Security & Privacy

Massive data leak: 2.7 billion records of U.S., Canada, UK residents, including Social Security numbers

Posted on by

Last week, a threat actor publicly leaked a 277 GB data dump containing nearly 2.7 billion records. The leak includes the full names, dates of birth, and home addresses of United States, Canada, and United Kingdom residents. And one more thing: 272 million Social Security numbers (SSNs) of U.S. citizens.

The database includes far more records than the total residents of these three countries combined. This is, in part, because the database includes a separate entry for each known address where each individual has lived.

According to a firm that analyzed the data, the average age of individuals in the database was 70. This may be in part because the database contains records for many deceased persons; 2 million records pertain to people who would be over age 120 today. Nearly everyone in the database was born before 2002 (meaning they’re currently older than 21).

Notably, some of the addresses are relatively old, possibly indicating that the data may have been extracted from an old backup.

As for the original source of the data breach, the threat actor claimed that the data came from “NPD,” meaning National Public Data. NPD is a U.S.-based data broker company that performs background checks.

While there isn’t any way to remove your information from a data dump, there are some things you can do to stay protected, such as freezing your credit. Be sure to read our article featuring 9 easy steps to take after a data leak.

What to do after a data breach—and how to avoid getting hacked—in 9 easy steps

How can I learn more?

For more details about this data breach, see BleepingComputer’s report, and Brian Krebs’ follow-up report.

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, including security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

You can also subscribe to our e-mail newsletter and keep an eye here on The Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Follow Intego on X/Twitter Follow Intego on Facebook Follow Intego on YouTube Follow Intego on Pinterest Follow Intego on LinkedIn Follow Intego on Instagram Follow the Intego Mac Podcast on Apple Podcasts

Image credit: Data Security Breach by Blogtrepreneur (CC BY 2.0)

About Joshua Long

Joshua Long (@theJoshMeister), Intego's Chief Security Analyst, is a renowned security researcher and writer, and an award-winning public speaker. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh has conducted cybersecurity research for more than 25 years, which is often featured by major news outlets worldwide. Look for more of Josh's articles at security.thejoshmeister.com and follow him on X/Twitter, LinkedIn, and Mastodon. View all posts by Joshua Long →