In early 2024, background checking service National Public Data was hit by a massive cyberattack that potentially compromised the sensitive, personal information of millions, or possibly even billions, of people around the world, including U.S. residents.
A year later, new security threats have gained traction. While artificial intelligence has transformed the ability to prevent, detect, and rapidly respond to cyberattacks, the malicious use of AI has also exploited new vulnerabilities. As AI systems evolve, so does the sophistication and scope of cyberattacks. In the hands of bad actors, AI capabilities have increased the scale and efficiency of attacks, including identity theft, fraud, and data privacy violations, according to a 2025 World Economic Forum report on AI and cybersecurity.
In the financial sector, for instance, deploying a form of algorithmic manipulation known as data poisoning to increasingly sophisticated machine learning models could significantly impact AI. That, in turn, can lead to biased or harmful results, undermining fraud detection or credit scoring models.
Heimdal analyzed resources from the Federal Trade Commission and the three credit bureaus to compile tips on how to secure your identity in the aftermath of last year's unprecedented data breach and prepare for potential threats in the future.
The group taking credit for the breach targeting NPD calls itself USDoD, a moniker that mirrors the name of the federal government agency responsible for the country's security. The group reportedly sold the vast trove of user data on the dark web for $3.5 million.
In a letter to the owner of Jerico Pictures Inc., which does business as National Public Data, the House Committee on Oversight and Accountability said the attack "likely represents one of the largest cyberattacks ever in terms of impacted individuals." The letter was sent to request a hearing and alert the owner to the committee's investigation of the security event, alleging that the company failed to notify consumers of the breach in a timely and detailed manner.
The breach is concerning not only because of its possible scope but also because of the information compromised, which includes Social Security numbers.
A Social Security number can be used to steal someone else's identity. This allows criminals to fraudulently open new lines of credit, apply for loans, and even receive government benefits, which happened during the COVID-19 pandemic when states were providing additional unemployment pay.
If you don't already pay for an identity theft monitoring service, you can still take advantage of free tools offered by the main credit bureaus to prevent criminals from defrauding you.
The process is called freezing your credit. While it is the most secure option to prevent fraud, industry surveys estimate that only a small percentage of Americans use the service. Depending on the scope and circumstances, consumers could benefit from freezing their credit after a major data breach. Read on to learn more about how to protect your information and set up a credit freeze.
Krakenimages.com // Shutterstock
Have I been impacted by the NPD data breach or any others?
The simple fact that a person hasn't experienced the repercussions of identity theft, like credit card fraud, isn't always a sign that their personal data wasn't compromised. Personal info can sit in public spaces for some time before it's purchased or found and used by someone with criminal intent.
Every U.S. state and multiple territories have laws that require that businesses notify stakeholders when their data has been accessed by an unauthorized actor. However, not every company is forthright about breaches. NPD is now facing a class action lawsuit in which at least one victim claims they didn't know about the breach until their own identity theft service notified them.
Many identity theft services will notify you when your personal info is found in public or on marketplaces used by criminals. For the NPD breach, specifically, cybersecurity firm Pentester has released a free web tool that allows you to search the breached records by only providing your name, state, and birth year.
After you've confirmed any exposure, a credit freeze can help protect you from future fraud attempts.
PeopleImages.com - Yuri A // Shutterstock
What is a credit freeze?
A credit freeze is a free service that restricts access to your credit report through the major credit bureaus. You can temporarily pause the freeze when needed, such as when applying for a loan or credit card. A credit lock can similarly block access to your credit information, but it usually comes with a monthly fee and offers additional features, such as immediate deactivation and reactivation of the lock.
When you turn on a credit freeze, all credit report requests will be denied, even if it's a legitimate lender processing your application for a loan or credit card. This simultaneously secures your information but also adds an extra step for you to remember when applying for new credit. (More on that later.)
The three credit bureaus—Experian, Equifax, and TransUnion—all provide the service for free. Create an account on each bureau's website and turn on fraud alerts. Be wary of offers for paid tiers of services from each of these companies—you may want to purchase their additional services or a credit lock, but you should not need to pay to freeze a credit file.
Comb through accounts tied to your personal information within each bureau's credit report, and be on the lookout for credit cards and other items you didn't personally apply for. The presence of an unrecognizable account could be evidence of identity theft.
Then, request that each bureau place a freeze on the credit file. This can also be done by phone at:
- Experian: 1-888-397-3742
- TransUnion: 1-888-909-8872
- Equifax: 1-800-685-1111
NPD and the FTC also encourage consumers to report identity theft when they're alerted to it at IdentityTheft.gov or call 1-877-438-4338.
Fabio Principe // Shutterstock
What if I want to access my credit?
The freeze stays in place until the owner of the credit file requests to lift it temporarily or permanently.
A freeze might be lifted for a few days if the person anticipates applying for a mortgage or credit card within a specific set time. The process provides peace of mind that the window for fraud is limited should they forget to request a freeze again.
Though freezing your credit is an easy and effective step to prevent fraud, it only protects against the creation of new, fraudulent accounts. Any existing credit account can still be compromised, so keep an eye out for your monthly statements and any suspicious charges.
Experts also recommend securing all other types of online accounts in today's age of near-constant cyber threats. Aside from bank accounts, platforms like social media and even streaming service accounts can provide criminals with access to your credit card information and ways to impersonate you. Most websites offer a security service called multifactor authentication that works similarly to a credit freeze, pinging the user via a secure channel like a personal phone number to confirm the login activity is coming from them and not an impersonator.
Story editing by Carren Jao. Additional editing by Kelly Glass. Copy editing by Tim Bruns. Photo selection by Ania Antecka.
This story originally appeared on Heimdal® and was produced and distributed in partnership with Stacker Studio.
