Another Data Breach May Put Enterprise and Individual Data at Risk
An entity called National Public Data was recently victimized by what may be the second-largest data breach in history, impacting both individuals and enterprises. As data breaches seem only to increase in frequency, enterprise customers can’t rely on service providers alone to keep their data safe—they must be proactive about security, which includes negotiating appropriately protective contract terms, limiting unnecessary data exchange, and enforcing internal security practices.
In this 7-minute podcast, Deb Boehling joins Sara Crifasi to discuss how enterprises can negotiate appropriate terms in their IT and telecom agreements for necessary protections related to data breaches.
Follow us on LinkedIn: LB3 & TC2
Another Data Breach May Put Enterprise and Individual Data at Risk
On August 16, 2024, National Public Data (NPD), announced what could be the second-largest data breach of all time.
A hacker, known as “USDoD,” offered to sell 2.9 billion rows of data from NPD for $3.5 million in early April 2024. This data allegedly included information on the entire population of the US, UK, and Canada. Despite the breach occurring in April, NPD only made a public announcement in August due to the lack of a national law requiring immediate disclosure of security incidents.
NPD’s announcement was high-level, stating that data from April 2024 through the summer had been stolen. This data included millions of names, SSNs, email addresses, phone numbers, and mailing addresses. NPD provided information on how to implement credit freezes and watch for fraudulent financial activity.
Troy Hunt, a well-respected security researcher, reviewed the data released on the dark web and found that 134 million email addresses had been stolen. However, the data often had incorrect associations, such as SSNs with the wrong names or addresses.
NPD is a data aggregator used by human resources departments for background checks. Enterprises should perform due diligence on background check providers and include strong information security and confidentiality requirements in contracts.