NordLayer’s Post

The recent breach at National Public Data (NPD) has exposed a staggering 3 billion personal records, highlighting severe flaws in data security and privacy practices. This incident serves as a wake-up call for both individuals and organizations to reassess how personal information is managed and protected. Cybercriminals now have access to sensitive details such as names, mailing addresses, email addresses, social security numbers, and financial information, posing significant risks of identity theft and financial fraud. As a community, we must take immediate action to enhance our data security measures and ensure robust protections are in place. Let's use this pivotal moment to advocate for stronger data security standards and improved transparency in how our personal information is collected and used. It's time for policymakers and industry leaders to step up and implement regulations that safeguard consumer data Stay vigilant and proactive in protecting your personal information. Together, we can create a safer digital environment for everyone. #DataSecurity #CyberSecurity #PrivacyProtection #NPD #DataBreach #SecurityAwareness #DigitalSafety Feel free to share your thoughts and experiences on this topic! https://lnkd.in/dprB5rEW

Massive Data Breach Exposes Personal Information of Billions A data breach at National Public Data, a relatively obscure but widely connected company, has exposed 272 million Social Security numbers. This breach, reminiscent of the 2017 Equifax breach but on an even larger scale, has sent shockwaves through the #cybersecurity and #compliance sectors. Hackers infiltrated National Public Data’s systems, gaining access to a vast database containing highly sensitive information. This includes names, addresses, phone numbers, and, most alarmingly, Social Security numbers—data that’s now circulating on forums frequented by cybercriminals. A sister company, RecordsCheck, inadvertently published usernames and passwords to its back-end database on a publicly accessible webpage. This breach not only compromised sensitive consumer data but also exposed the lax security practices across related entities within the NPD network. The exposed archive, discovered by KrebsonSecurity, included source code and plain text passwords for various components of the RecordsCheck website, some of which were identical to those used by NPD. For those involved in sensitive government roles or with security clearances, this breach feels deeply personal. The exposure of such detailed personal data underscores a critical failure in protecting sensitive information. National Public Data has announced several remedial actions, including offering credit monitoring services to those affected. While credit monitoring can help individuals detect and respond to identity theft, in the context of a breach of this magnitude, it feels like a band-aid on a gaping wound. 🩹 There’s growing sentiment that organizations responsible for these breaches should face substantial consequences—not just offer temporary fixes. 🔒 How can we ensure that such sensitive data is better protected in the future? ⚖️ What can be done to enforce stricter #DataProtection standards and hold organizations accountable? #InfoSec #PrivacyMatters #IdentityTheft https://hubs.li/Q02M9wJw0

🚨 **Major Data Leak Alert** 🚨 A recent data breach involving background check company US-MC2 has exposed sensitive personal information of millions of Americans. The leaked data includes full names, Social Security numbers, dates of birth, and much more, putting those affected at serious risk of identity theft. **Pro Tip:** If you haven’t already, **freeze your credit immediately**. This is one of the most effective ways to protect yourself from potential identity theft in the wake of data breaches like this one. Stay vigilant and secure your information! 🔒 #cybersecurity #databreach #identitytheft #protectyourself #creditfreeze #security

Massive Data Breach Exposes Personal Information of Billions A data breach at National Public Data, a relatively obscure but widely connected company, has exposed 272 million Social Security numbers. This breach, reminiscent of the 2017 Equifax breach but on an even larger scale, has sent shockwaves through the #cybersecurity and #compliance sectors. Hackers infiltrated National Public Data’s systems, gaining access to a vast database containing highly sensitive information. This includes names, addresses, phone numbers, and, most alarmingly, Social Security numbers—data that’s now circulating on forums frequented by cybercriminals. A sister company, RecordsCheck, inadvertently published usernames and passwords to its back-end database on a publicly accessible webpage. This breach not only compromised sensitive consumer data but also exposed the lax security practices across related entities within the NPD network. The exposed archive, discovered by KrebsonSecurity, included source code and plain text passwords for various components of the RecordsCheck website, some of which were identical to those used by NPD. For those involved in sensitive government roles or with security clearances, this breach feels deeply personal. The exposure of such detailed personal data underscores a critical failure in protecting sensitive information. National Public Data has announced several remedial actions, including offering credit monitoring services to those affected. While credit monitoring can help individuals detect and respond to identity theft, in the context of a breach of this magnitude, it feels like a band-aid on a gaping wound. 🩹 There’s growing sentiment that organizations responsible for these breaches should face substantial consequences—not just offer temporary fixes. 🔒 How can we ensure that such sensitive data is better protected in the future? ⚖️ What can be done to enforce stricter #DataProtection standards and hold organizations accountable? #InfoSec #PrivacyMatters #IdentityTheft https://hubs.li/Q02M9x-Y0

AT&T confirms legitimacy of leak involving information of 73 million people. Why it matters: 1. This data leak presents a significant risk for identity theft and other fraudulent activities, impacting 7.6 million current and 65.4 million former AT&T customers, underscoring the scale and importance of cybersecurity measures in the telecom sector. 2. The lack of clarity regarding the source of the data, whether it's from AT&T systems or a vendor, raises indices of uncertainty and potentially weak third-party security compliances, urging corporations to reassess vendor security protocols. 3. As AT&T remains a major target, with recurrent breaches in recent years, the growing risks suggest companies must evolve strategies and employ better defense mechanisms to protect customer data, highlighting the recurring challenges and vulnerabilities in safeguarding user information on a large scale. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/e8RUf3a4

https://lnkd.in/ekspC7S7 Data breaches are never a great thing. There are millions of dollars that companies can be fined for allowing such incidents to happen. According to the article, AT&T sent out “…separate notice that the data set seems to be from 2019 or earlier and, while the type of information compromised varies by customer and account, it may include passcodes, full name and email address, home address, phone number, date of birth, and Social Security numbers.” Even though the company will be reaching out to current and past customers - the reactive action may come too late in the hour to protect millions of customers’ data that has been compromised. When it comes to data breaches, there could be several vulnerabilities that exhibit themselves. As a PCI DSS consultant, I understand the importance of being as proactive as possible. However, these types of incidents will happen and no place is 100% safe. Companies must follow the mandated rules of the PCI DSS framework, along with staying on top of patches that need to be applied to their networks as well as keeping all sensitive data secure. I wonder how this will turn out. Stay tuned… #vulnerabilitymanagement #ATT #PCIDSS #PCIcompliance #darkweb #data

IT’S A BIG ONE!!! A stark reminder of the critical importance of data security in today’s digital world. The catalyst for organisations to take proactive steps to protect personal data & implement more stringent data security mechanisms. #regularsecurityaudits #incidentresponseplanning  #implementcontinuousmonitoring https://lnkd.in/evN8XynM

According to a lawsuit filed last Thursday and reported by Bloomberg, the personal Data of 2.9 billion people, including their social security numbers was stolen in April from "National Public Data" by a Hacker Group known as USDoD. The stolen Database was put up for sale on the Dark Web for USD 3,5 million. For many people affected, the lawsuit was the first they heard about the Data Breach and, National Public Data being a Data scraper, most people had not given consent to their data being collected including from non-public sources. It is still not known when the breach occurred as National Public Data has not informed anyone. According to the lawsuit, the information exposed contained amongst others, Social Security numbers, current and past addresses, full names, information about relatives and more. Some of the information goes back over 30 years. Concerning is that National Public Data scraped personally identifiable information (PII) of billions of people from non-public sources, resulting in many people who are now affected in the class action lawsuit, not having provided their data to the company willingly. The Californian plaintiff first found out about the breach because he was using an identity theft protection service which notified him that his data was exposed and leaked on the dark web. https://lnkd.in/eFiD2ijx #Cybersecurity #DataBreach #NationalPublicData #DataScraping #IdentityTheftService #Lawsuit #USDoD 

PRO TIP - Please consider one of these identity protection applications Aura, and Identity Guard, each offers comprehensive features to safeguard personal and financial information. Aura: Aura stands out for its wide coverage, including home and auto title monitoring, three-bureau credit monitoring, and additional cybersecurity tools like antivirus software and a VPN. It provides fast alerts for high-risk transactions and even has a unique Privacy Assistant to help remove your information from data broker sites. Aura’s plans are flexible, covering individuals, couples, and families. Visit Aura to learn more. Identity Guard: Identity Guard uses artificial intelligence to monitor personal data and alert users of potential risks quickly. It offers strong family protection options and dark web monitoring, making it a great choice for comprehensive identity and credit protection. Visit Identity Guard to explore their plans. These services have been rated highly for their ability to detect and prevent identity theft, and each has unique features tailored for different types of users and needs. #CyberSecurity, #FinanceLeadership, #DataPrivacy, #Compliance, and #RiskManagement, #ExecutiveLeadership, #FinanceLeadership, #FinancialServices, #RiskManagement, #CyberRisk, #DataSecurity, #Compliance, #BoardLeadership, #FinancialSecurity, #CyberStrategy, #RegulatoryCompliance

Another day, another data leak from a data broker. MC2 Data, going by PrivateRecords.Net among other secondary website domains, failed to adequately protect the data they stored and sold. According to Cybernews, a third of the US population was exposed in this data leak. MC 2 Data "left a database with 2.2TB of people's data passwordless and easily accessible to anyone on the internet." This is the second leak in the past month that exposed countless data entries containing highly sensitive information on unsuspecting Americans. We need to hold data brokers accountable for their lax security protocols on highly sensitive information. You can read the full article here: https://lnkd.in/ey22zDei #cybersecurity #datasecurity #privacy #data #datamanagement