Protect What Matters
Secure endpoints, email, and employees with the power of our 24/7 SOC. Try Huntress for free and deploy in minutes to start fighting threats.
National Public Data Breach
The 2024 National Public Data Breach was one of the largest and most devastating cyber incidents in recent history. Targeting critical government infrastructure and private sector partners, this breach exposed sensitive information belonging to millions of individuals. Its impact rippled through various industries, raising alarm across cybersecurity communities due to its unprecedented scale.
National Public Data Breach explained: what happened?
National Public Data (NPD)—operated by a company called Jerico Pictures, Inc.—is a private data broker that aggregates and sells access to personal records. It's not a government agency or government infrastructure. It's a commercial background check and data brokerage service, and it was sitting on an enormous database of personal information compiled from various public and private sources.
In 2024, that database was accessed without authorization and put up for sale. The breach exposed personally identifiable information (PII) including names, Social Security numbers, addresses, and phone numbers—much of it with no encryption protecting it at rest.
When did the National Public Data Breach happen?
The timeline on this one matters, and it's more drawn out than most reporting suggested at the time.
Evidence indicates the data was obtained from NPD's systems potentially as early as late 2023. The breach became publicly visible in April 2024, when a threat actor going by the name USDoD listed the stolen data for sale on BreachForums, advertising roughly 2.9 billion records. A broader leak followed in August 2024, when a different actor made a significant portion of the data freely available—which is when it received widespread media coverage and prompted NPD's public disclosure.
The internal contradiction you'll see in some reporting—where "first discovered in August 2024" gets mixed with "initial signs detected in late June 2024"—doesn't hold up against the public record. The data was being offered for sale months before either of those dates.
Who hacked National Public?
The threat actor USDoD claimed responsibility for obtaining and listing the data on BreachForums in April 2024. Beyond that, the full picture of how access was obtained and whether other parties were involved remains unclear from public reporting. No confirmed attribution to an advanced persistent threat(APT) group has been established.
How did the National Public Breach happen?
Based on publicly available information, the breach appears to have involved unauthorized access to NPD's database—not a multi-stage intrusion involving phishing, custom malware, and lateral movement across enterprise networks. The specific technical method of initial access hasn't been publicly confirmed in detail by NPD or investigators.
What is clear is that the company was holding an extraordinarily large volume of sensitive personal data with insufficient protections around it. A database containing records on hundreds of millions of people is a high-value target, and the controls in place weren't adequate to protect it.
National Public Data breach timeline
- Late 2023 (estimated) – Data believed to have been obtained from NPD's systems.
- April 2024 – Threat actor USDoD lists approximately 2.9 billion records for sale on BreachForums.
- August 2024 – A large portion of the data is published freely online; widespread media coverage follows.
- August 2024 – NPD publicly acknowledges the breach and begins notifying affected individuals.
- Late 2024 – Jerico Pictures, Inc. files for bankruptcy; NPD operations cease.
Technical details
The breach involved unauthorized access to NPD's database and exfiltration of records at massive scale. No credible public reporting has confirmed the use of phishing, sophisticated malware for persistence, or lateral movement via stolen admin credentials as the attack methodology. The data appears to have been obtained through direct database access, though the exact technical vector hasn't been publicly confirmed.
Forensic and incident investigation
Third-party investigators were engaged following public disclosure. Findings pointed to significant gaps in how the data was stored and secured—particularly the lack of encryption on sensitive fields and inadequate access controls around the database.
Data Breach Guide
Our data breach guide breaks down how breaches happen, what they really cost, and, most importantly, how you can stop them from gutting your business.
What data was compromised in the National Public Breach?
The stolen data included names, Social Security numbers, addresses, and phone numbers. Much of this information was unencrypted. The records appear to have been aggregated from public sources and data broker feeds, meaning the data traced back to people across the US even if they'd never directly interacted with National Public Data.
How many people were affected by the National Public Data Breach?
While the exact number remains uncertain, it’s estimated that over a billion individuals were directly or indirectly impacted by the breach.
Was my data exposed in the National Public Breach?
Affected individuals were notified by impacted institutions, and resources such as data breach lookup tools were made available. If unsure, it’s wise to check with your service provider or government agency for further guidance. Worried your email address might have been caught up in a breach? You’re not alone. A great free resource to check is Have I Been Pwned. By entering your email address, you can quickly find out if your information has been exposed in any known breaches and take action to secure your accounts.
Key impacts of the National Public Breach
The breach caused significant business downtime, financial losses, and reputational fallout for affected organizations. Government agencies faced public criticism, and trust in data security practices declined.
Response to the National Public Data Breach
Upon discovery, organizations coordinated with authorities like the FBI and CISA to contain the attack. Public advisories and incident response plans were rolled out to mitigate further risks.
Lessons from the National Public Data Breach
This breach highlights the importance of patch management, robust phishing defenses, and regular system audits. Organizations must prioritize cybersecurity awareness and invest in real-time threat detection.
Is National Public safe after the Breach?
Post-incident, affected systems underwent significant upgrades, including enhanced monitoring and vulnerability assessments. Experts believe mitigations have reduced immediate risks, though ongoing vigilance is essential.
Mitigation & prevention strategies
Implement Multi-Factor Authentication (MFA): Strengthen account access by requiring multiple verification steps to prevent unauthorized entry.
Regular Software Updates and Patching: Keep systems and applications up-to-date to eliminate vulnerabilities exploited by attackers.
Conduct Regular Security Training: Educate employees on recognizing phishing attempts, handling sensitive data, and following cybersecurity best practices.
Enable Advanced Threat Detection Systems: Deploy cutting-edge tools to monitor and identify suspicious activity in real-time across networks.
Data Encryption: Protect sensitive information by ensuring all data, at rest and in transit, is encrypted effectively.
Routine Risk Assessments: Frequently evaluate systems to identify weaknesses and address them proactively.
Network Segmentation: Limit the spread of potential breaches by isolating critical systems from non-critical ones.
Backup Critical Data: Create regular, secured backups to ensure data recovery in the event of a cyberattack.
Restrict Access Privileges: Adopt the principle of least privilege to limit user access to only what's necessary for their role.
Establish an Incident Response Plan: Develop a clear, actionable plan to contain and recover from security breaches swiftly.
Related data breach incidents
Related educational articles & videos
National Public Data Breach FAQs
The breach occurred due to phishing attacks and the exploitation of unpatched vulnerabilities, which allowed attackers to gain access and exfiltrate sensitive data.
Exposed data included PII such as names, Social Security numbers, and addresses, as well as financial and governmental records.
The threat actors remain unidentified, although evidence points to an APT group using advanced techniques.
Businesses should prioritize patch management, use MFA, educate employees on phishing, and deploy tools for threat monitoring and detection
