‘Old news’ data breaches can still cost you

Just the other morning, while catching the news over coffee, one of our team members almost changed the channel when a story came on about the National Public Data breach of 2024. After all, that breach happened months ago — old news, right?

It wasn’t.

The report revealed that this major data breach exposed the personally identifiable information (PII) of nearly 170 million people — about half of the U.S. population. That information, once stolen, didn’t just vanish. It continues to circulate on the dark web and, more worryingly, has surfaced on public sites accessible through a simple Google search.

The exposed data included:

• Full names
• Dates of birth
• Addresses (current and historic)
• Social Security numbers
• Phone numbers
• Names of relatives
• Email addresses

That realization led to a sobering thought: what could someone do with that much personal information? A little research made it clear. PII from breaches like this is often used for:

• Identity theft and new-account fraud – opening credit cards, loans, or bank accounts in someone else’s name.
• Phishing and smishing – using detailed personal data to make fake messages more convincing.
• Authentication bypass and account takeover – leveraging addresses or family names that people often use for passwords or security-question answers.

Curious — and concerned — our staffer searched their own name online and discovered their personal data posted on several sites. The assumption had always been that if a company was breached, affected individuals would be notified. But as this case shows, that’s not always true.

So, what can individuals do to protect themselves? Here are the steps JSL recommends:

• Search your name to see what’s publicly available.
• Request removal from Google search results. Click the three vertical dots next to a result, choose Remove result,and follow Google’s instructions.
• Contact websites directly to request deletion of your data. Each site’s process differs — search for “how to remove my information from [site name].”
• Run a privacy scan, such as the Experian Personal Privacy Scan.
• Place a fraud alert with major credit bureaus if your data was exposed:
  • TransUnion fraud alerts
  • Equifax fraud alerts
  • Experian fraud alerts

Removing personal data can take time, but the effort is worthwhile. Consumer privacy-removal services can also assist if manual steps feel overwhelming.

What seemed like “old news” turned out to be a wake-up call. The National Public Data breach of 2024 isn’t just a headline from the past — it’s a continuing risk affecting millions of Americans today.

The reality is that personal information is more vulnerable than ever, and the responsibility for protecting it increasingly falls on individuals. Reclaiming privacy takes patience, but it’s one of the most important steps in safeguarding identity. Data breaches may never truly become “old news,” but awareness and proactive action can greatly reduce the damage they cause.