Data Stolen on 1 in 3 People Around the World

There are around 8 billion people in the world, and a massive new data breach included about 3 billion compromised records, according to a new lawsuit. The class-action lawsuit was filed against National Public Data, which aggregates data for background searches. The lawsuit alleges the company did not properly protect the information, allowing it to be stolen and offered for sale on the dark web.

The “3 Billion” Breach: A Mandatory Training Pivot for Identity Protection

For security awareness professionals, we are used to large numbers, but the recent National Public Data (NPD) breach is a staggering outlier. With approximately 3 billion records compromised—including names, Social Security numbers, and physical addresses spanning three decades—this isn’t just a data leak; it is a foundational shift in the threat landscape.

Statistically, 1 in 3 people globally (and nearly every person in the U.S.) may now have their most sensitive details available on the dark web. This makes the “human firewall” more critical than ever, as attackers now have the exact “ammunition” needed for highly personalized social engineering.

Guidance to Encourage in Your Training and Awareness Programs

To protect your organization and your employees’ personal identities, your next awareness update should move beyond basic password tips and focus on these high-impact recovery and protection steps:

• The “Freeze by Default” Mandate: The single most effective defense against this breach is a Credit Freeze. Instruct employees that they must contact all three major bureaus—Equifax, Experian, and TransUnion—to lock their credit. Emphasize that it is free, does not impact credit scores, and is the only way to prevent unauthorized borrowing.

• Protect the Next Generation: A unique danger of the NPD breach is the exposure of children’s Social Security numbers. Advise parents to freeze their children’s credit as well. Scammers often use a child’s clean SSN to build a “synthetic identity” that can go undetected for years until the victim turns 18.

• Proactive Data Removal: Since this breach originated from a data aggregator, it’s a perfect time to discuss Data Broker Removal services. Encourage the use of tools like Incogni or PrivacyHawk to automate the removal of personal data from the “people search” sites that hackers use for reconnaissance.

• Anticipate the “Hyper-Personalized” Phish: With access to former addresses and relative names, scammers will craft incredibly convincing lures. Warn your team to be skeptical of any call, text, or email that uses “insider knowledge” about their history to create a sense of trust or urgency.

• Reinforce the Foundations: While identity theft is the headline, credential stuffing follows closely behind. Use this breach as a catalyst to audit MFA adoption and ensure employees are using unique, long passphrases for every account.

By addressing the scale of this breach directly, you help your workforce move from a state of “breach fatigue” into a state of active, informed defense.

Read the full breakdown on the National Public Data breach here: Data Stolen on 1 in 3 People Around the World