Whilst there definitely weren't 2.x billion people in the National Public Data breach, it is bad. It really is fascinating how much data can be collected and monetised in this fashion and as we've seen many times before, data breaches do often follow. The NPD incident has received a huge amount of exposure this week and as is often the case, there are some interesting turns; partial data sets, an actor turned data broker, a disclosure notice (almost) nobody can load and bad actors peddling partial sets of data. See what you make of this one, I'm sure there'll be insights come to light on this yet.
References
- Sponsored by: SentinelOne: Our agentless Offensive Security Engine automates red-teaming, without the false positives. This blog shows how.
- The National Public Data (NPD) breach is bad, but it's also not 2.x billion people bad (it'd be great if journos could get to grips with the US population count before making headlines like that)
- Brian Krebs has dug into the background of who is behind NPD ("an actor and retired sheriff’s deputy from Florida")
- But hey, at least NPD has now actually disclosed their breach (shame just about nobody can even load it!)
- FlightAware sent out a heap of breach notifications (but not to me, and was there actually a data breach?)