ROCHESTER, N.Y. — Millions of Americans may be vulnerable to cybercriminals following a massive data breach in April that exposed 2.9 billion records, including Social Security numbers and other sensitive information.

The hacking group USDoD claimed responsibility for stealing the personal records from National Public Data, a Florida-based company that offers background checks. NPD has since confirmed the breach and that sensitive information like Social Security numbers were part of it.


What You Need To Know

  • A massive data breach exposed 2.9 billion records, putting millions of Americans at risk

  • The hacking group USDOD claimed responsibility for stealing unencrypted data from National Public Data (NPD)

  • Affected individuals should freeze credit reports, monitor financial accounts, and beware of phishing attempts

The USDoD breach is an example of a social engineering cyber-attack, where hackers manipulate people or situations to access sensitive information. Allegedly, the hacker group used this method to steal 277.1 gigabytes of unencrypted data from NPD. According to a class-action lawsuit filed in Fort Lauderdale, Florida, the stolen data spans over 30 years.

Jonathan S. Weissman, a principal lecturer at the Rochester Institute of Technology, explained the scope of the breach.

"Our information is out there," he said. "Companies like NPD scrape databases, including public databases, court records, state databases, national databases and even some nonpublic ones."

To find out if you were affected by the breach, you can visit npd.pentester.com and enter your information. If the results come back as "No Match," then your information was not compromised in this breach. If the results come back as "NPD Breach Check," you will see a list of your exposed information.

If you discover your information was compromised, here are the recommended steps to protect yourself:

  • Freeze your credit reports with Experian, TransUnion and Equifax
  • Monitor your financial accounts closely for any unusual activity
  • Beware of phishing attempts, as cybercriminals may try to exploit the exposed data to trick you into providing more personal information