Coral Springs-based National Public Data background check company issued a statement last week confirming it was hacked by cybercriminals, and hundreds of millions of individuals’ Social Security numbers and other personal information could be compromised. 

“The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024,” the online NPD statement said. “The information that was suspected of being breached contained name, email address, phone number, Social Security number and mailing addresses.” 

NPD said it was cooperating with law enforcement and governmental investigators and had “implemented additional security measures in efforts to prevent the reoccurrence of such a breach” and protect its systems. 

Experts offer advice on protecting identity and finances 

In the wake of such a significant breach, Southwest Florida banking and cybersecurity experts say there are steps consumers should take to protect their identity and financial information if their information has been compromised.  

Chengyi Qu

Chengyi Qu, assistant professor in computer and software engineering at Florida Gulf Coast University, said it is important to “freeze” credit and place fraud alerts with credit bureaus when a breach such as this occurs and one suspects their information is at risk. 

“If you believe your information has been stolen, the first thing to do is to freeze your credit and to frequently check your credit histories to see if there is any fraudulent activity,” Qu said. 

If new accounts are opened that you did not authorize, Qu said, it is also important to reach out to your bank right away and work with them to investigate. 

Andrea Quinn, associate vice president and cybersecurity administrator at FineMark National Bank & Trust in Naples, agreed that a temporary credit freeze is an important first step. 

“The very first thing I would recommend if you were affected by this breach is to freeze your credit with all three transaction bureaus [Equifax, Experian and TransUnion] and set up a credit monitoring work tool,” Quinn said. “Monitoring your credit for any activity that goes with your Social Security number should greatly increase the chance that you pick up on any malicious activities.” 

If your information has been compromised, Quinn recommends freezing and monitoring credit for one year and unfreezing it with the credit bureaus if you need to apply for a loan or open a new account. 

Use strong passwords—and set social media accounts to private 

Asked about protecting current accounts, Quinn recommends what she calls an “online hygiene check” to make sure birthdays, Social Security numbers and other unique information is not included in any social media platforms. 

Quinn said there are aspects of social media that can make people particularly vulnerable to identity theft. 

Andrea Quinn

“The reality is that after years of posting maybe your kids’ ages on birthdays, your birthday, where you travel, your anniversary date, all that information starts to accumulate,” she said. “And if you’re not keeping your profile private or locked down to friends, that’s fair game to anyone who stumbles onto that profile. And that’s why I urge people to do ‘hygiene checks’ with your social media, because those are open sources that are free to access. And don’t play those ’20 Questions’ quizzes asking where you were born and where you grew up. Don’t give someone those answers.” 

Quinn and Qu also agree that strong passwords are key to protecting existing accounts and other information. 

“Having a very strong password when you set up an account is essential,” Qu said. “A strong password means not only a combination of characters, numbers and letters but also long. Also think about changing any password every six months, and do not use only one password across all your accounts.” 

Qu also recommends using two-factor authentication on accounts when possible. 

As for passwords, Quinn suggests using a website, haveibeenpwned.com, to explore whether your current passwords have been exposed in previous breaches. She said it is still too early to determine password exposure from the NPD breach as information is still coming in. 

And if passwords have been breached—or if one would just feel safer starting with new ones—Quinn recommends making them 12 to 16 characters with a combination of upper and lowercase letters, numbers and special characters. 

“Stay away from public information like your daughter’s name and birthday with an exclamation point,” she said. “Switch out letters and numbers—like making an S a 5 and capitalize every third letter. Make it a little bit more complex: Take a standard catch phrase and just try to jazz it up as much as possible into something you can still remember, but not something that could be equally compromised by a machine or person.” 

Quinn said it is important to take steps now because it is only a matter of time until the next breach happens. 

“Unfortunately, it’s not if, but when,” she said. 

Resources

Equifax 

equifax.com 

800-685-1111 

Experian 

experian.com 

888-397-3742 

TransUnion 

transunion.com 

888-9098872 

If you see signs of identity theft on your credit report, report it immediately via the Federal Trade Commission site IdentityTheft.gov and follow the suggested recovery steps.