House Oversight and Accountability Committee Chairman James Comer, R-Ky., and Subcommittee on Cybersecurity, Information Technology, and Government Innovation Chairwoman Nancy Mace, R-S.C., are looking for answers on Federal government and U.S. citizen exposure to a possible cyberattack against National Public Data.

In an Aug. 22 letter to National Public Data President Salvatore Verini, the lawmakers requested a briefing on the breach that potentially exposed millions of Americans’ personal information.

“The Committee on Oversight and Accountability is investigating recent news reports about a possible cyberattack executed against National Public Data by a cybercriminal group identified as USDoD,” the lawmakers wrote.

“It is reported that the personal information of nearly 3 billion people were compromised, with the stolen data including information such as Social Security numbers, phone numbers, email addresses, and mailing addresses,” they said. “If true, this data breach likely represents one of the largest cyberattacks ever in terms of impacted individuals.”

National Public Data, which collects information for background checks, confirmed on its website that there were “potential leaks of certain data in April 2024 and summer 2024.” According to reports, USDoD put the stolen data up for sale on the dark web for $3.5 million.

However, the lawmakers said that National Public Data “failed to inform victims about these potential data breaches in a timely manner.”

“National Public Data’s lack of transparency about the cyberattack is staggering in light of the alleged compromised information and potential harm to so many victims. It isn’t even clear whether the attack has impacted close to 3 billion records or individuals, as news reports have described it both ways,” the lawmakers wrote.

“The Committee is investigating this matter to better understand the details surrounding the security incident, and its impacts. To assist our investigation, we request an initial briefing as soon as possible, but no later than August 30, 2024,” they said.

Reps. Comer and Mace added that they expect the briefing to describe when the breach occurred, how it occurred, a description of the data exfiltrated, and what actions National Public Data is taking to respond to the breach.

Read More About
About
Grace Dille
Grace Dille
Grace Dille is MeriTalk's Assistant Managing Editor covering the intersection of government and technology.
Tags