On August 16, 2024, National Public Data — a major data broker that performs background checks — suffered a massive data breach that led to the exposure of some 2.9 billion personal records from over a million individuals spanning the U.S., U.K. and Canada. The stolen records included full names, current and past addresses, dates of birth, phone numbers, and even social security numbers.
Even in isolation, these types of information are highly sensitive and can be leveraged for various types of fraud. However, when taken together, these details amount to what is effectively a ready-made recipe for identity theft.
Given the volume, completeness, and nature of the data, the hacking group behind the attack is alleged to have offered it up on a dark web market for the eye-watering sum of $3.5 million. Unsurprisingly, the breach led to a flurry of class-action lawsuits, with over 14 complaints filed in federal court to date.
Scale Alone Sets It Apart
Unfortunately, the only thing truly surprising about this high-profile breach is the sheer scale of the information leaked, and the number of individuals affected. That said, this attack is far from anomalous in the world of enterprise cybersecurity.
The breach is part of a much broader and concerning trend that’s been growing for some time. According to Splunk’s 2024 State of Security report, data breaches have become the most common type of cyber attack experienced by businesses in the past two years. What’s more, their scale appears to be increasing.
Just last month, we witnessed the RockYou2024 data dump, in which nearly 10 billion stolen passwords were posted to a popular hacking forum — making it the largest collection of stolen credentials ever to be leaked online. While many of the credentials are outdated or inaccurate, the sheer enormity of the leak more than makes up for any quality issues in the data set. Attackers regularly use this kind of data in credential-stuffing attacks and this dump will undoubtedly yield a range of successful secondary outcomes for countless bad actors around the world.
What’s at Stake
Given the sheer scope, scale, and sensitivity of the data leaked in the National Public Data Breach, individuals and manufacturing organizations should operate under the assumption that their data has been swept up and compromised. Thankfully, there are clear steps that organizations can take to, at the very least, mitigate the fallout.
Whether you’re running an organization or an individual, the first course of action should be a comprehensive credential update. At a minimum, this includes changing one’s passwords. However, new login IDs and usernames are also advisable in the wake of hyper-scale data breach attacks. The more your current credentials differ from those obtained by the threat actors in the breach, the better positioned you are to avoid further compromise.
Manufacturing organizations should also be extra vigilant with email communications after such attacks. It is all but inevitable that threat actors source leaked information to execute sophisticated phishing and spear-phishing campaigns that are more targeted, tailored, and sophisticated.
Imagine an email from your head of HR requesting that you share your banking details to navigate a payroll problem; only the email is, in fact, coming from an imposter — in some cases even using the trusted source’s actual email address — in a strategy known as account takeover or VIP impersonation.
It’s important to remember that, given the recent rise of generative AI, this kind of “deep fake” email technique can be produced at scale with considerable accuracy, with each tailored to mimic a specific individual’s writing style, subject matter, and voice. Moreover, they can do so in virtually any language with just a few clicks.
What You Can Do
There is no silver bullet for defending against data breaches such as the National Public Data incident. Nor are there fool-proof ways of identifying and redirecting the types of secondary attacks that leverage leaked information to target manufacturers.
However, there are many things manufacturing organizations can do to mitigate the likelihood and impact of secondary attacks. At the top of the list of such strategies is to build a multi-layered defense that leverages tools, technologies, and processes.
For those organizations that lack the resources and personnel to effectively manage their security in-house, it would be wise to consider investing in Managed Detection and Response (MDR) services. For manufacturers, third-party MDR services can be invaluable, as they grant access to world-class cybersecurity and monitoring tools run by professionals already well-versed in their capabilities. This option gives you the value of a dedicated cybersecurity team on an as-needed basis, but for much less than in-house talent.
It's also crucial for every organization to thoroughly evaluate its current security setup. This means ensuring all the essential bases are covered, and your organization is aligned with industry standards. With 64 percent of breaches still linked to human error, a key part of those standards is ensuring regular security awareness training and phishing simulation testing for everyone on your team.
Yes, being told to "follow best practices" may sound as repetitive as your dentist reminding you to floss, but there’s a reason they exist.
The best-prepared manufacturing organizations are inevitably those who prescribe to the belief that it isn’t a matter of if, but when they will fall victim to a cyberattack. Rather than being preoccupied with the idea of averting every single attempted attack, organizations should invest the bulk of their time, energy, and resources into limiting the frequency, severity, and fallout of such attacks.
By being proactive and preparing for the worst, businesses can effectively position themselves to avoid the kinds of disastrous, litigation-plagued security incidents currently affecting National Public Data. By following the best practices outlined above, your organization will be in a much better position to weather the inevitable storm of secondary attacks that come in the wake of these increasingly common (and catastrophic) data breaches.
