect Yourself and Your Loved Ones” if you just want actionable tips!).  

Understanding What Happened 

What is NPD? 

National Public Data (NPD) is a data broker and background check company that collects  personal information on individuals. They gather data from various public sources, including government records, court documents, and social media. This data can include names, addresses, Social Security numbers, phone numbers, and other sensitive information. 

How Did the Breach Happen? 

The exact details of the NPD breach are still emerging, but it appears that a criminal hacker group gained unauthorized access to the company's systems. This breach resulted in the exposure of a massive amount of personal data online belonging to millions of individuals. 

Why Did the Breach Occur? 

While the specific reasons for the breach are still under investigation, let’s face it, it probably comes down to the classic basics: 

• Vulnerable Systems: Outdated or insecure software and infrastructure can create vulnerabilities that hackers can exploit. 

• Lack of Adequate Security Measures: Insufficient security practices, such as weak passwords or a lack of two-factor authentication, can make it easier for attackers to breach systems. At Reveal Risk, as we are assisting our clients to level up their cyber program, we often find that even with modern cyber tools and technologies, loose processes sink the ship. 

• Human Error: Mistakes made by employees, such as clicking on phishing links or sharing sensitive information, can provide entry points for hackers. 

What Was Compromised: 

While specific details might vary, most breaches involve a compromise of sensitive personal information. In the NPD breach, not all this information was leaked for every individual, but most can expect compromise on at least some of the following: 

• Names 
• Addresses 
• Social Security numbers 
• Credit card information 
• Driver's license numbers 

How To Find Out If You Were Impacted 

Several trusted sites and services have been set up to confirm if your information was released.  However, beware of fraudulent checking sites.  Cyber criminals always take advantage of popular news, events, and incidents to trick them to further compromise themselves.  The site we used was: https://npdbreach.com. 

What You Can Do to Protect Yourself and Your Loved Ones 

1. Monitor Your Accounts Closely: 

• Financial Accounts: Keep a close eye on your bank, credit card, and investment accounts for any unauthorized transactions or suspicious activity. Worried about something? Report it.  

• Credit Reports: Regularly check your credit reports through  AnnualCreditReport.com or other commonly available credit monitoring services. Look for any new accounts, inquiries, or debts that you don't recognize, and report suspected fraud immediately. 

• Other Accounts: Monitor accounts like utilities, phone service provider, and streaming services for unusual activity. 

2. Review Communication: 

• Emails and Texts: Be cautious of any unsolicited emails or texts claiming to be from your financial institutions or other trusted organizations. These could be phishing attempts. When in doubt, just ignore the email and reach out to your bank or other organization yourself.  

• Calls: Be wary of unsolicited phone calls, especially those asking for personal information. Do not provide any sensitive details unless you initiated the call. 

3. Utilize Credit Monitoring Services: 

• Consider signing up for a credit monitoring service. These services can alert you to potential fraud and provide additional protection. Many financial institutions, banks, and credit card companies provide these services at no cost to customers.   

• Freezing your credit proactively is the best alternative and has become super quick and easy to do as well.  You can unfreeze it when you need it but anytime you’re not actively pursuing a new credit account or inquiry, consider freezing it with all three major credit bureaus. Once you need it you can ask the company pulling your credit which one they use and unfreeze that one specifically for a temporary time frame.  

• Equifax: https://www.equifax.com/personal/credit-report-services/credit-freeze/ 

• TransUnion: https://www.transunion.com/credit-freeze 

• Experian: https://www.experian.com/freeze/center.html  

4. Additional Preventative Measures for Good Personal Cyber Hygiene: 

• Strong Passwords: Use unique, complex passwords for all your online accounts. Consider using a password manager to help you manage them securely. 

• Two-Factor Authentication (2FA): Enable 2FA whenever possible. This adds an extra layer of security by requiring a code sent to your phone or email in addition to your password. 

• Be Cautious of Phishing Attempts: Be aware of phishing scams. Never click on links or open attachments in emails or texts from unknown sources. 

• Regularly Update Software: Keep your operating system, web browser, and antivirus software up to date to protect against vulnerabilities. 

• Limit Sharing of Personal Information: Be cautious about sharing personal information online, especially on social media. 

As in many things in cybersecurity and life, there is no 100% protection to reduce your risk of being compromised to zero. But if you do these things, you will minimize your chances, and that is the best that we can all do in this day and age. 

Have other cybersecurity concerns? Reveal Risk can help. Get in touch any time to discuss your organization's needs.