3 Billion People Affected by the National Public Data Breach—What to Know

3 Billion People Affected by the National Public Data Breach—What to Know 

News broke about a data breach that affected nearly three billion people, and it left many consumers stunned. The company at the center of the storm is Jerico Pictures Inc., better known as National Public Data (NPD). NPD runs a background check service that promises instant access to billions of personal records.

This isn't a case of stolen passwords, which is painful but fixable. You reset them and move on. This case is different. What leaked from NPD includes names, home addresses, Social Security Numbers, and even family relationships stretching back decades. That’s information you cannot replace or undo.

This article explains what National Public Data is, how the breach happened, what was exposed, and what you can do to protect yourself if your details were included.

What is National Public Data

National Public Data is a data aggregator. It doesn’t rely on people voluntarily handing over information. Instead, it collects and organizes data from many different sources.

• Some of that information comes from public records like property filings, voter registrations, and court documents.
• Other details are gathered from commercial databases purchased from companies that track consumer behavior.
• Once combined, those records create detailed personal profiles.

Most people don’t even realize they are in these systems. You may never have signed up with NPD, but your details could still end up there. That makes this breach alarming, since it affected people who never gave direct consent in the first place.

How the Breach Started

The story began with a hacker group posting stolen data online. From there, it escalated into lawsuits and public concern.

The Hacker Group

On April 8, 2024, a group calling itself USDoD claimed it had stolen almost three billion records from NPD. They put the database up for sale on a hacking forum for $3.5 million. Once uncompressed, the files totaled more than 277 GB of information.

Security researchers at VX-Underground, a cybersecurity education group, reviewed a sample of the data and confirmed it was real. They also noticed something important. People who had opted out of data broker lists were not part of the leak. For everyone else living in the United States, their details could be found immediately.

The Lawsuit

Soon after, the first lawsuit was filed. Christopher Hofmann discovered that his identity theft monitoring service flagged his details on the dark web. He never gave permission for NPD to hold his information, but it was still included.

The lawsuit points to two main failures:

1. Unauthorized data scraping. NPD allegedly collected personal records from non-public sources.
2. Failure to safeguard data. NPD did not have enough protection in place to stop hackers from accessing its database.

It also notes that NPD has not sent any official notification to people whose details were exposed.

What Data Was Exposed

The stolen information goes far beyond email addresses or login details. Reports say the leaked dataset contains:

• Full legal names
• Current and past addresses, in some cases going back more than 30 years
• Social Security Numbers (SSNs)
• Family connections, including parents, siblings, spouses, and deceased relatives
• Other personal details included in background checks

This kind of data is especially dangerous because it is permanent. You cannot change your SSN or erase your family history. That means victims could be vulnerable for many years.

How This Breach Affects You

The impact may not be immediate, but over time the risks grow. Here are the most likely threats:

Identity Theft

Your SSN combined with your name and address is enough for criminals to open accounts, apply for loans, or create fake IDs. Victims often don’t notice until debt collectors reach out.

Loan and Credit Fraud

Fraudsters can apply for credit cards or loans using stolen details. Victims usually find out when they receive bills or collection notices for accounts they never opened.

Tax Refund Theft

The IRS warns about scammers who file fake tax returns using stolen SSNs. If this happens, your real return will be rejected, and it can take months to fix.

Targeted Scams

Knowing old addresses or relatives’ names makes phishing messages more convincing. An email that mentions your hometown or sibling’s name is harder to ignore than a generic scam message.

What You Should Do Right Now

If you think your information could be part of this breach, here are the steps to take.

1. Check If Your Data Was Included

• Use sites like Have I Been Pwned to see if your email address is linked to leaks.
• For SSNs, there is no public lookup. If you live in the U.S., assume exposure is possible. Though there is a tool called Reverse SSN Lookup to see if there are other names associated with your SSN, only verified business can perform this search.

2. Freeze Your Credit

A credit freeze is one of the strongest defenses. It prevents new accounts from being opened under your name until you remove it.

How to Freeze Your Credit

• Contact each of the three credit bureaus: Equifax, Experian, TransUnion.
• Provide your name, SSN, address, and date of birth.
• Each bureau will give you a PIN or password. Keep this safe.

Freezing credit is free and does not hurt your credit score.

3. Place a Fraud Alert

If you don’t want to freeze your credit, set up a fraud alert. This tells lenders to take extra steps before approving credit in your name.

How to Place a Fraud Alert

• Contact one bureau (Equifax, Experian, or TransUnion). That bureau must notify the other two.
• Provide proof of identity.
• Fraud alerts last one year and can be renewed.

4. Monitor Your Credit

Even with a freeze, it’s smart to check your credit reports. You can request one free report each year from each bureau through AnnualCreditReport.com.

What to Look For

• Accounts you didn’t open
• Credit inquiries you don’t recognize
• Addresses that don’t match yours
• Collection notices for debts you don’t owe

5. Watch for Scams

Be cautious with calls, emails, or texts that mention personal details like old addresses or relatives. Scammers use this information to make their message seem more trustworthy.

How to Protect Yourself

• Don’t click links in unexpected emails or texts.
• Always verify requests through official websites or numbers.
• Remember that government agencies will never call or text asking for SSNs or banking details.

6. Strengthen Account Security

While this breach wasn’t about stolen passwords, it’s a good reminder to improve your login security.

What to Do

• Use a unique password for each account.
• Turn on two-factor authentication whenever possible.
• Avoid reusing old passwords.

What to Expect Going Forward

The stolen database is already on the dark web, which means your details could circulate for years. Fraud may not happen right away. It could show up months or even decades later.

On the legal side, the lawsuit against NPD could grow into a class action as more people realize their details were included. If that happens, NPD may be forced to compensate victims or at least notify them.

Government regulators may also take action. The Federal Trade Commission (FTC) has investigated data brokers in the past, and this breach could increase pressure for stricter rules. Lawmakers at both state and federal levels have already started pushing for stronger privacy protections.

For now, consumers must take their own precautions. Unless required under specific state laws, companies like NPD are not always obligated to notify every individual affected by a breach of this size. That leaves the responsibility on you to stay alert.

Conclusion

The National Public Data breach is one of the largest on record, with nearly three billion records stolen. The exposed details include names, addresses, Social Security Numbers, and family information that you cannot simply change.

Even if the reported number is inflated, the danger is real for millions of people. Since NPD hasn’t contacted anyone directly, the safest choice is to act now. Freeze your credit, check your reports, update your account security, and be cautious with messages that use personal details to trick you.

You don’t need to panic, but you do need to stay alert. A few simple steps today can save you from financial and emotional problems in the future.