You’ve probably seen the headline about 2.9 billion people’s info being stolen. Isn’t that a rather alarming number?

But one privacy expert opted to unleash his inner Shakespeare and say that the headline got it all wrong: “A breach by any other name would not be this stinky.”

“Juliet argued that it didn’t matter if her love interest, Romeo, came from a competing family. In today’s cybersecurity terminology, it doesn’t always matter how many people were affected by a data breach or what data was compromised,” stated Interstate Technology and Regulatory Council (ITRC) Chief Operating Officer James E. Lee on the organization’s most recent Weekly Breach Breakdown podcast.

READ MORE: A Total Of 60 UK Music Festivals Have Been Cancelled In 2024 Alone, According To The Latest Data

“What matters is that there was a data breach, how it happened, and if victims were alerted. Often lost in translation is the distinction between how many records have been revealed and how many victims have been affected.”

Lee claims that the media misrepresented the fact that there were not 2.9 billion users, but rather that the perpetrators stole 2.9 billion records over 30 years. He claims that several records about the same people were created over a 30-year period, implying that fewer people were affected than the “billions” indicated in news reports.

Consider this: just because you have 2.9 billion apples does not mean you also have 2.9 billion apple trees. You might have just bought those apples from the grocery store.

It’s also likely that some of those records are duplicates or simply unimportant. Additionally, not all data are created equal. Hackers value certain types of data more than others, such as your preferred color.

Julio Casal, chief intelligence officer at Constella, a supplier of AI-powered identity risk intelligence services, corroborated this. “The data comes from a poor collection operation from a mix of sources and includes many errors,” according to him.

It’s the who behind this, instead.
The hackers took some data from a data broker called National Public Data. They scrape information from websites and sell it to private investigators, background check websites, data resellers, mobile apps, and other businesses.

The problem is that National Public Data hasn’t informed anyone about the attack. There is no government agency, and therefore no victims. We only know about it because someone discovered their information for sale online and tracked it down to National Public Data.

READ MORE: Car Manufacturers Are Still Selling Driver Data. Officials In The United States Have Demanded That The FTC Investigate

So, why is there no National Public Data Breach notification to victims? That seems strange, doesn’t it? Why wouldn’t they tell others?

Lee cites numerous causes. “The corporation may not have contacted officials or individuals, despite the fact that organizations that experience a data breach are also permitted by state law to decide if the exposure of information poses a risk to a person. If the ruling is that there is no risk, there is usually no need to alert anyone, including victims.”

The US Department of Justice, along with many US senators and at least two state attorneys general, are investigating the National Data cyberattack, so the truth should finally emerge.

The bottom line
While the National Public Data breach is clearly cause for alarm, it is critical to be aware and take precautions to protect your personal information. That could include changing your passwords, checking your accounts for unusual activity, and being cautious about what information you disclose online.

If you wish to learn how to secure your personal or company information, or if you believe you have already been a victim of an identity crime such as a data breach, Lee encourages you to contact an expert ITRC advisor via text or phone (888.400.5530), chat live on the web, or exchange emails. Just go to www.idtheftcenter.org to get started.

Source