What to Do After the National Public Data Breach

In 2024, National Public Data -- a background check and data brokerage company -- suffered one of the largest data breaches in history. Approximately 2.9 billion records were exposed, including Social Security numbers, full names, current and past addresses, dates of birth, and phone numbers. The company subsequently filed for bankruptcy in December 2024, leaving affected individuals to fend for themselves. Here is exactly what you need to do to protect yourself.

What Happened

National Public Data (also known as Jerico Pictures Inc.) collected personal information from public record sources to sell background check services to employers, landlords, and investigators. In early 2024, a hacking group called USDoD obtained and began selling a massive database containing records on billions of individuals. By August 2024, the full dataset was leaked on hacking forums for free.

The exposed data included:

• Social Security numbers: Full 9-digit SSNs for most records
• Full legal names: Including aliases and maiden names
• Home addresses: Current and historical addresses spanning decades
• Dates of birth: Complete birthdates
• Phone numbers: Both current and historical numbers
• Relatives' information: Names and contact details of family members

In December 2024, National Public Data filed for Chapter 11 bankruptcy, effectively dissolving the company and eliminating any possibility of corporate accountability or remediation services for affected individuals.

How to Check If You Are Affected

Visit haveibeenpwned.com and enter your email address to check whether your information appeared in this or other known data breaches. The site is operated by security researcher Troy Hunt and is widely trusted by the cybersecurity community. You can also search for your name and state at npd.pentester.com, a free lookup tool created specifically for this breach.

Immediate Steps to Take

1. Freeze Your Credit at All Three Bureaus

A credit freeze prevents anyone from opening new accounts in your name. It is free and does not affect your credit score. You must freeze at each bureau separately:

• Equifax: equifax.com/personal/credit-report-services/credit-freeze/
• Experian: experian.com/freeze/center.html
• TransUnion: transunion.com/credit-freeze

You can temporarily lift the freeze when you need to apply for credit, then refreeze afterward. This is the single most effective step you can take to prevent identity theft.

2. Get an IRS Identity Protection PIN

An IP PIN is a six-digit number that prevents someone from filing a fraudulent tax return using your Social Security number. Apply at irs.gov/ippin. Once enrolled, you will receive a new PIN each year that must be included on your tax return for it to be accepted. This blocks criminals from filing in your name to steal your refund.

3. Monitor Your Financial Accounts

Review your bank statements, credit card statements, and any investment accounts for unauthorized transactions. Set up transaction alerts through your bank's app so you receive immediate notifications for any activity. Pay attention to small transactions -- thieves often test stolen information with small charges before making larger ones.

4. Check Your Credit Reports

You are entitled to free weekly credit reports from all three bureaus at AnnualCreditReport.com. Review each report for accounts you do not recognize, addresses you have never lived at, or inquiries you did not initiate. Dispute any inaccuracies immediately through the reporting bureau.

5. Consider Identity Theft Protection

Identity theft monitoring services can alert you to suspicious activity across your accounts, the dark web, and public records. Look for services that offer real-time alerts, not just monthly summaries, so you can respond quickly to threats.

Long-Term Protection Steps

Remove Your Data from Broker Sites

National Public Data was just one of hundreds of data brokers that hold your personal information. As long as your data remains available on other broker sites, you remain vulnerable to future breaches and misuse. Removing your information from these sources reduces the amount of personal data available to attackers.

Enable Two-Factor Authentication Everywhere

With your personal details exposed, password-based security alone is insufficient. Enable two-factor authentication on every account that supports it, prioritizing financial accounts, email, and any account that stores payment information. Use an authenticator app rather than SMS when possible, since phone numbers were also exposed in this breach.

Update Passwords for Critical Accounts

Change passwords for your most sensitive accounts -- banking, email, tax preparation software, health insurance portals, and government benefit accounts. Use unique, strong passwords for each account and store them in a reputable password manager.

File an IRS Form 14039 if Needed

If you discover that someone has already filed a tax return using your information, submit IRS Form 14039 (Identity Theft Affidavit) immediately. This alerts the IRS to investigate the fraudulent filing and protect your tax account going forward.

How PrivacyOn Helps After This Breach

PrivacyOn provides ongoing protection by removing your personal information from over 100 data broker and people search sites -- the same types of companies as National Public Data. Since you cannot undo the breach itself, the next best step is to reduce how much of your personal information remains available on other platforms that could be breached next.

PrivacyOn also provides continuous monitoring that alerts you when your information reappears on broker sites, ensuring that your data stays removed over time. In the wake of a breach this large, proactive data removal is one of the most effective long-term steps you can take to limit your ongoing exposure.