The data broker at the center of what may become one of the more significant breaches of the year is telling officials that just 1.3 million people were affected.
Florida-based National Public Data confirmed the number of affected individuals on Friday via a filing with Maine’s attorney general.
It’s not uncommon for organizations disclosing data breaches with US state officials to update those filings down the line as investigations into potentially compromised data continue.
“There appears to have been a data security incident that may have involved some of your personal information,” letters from NPD to affected individuals read. “The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024. We conducted an investigation and subsequent information has come to light.”
The page didn’t state the number of affected individuals like the filing with Maine’s AG. In addition to the 134 million unique email addresses, Hunt also discovered that criminal record data appeared to be included.
Atlas Data Privacy, a business that offers clients a service that removes their data from data brokerages like NPD, also found 272 million unique social security numbers littered among the vast trove of data.