Earlier today, we shared an update on Defender definitions regarding Windows installation images. While doing that, Neowin also noticed that Microsoft had posted a link to a new support page it put up about the National Public Data (NPD) breach that came to light recently.
It was a large-scale breach as a result of a cyber-attack by USDoD, a cybercriminal group, and affects well over 150 million people and close to 3 million records of personal sensitive data like social security numbers (SSNs), house addresses, names, and more have leaked.
The U.S. Committee on Oversight and Accountability confirmed it is investigating the matter to better understand how and why it happened.
For those not familiar with it, NPD gathers information from public records, national and state databases, and court documents, including some nonpublic sources. This private data is then sold to various organizations, such as background check websites, investigators, app developers, and data resellers.
In its support document, Microsoft explains what happened:
In early 2024, National Public Data, an online background check and fraud prevention service, experienced a significant data breach. Over 2.7 billion records with highly sensitive personal data of nearly 170 million people were exposed.
According to National Public Data, a malicious actor gained access to their systems in December 2023 and leaked sensitive data onto the dark web from April 2024 to the summer of 2024. This data contained the following details:
- Full names
- Social Security Numbers
- Mailing addresses
- Email addresses
- Phone numbers
As such, the Redmond giant has put up a list of recommended actions that users can undertake to reduce risk exposure:
Based on the type of information exposed, consumers should consider the following steps to reduce risks. Unless you know exactly what was exposed, you should assume all of the personal data types listed were exposed. As such, we recommend taking the following actions:
Social Security Numbers:
Consider placing a credit freeze with the major credit bureaus. For more details about credit freezes, see: How You Can Help Us Protect Your Social Security Number and Keep Your Information Safe? (ssa.gov)?
Regularly review your credit report (annual credit report) and sign up for free weekly credit reports(annual credit report).
Place a fraud alert with the major credit bureaus
If you know that your social security number was compromised, contact the Social Security Administration (https://www.ssa.gov/agency/contact/).
Monitor your financial accounts (banks, credit cards, line of credit, etc) for suspicious activity.
Phone Numbers:
Stay alert for phishing attempts via texts and calls. Never share personal details with unknown contacts.
Disregard messages from untrusted sources.
Avoid clicking on links in unexpected text messages, regardless of the sender.
Emails:
Change your email password and enable two-factor authentication
Update security questions and passwords for other accounts using this email address.
Don"t open any unsolicited messages or click links in messages from suspicious senders.
You may find more details in the support article here on Microsoft"s official website.