In December 2023, National Public Data (NPD) suffered one of the most significant data breaches in history, exposing 2.9 billion records containing highly sensitive personal information. The breach, which NPD did not confirm until August 2024, compromised full names, dates of birth, addresses, phone numbers, and Social Security numbers of individuals across the United States, United Kingdom, and Canada.
The root cause was a critical security failure rather than a sophisticated cyberattack. A publicly accessible file containing plain-text usernames and passwords—including administrator credentials—left the door wide open for threat actors. The stolen data was subsequently offered for sale on dark web forums, with claims that it included Social Security numbers for over 272 million people.
The consequences were severe and immediate. NPD faced numerous class-action lawsuits that proved insurmountable. The company and its parent organization were forced to cease operations entirely, demonstrating how a single security lapse can destroy an organization's credibility and viability in today's regulatory environment.
The National Public Data breach serves as a stark reminder: compliance failures have catastrophic consequences. For lenders managing sensitive credit data daily, this incident demonstrates why a robust compliance infrastructure is non-negotiable