The National Public Data breach serves as a reminder to all of us that proactive measures are necessary to safeguard our personal information.
The National Public Data breach exposed over 2.7 billion records and is a reminder to be proactive when safeguarding your data.
The sensitive nature of the information they collect means it's vital for banks and credit unions to have cybersecurity measures in place to protect their assets and reputations.
Taking responsibility for the security of your own data includes report monitoring, exercising caution with links, and using strong passwords.
Sensitive information
In early 2024, National Public Data, an online service specializing in background checks and fraud prevention, suffered a major data breach that exposed over 2.7 billion records containing highly sensitive personal information. Nearly 170 million individuals were impacted, and compromised data included Social Security numbers, names, email addresses, phone numbers, and mailing addresses. This incident serves as a crucial reminder to take proactive measures to safeguard personal information.
Here are some key strategies that individuals and organizations can implement to enhance data security and protect personal information.
For financial institutions
The financial services industry is one of the most critical sectors in terms of cybersecurity. Banks and credit unions handle sensitive financial data and transactions that affect millions of customers and businesses. They also face constant cyber attacks from hackers who seek to disrupt services or steal money or data.
According to a report by IBM Security, the average cost of a data breach in the financial sector was $5.85 million in 2020, the highest among all industries. The report also found that it took an average of 233 days for financial organizations to identify and contain a breach.
These statistics show how important it is for banks and credit unions to have robust cybersecurity measures in place to protect their assets and reputations.
Implement strong access controls. Limit access to sensitive information to only those employees who need it to perform their job duties. Use role-based access controls and regularly review permissions. Multifactor authentication (MFA) or two-factor authentication (2FA) should be required for employee access to critical systems or systems storing sensitive information.
Training and awareness. Educate staff about the importance of data security and their role in protecting it. Regular training on recognizing phishing attempts and following security protocols is essential. Security awareness training should be required upon onboarding and annually. Organizations should also perform quarterly phishing exercises to ensure employees appropriately respond to suspicious emails.
Encrypt sensitive data. Ensure sensitive data is encrypted both in transit and at rest. This makes it significantly harder for hackers to access and use the data even if they breach the system. Most cloud storage platforms enforce encryption at rest and in transit by default, so organizations that leverage reputable software-as-a-service (SaaS) platforms often find this requirement easily obtainable. Organizations should also consider tokenization when storing specific types of sensitive information, such as payment card numbers or Social Security numbers. The token is a randomly generated string that serves as a reference to the original data without exposing it. The original sensitive data is securely stored in a separate, highly protected location (often called a token vault), and the token itself has no exploitable value if intercepted
Perform security audits and penetration testing. Conduct regular security audits and penetration tests to identify and remediate vulnerabilities in your systems. This proactive approach can help prevent breaches before they occur. Both internal and external network penetration testing should be performed annually, and information security audits should be done at a frequency commensurate with the system’s risk.
Incident response plan. Develop and maintain a comprehensive incident response plan. This plan should outline the steps to take in the event of a data breach and whom within the organization should do so. It should also define how to contain the breach, notify affected individuals, and comply with legal requirements.
For individuals
Monitor your credit reports. Check your credit reports from the three major credit bureaus (Equifax, Experian, and TransUnion) at least once a year. Look for any unauthorized accounts or activities. Be aware that some “credit report monitoring” websites are often scams, so individuals should use official websites to view their credit reports from all three bureaus each year, such as annualcreditreport.com
Freeze your credit. With so many Social Security numbers included in the NPD breach, it’s more important than ever to place a credit freeze on your reports. A credit freeze can prevent new accounts from being opened in your name without your consent. This is a crucial step if your Social Security number has been compromised and requires you to “unfreeze” your credit reports temporarily each time you apply for a loan or line of credit.
A credit freeze must be done at each of the three credit bureaus, preferably using their official websites:
equifax.com/freeze
experian.com/freeze
transunion.com/freeze
Use strong, unique passwords. Avoid using the same password across multiple sites. Use a combination of letters, numbers, and special characters, and consider using a password manager to keep track of them. Modern mobile and desktop operating systems often include strong password suggestions that automatically store the passwords, which are then synced across all your devices.
Enable Two-Factor Authentication (2FA). Whenever possible, enable 2FA on your accounts. This adds an extra layer of security by requiring a second form of verification in addition to your password. 2FA requires the use of an authenticator app, text message, or email verification for unrecognized login attempts rather than relying on a password alone.
Be wary of phishing scams. Be cautious of unsolicited emails, messages, or phone calls asking for personal information. Verify the source before clicking on links or providing any details. If an email or text message asks that you take action using a hyperlink, consider if there’s an alternate way to take action, such as logging in to the platform rather than clicking the link. For example, log in from usps.com to verify an incoming parcel rather than clicking a link from a text message.
The NPD breach serves as a stark reminder of the vulnerabilities in our digital world. By taking proactive steps at the individual and organizational levels, we can significantly reduce the risk of identity theft and protect our personal information from hackers.
Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.
Make Big Things Happen.
