National Public Data (NPD), a company that provides background check services by selling personal data, has confirmed a significant data breach that exposed names, Social Security numbers, addresses, and other sensitive information. According to Bleeping Computer, hackers have been sharing and selling data stolen from NPD's systems on dark web forums for months, while the company remained silent until recently.

This week, NPD finally acknowledged the breach on its Security Incident page, though many details remain unclear. The breach is believed to have started in December 2023, with leaks continuing through April and the summer of 2024. The exposed data reportedly includes names, emails, phone numbers, Social Security numbers, and mailing addresses.

The leak is massive, potentially involving 2.9 billion rows of data. However, according to Troy Hunt, the founder of Have I Been Pwned, the data's accuracy and linkage to specific individuals appear inconsistent.

NPD stated that it has cooperated with law enforcement and continues to review the affected records. The company promises to update individuals if further developments arise, though it hasn’t disclosed how many people were impacted or provided compensation. The advice given to the public is to monitor their credit reports, but beyond that, NPD’s response has been limited.

This breach is a reminder of the ongoing risks tied to the mass collection and storage of personal data, especially when handled by companies in the business of reselling that information.