National Public Data 2024 Data Breach

The National Public Data breach is one of the largest data breaches in history, exposing approximately 2.9 billion records containing sensitive personal information of individuals primarily in the United States, United Kingdom, and Canada. The breach was first reported in August 2024 and has affected a massive portion of the American population.

What Happened

National Public Data, a background check company that aggregates data from public sources, suffered a massive data breach that was first discovered when a hacker posted the stolen data for sale on dark web forums.

The breach is believed to have occurred in or around April 2024, but wasn't publicly disclosed until August 2024 when the data appeared online. A hacking group known as USDoD initially attempted to sell the database for $3.5 million before another actor leaked the data publicly.

The company apparently scraped personal data from non-public sources and stored it without adequate security measures. The exact method of the breach has not been fully disclosed, but the scale suggests a significant security failure.

What Data Was Exposed

Who Is Affected

This breach potentially affects:

- Most adults in the United States who have ever had a background check performed
- Individuals in the UK and Canada
- Anyone whose information appears in public records databases

The 2.9 billion records include duplicate entries (multiple records per person from different time periods), but experts estimate that hundreds of millions of unique individuals are affected. If you're an adult living in the US, you should assume your data was included.

How to Check If You Were Affected

Because of the scale of this breach, you should assume you were affected if you're a US adult. However, you can take these steps:

1. Check Have I Been Pwned. Visit haveibeenpwned.com and enter your email address to see if it appears in known breaches.
2. Search the leaked database. Some security researchers have created tools to check if your specific data was included. Be cautious and only use reputable sources.
3. Monitor for suspicious activity. The best indicator is unusual activity on your accounts or unfamiliar items on your credit report.

What You Should Do Now

1. Freeze your credit immediately. Contact all three credit bureaus (Equifax, Experian, TransUnion) and place a security freeze on your credit file. This is free and prevents new accounts from being opened in your name.
2. Set up fraud alerts. Place a fraud alert with at least one credit bureau. This requires creditors to verify your identity before opening new accounts.
3. Monitor your credit reports. You're entitled to free weekly credit reports at AnnualCreditReport.com. Review them for any accounts or inquiries you don't recognize.
4. File your taxes early. Tax-related identity theft is a major risk when SSNs are exposed. File as early as possible to prevent fraudsters from filing false returns in your name.
5. Consider an IRS Identity Protection PIN. Apply for an IP PIN at irs.gov to add an extra layer of protection against tax fraud.
6. Monitor your bank and financial accounts. Set up alerts for any transactions and review statements carefully.
7. Be vigilant for phishing attempts. Scammers may use your leaked information to craft convincing phishing emails and calls.
8. Consider identity theft protection. A monitoring service can alert you to suspicious activity across your accounts and the dark web.

Last updated: January 13, 2026