National Public Data (NPD), a US-based company that handles background checks, has confirmed a significant data breach that may have exposed the personal information of millions of individuals. The breach, which occurred several months ago, reportedly includes names, Social Security numbers, and physical addresses.

The company, which resells collected personal data for background checks, disclosed that the breach involved unauthorised access by a third-party actor in December 2023, with potential data leaks identified in April 2024 and later months. Despite the breach being discussed on dark web forums for several months, NPD only recently acknowledged the incident and provided limited information on its scope.

The breach is said to involve approximately 2.9 billion rows of data, although the exact number of individuals affected remains unclear. Analysis of the data by cybersecurity experts, including Troy Hunt of Have I Been Pwned, has revealed inconsistencies in how the stolen information is linked to specific individuals, raising concerns about the potential misuse of the data.

NPD has stated that it is cooperating with law enforcement and government investigators but has not disclosed how many people are affected or offered specific support to those impacted. The company has advised individuals to monitor their credit reports for any signs of identity theft but has not provided direct channels for further information or assistance.