Massive data breach exposes billions of social security numbers
In a massive data breach disclosed in 2025, billions of personal records, including Social Security numbers, have been exposed, marking one of the largest cybersecurity incidents on record. The breach centers around National Public Data (NPD), a prominent public records data provider that collects and aggregates information from various public records, court records, and state and national databases. The breach, which reportedly occurred around April 2024 but was revealed to the public in 2025, compromised sensitive information such as full names, addresses spanning decades, Social Security numbers (SSNs), family member details—including deceased relatives—and other private data for potentially billions of individuals.
This compromised data creates comprehensive profiles that significantly heighten risks of identity theft, fraud, and financial crimes. Attackers with access to such detailed personal information could open lines of credit, file fraudulent tax returns, and access sensitive accounts under victims’ names. The breach also revealed that NPD collected some of this information without individuals’ consent, raising legal and ethical concerns and leading to a class-action lawsuit filed in Florida against the company for failing to protect this data adequately.
Other high-profile 2025 cyber incidents include breaches affecting over 62 million students and nearly 10 million teachers via PowerSchool’s systems, exposing school records, including Social Security numbers; and a breach at LexisNexis Risk Solutions compromising personal details of over 364,000 individuals. These incidents underscore ongoing vulnerabilities in data security among major providers holding sensitive personal information.
The scale of these combined breaches highlights significant systemic challenges in cybersecurity practices, third-party vendor risks, and the growing need for stringent data protection and regulatory enforcement. Experts recommend that individuals affected regularly monitor credit reports, enable identity theft protection services, and exercise caution with personal data sharing.
