In a significant data breach last August, a South Florida data broker, National Public Data (NPD), was hit by cyberattackers who compromised highly sensitive personal information of millions. This includes full names, phone numbers, email addresses, address histories, and Social Security numbers. Initially, reports estimated that 2.9 billion people were affected globally; however, security experts later confirmed the breach impacted a considerable number across the US, UK, and Canada.
The breach ranks as the 12th-largest in history. The identity of the hacker responsible for the breach, a 33-year-old Brazilian, was soon unveiled. The hacker first attempted to sell the stolen data on the dark web for $3.5 million and later shared it on underground forums for free.
Following his identification, he publicly announced his retreat from such activities, acknowledging the damage caused. Cybersecurity experts, including James Lee, COO of the nonprofit Identity Theft Resource Center (ITRC), state that it is nearly impossible for most adults in the United States to keep their personal data private. “Social Security numbers have been widely available for years, so there’s really no additional risk that comes from your Social Security number being involved in a data breach if it happens today,” Lee explained.
NPD, the data broker in question, released a statement advising victims to monitor their financial accounts for unauthorized activity, review their credit reports, and place fraud alerts on their credit files. This preventive action helps mitigate potential misuse of personal information.
south florida data breach impact
Rep. Ritchie Torres (D-NY), whose information was also exposed, carried out an investigation into NPD. His findings labeled NPD’s handling of the breach as “corporate malfeasance,” particularly criticizing their delayed admission of multiple cyberattacks that spanned from December 2023 to August 2024.
Over the past decade, the nature of data misuse by hackers has significantly evolved. Unlike past occurrences dominated by credit card fraud, modern identity thieves employ automation and more sophisticated techniques. These include applying for unemployment benefits, tax refunds, or taking out loans using stolen identities.
Fraudsters are also known to create synthetic identities by combining information from various individuals. This allows them to perpetrate extensive scams without targeting specific high-profile individuals or their resources directly. Today’s technology and off-the-shelf tools have made identity crimes easier and more scalable.
Fraudsters can purchase software that facilitates their illicit activities for mere dollars. As Lee noted, the required data, methods to obtain it, and strategies for its use are now well-known and widely accessible within cybercriminal communities.
