back to article National Public Data tells officials 'only' 1.3M people affected by intrusion

The data broker at the center of what may become one of the more significant breaches of the year is telling officials that just 1.3 million people were affected. In any normal scenario, the news of a leak affecting 1.3 million people would be staggering, but this one is an oddity since many investigators previously put the …

  1. Anonymous Coward
    Anonymous Coward

    Well, they would say that, wouldn't they.

  2. Anonymous Coward
    Anonymous Coward

    Call it Disaster Mitigation

    My number has come up... 10 entries for 4 addresses from the early 1990s up until the year I moved to away from the US, none of them fully correct either. https://npd.pentester.com

    I call it BSS. Bull Shit Strategy.

  3. WUStLBear82
    Unhappy

    Number probably closer to unique Social Security numbers, minus dead people

    I haven't received an official letter, but two of my credit cards that offer free monitoring notified me. Six records with my SS number. Three different variations on my name; full, no middle initial, just first and middle initial. Three with my current address, and three with my address from 1990-2004. All have my current cell phone number, which I didn't even have until after 2004, so it's the wrong area code for the old address. Three other phone numbers, none ever mine, with the correct area code for the old address but wrong for the current one. Three email addresses, none ever belonging to me, two using my last name with a different first name or initial and one some else's name, one Gmail, one Yahoo!, and oddly one at a major chemical corporation where I've never worked.

    1. Michael Wojcik Silver badge

      Re: Number probably closer to unique Social Security numbers, minus dead people

      oddly one at a major chemical corporation where I've never worked

      Troy Hunt's analysis shows the NPD data is quite dirty. Still potentially dangerous, of course, just because where it's correct it lowers the work factor for attackers; but as a breach, this one is notable for quantity (and the extremely poor security of NPD / Jericho Pictures / affiliates) rather than quality.

    2. trindflo Silver badge

      Re: Number probably closer to unique Social Security numbers, minus dead people

      Funny, most everyone I know has found a hit on the list. Given I don't know anyone in Maine, what are the odds? There is a lot of wrong information as well, and that is of little comfort.

      On a related note, tried to contact Equifax to freeze that account, and they seem quite insistent on getting a voice print. That doesn't sound like a great idea to me. Can anyone recommend voice modifying software for the PC so I can thwart Equifax from voice-printing me?

  4. scobb
    Holmes

    The billions may be lines in a spreadsheet

    Clearly, the total number of people affected is far lower than the "billions of records" claimed by the leaker. For example, there are than 20 entries for me, across four states. I'm guessing the number of rows in a spreadsheet of the leaked data are what the leaker cited as the number of records, not discrete individuals.

    FYI, I am a dual UK/US citizen who has lived in the UK for the last five years. Almost every place I lived in the US during the 35 years prior to 2019 is in the NPD leak, and all my old US phone numbers. I have not yet found out what UK info NPD holds or if mine was leaked. I also lived in the other country involved, Canada, but that was closer to 50 years ago.

    I suspect that GDPR is making UK researchers reluctant to create a website where we Brits can check if we’ve been leaked. But please let me know if such a site comes up.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like