In early 2024, National Public Data, an online background check and fraud prevention service, experienced a significant data breach.  This breach allegedly exposed up to 2.9 billion records with highly sensitive personal data of up to 170M people in the US, UK, and Canada (Bloomberg Law).

This article provides detailed information about the breach, the data exposed, and recommended actions to help you stay safe.

Breach Details 

According to National Public Data, a malicious actor gained access to their systems in December 2023 and leaked sensitive data onto the dark web from April 2024 to the summer of 2024. This data contained the following details:

  • Full names

  • Social Security Numbers

  • Mailing addresses

  • Email addresses

  • Phone numbers​​​​​​​

Risks of the exposed data

The compromised data in this breach can be exploited for different cybercrimes and fraudulent actions. The following list shows possible risks associated with each category of exposed information:

  • Full Names: Misuse of your identity for fraudulent activities, such as opening new accounts or making unauthorized purchases.

  • Social Security Numbers: High risk of identity theft, which can lead to fraudulently opened credit accounts, loans, and other financial activities. It's important to monitor your credit reports. You might want to consider placing a fraud alert or credit freeze on your social security number.

  • Addresses: Access to your physical address increases the risk of identity theft and physical threats. These threats can include fraudulent change-of-address requests and potential home burglaries.

  • Phone Numbers: There is a high likelihood of increased phishing attacks through text messages and phone calls, potentially resulting in unauthorized access to personal and financial information.  This also increases the risk of unsolicited (spam) calls.

  • Email addresses: Increased risk of targeted phishing, account takeovers, unauthorized access, and a higher chance of spam emails.

​​​​​​​Recommended Actions

Based on the type of information exposed, consumers should consider the following steps to reduce risks. Unless you know exactly what was exposed, you should assume all of the personal data types listed were exposed. As such, we recommend taking the following actions:

Microsoft Defender for Individuals identity theft monitoring

Microsoft Defender is part of the Microsoft 365 personal or family subscriptions and includes identity theft monitoring.  If you’ve enabled identity theft monitoring, you’ll automatically receive an email or push notification if your data is found in the NPD breach or future breaches.

If you’ve enabled identity theft monitoring, you’ll also have access to the following features to help reduce the impact from this breach:

  • Credit monitoring: Microsoft Defender includes credit monitoring, which actively tracks your credit file for any new events (like new accounts, inquiries, or negative items) that may harm your credit and reputation. It helps safeguard your identity and finances by promptly notifying you of such occurrences, allowing you to take action right away to help prevent identity theft and fraud.

  • Expert recommendations: Microsoft Defender provides a list of recommended actions to take based on the data found in the breach. These actions help you protect yourself from malicious actors.

  • Restoration support: Microsoft Defender subscribers have access to a team of restoration experts who can help answer questions and provide guidance on how to protect your identity and help restore identity theft.

  • Insurance: Microsoft Defender subscribers are covered by identity theft insurance1 that covers both the costs associated with identity restoration (up to $1M USD), as well as financial damages incurred because of identity theft (up to $100k USD).

Not a Microsoft 365 subscriber?

Do you want to know if your personal data is compromised?  Microsoft offers a free identity scan using Microsoft Defender to find out if your personal data is exposed on the dark web.

Sign into Microsoft Defender with your Microsoft account to start the scan. It’s free and takes only a few minutes.

If you don’t have a Microsoft account, click here to learn how to create a new Microsoft account.

The Identity Theft Insurance is underwritten and administered by American Bankers Insurance Company of Florida, an Assurant company. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions. Review the Summary of Benefits.​​​​​​​

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.