NPD Breach Underscores The Need For Stronger Digital Identities

COMMENTARY: Nearly 3 million Americans could soon find themselves victims of identity theft after their records were allegedly stolen in a major data breach.  

Back in April, a group of hackers infiltrated National Public Data, an organization that offers background check services and stores data on virtually everything needed to impersonate someone online: full name, address, date of birth, Social Security number, phone number, nicknames and birth dates. That information is now reportedly for sale for upwards of $3.5 million. 

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

While it’s alarming to learn of a potential data breach of this scale, it’s not a new problem. Data breaches like this one have been on the rise for years. In 2024, bad actors have stolen more than 1 billion records and consumers have submitted nearly 5.7 million reports of fraud and identity theft to the Federal Trade Commission. 

Identity fraud has emerged as a serious and growing issue. We can and must do better. 

Our nation now faces a significant two-fold identity challenge: stopping identity fraud and identifying traditionally hard-to-identify people, including historically marginalized communities. 

For far too long, we’ve relied on legacy approaches that rely solely on credit header data to verify someone’s identity. Credit header data alone offers an incomplete picture a person’s identity, opening the door to fraud and leaving behind people who don’t have access to credit. This challenge gets compounded by the fact that fraudsters, nation-states, and criminal organizations are using AI tools to commit identity fraud at scale for low cost. 

We need an innovative approach to digital identity verification that can root out fraud, while ensuring a secure and equitable experience for people trying to access government benefits or engage in the digital economy. 

Here are five steps that businesses, policymakers and government leaders can take:

  • Prioritize transparency and consistent metrics: Government should require that digital identity verification solutions get tested and their results made public to demonstrate their effectiveness at combating fraud. Government and commercial organizations alike should also have the ability to make decisions based on consistent metrics that measure accuracy. We regularly publish our performance metrics. Others in the industry should do the same.
  • Adopt advanced technologies to fight AI-driven fraud: Only by implementing AI can we meet the challenge of determining who’s who amid a sea of stolen personal identifiable information (PII) data, AI-fueled fraud, and deep fakes. The Treasury Department does this well – using AI, the Bureau of Fiscal Service’s Office of Payment Integrity has recovered more than $375 million.
  • Treat digital identities as critical infrastructure: The Biden administration did well to highlight the importance of modernizing digital identity in the National Cybersecurity Strategy, but we’ve seen little urgency to meet the moment we are in. Moving forward, government needs to focus on preventing new waves of identity fraud. By treating digital identity as critical infrastructure now, we can prepare better for the future.
  • Advance government-issued digital credentials to fight fraud: We must think holistically about what it means to establish trust. Government-issued digital credentials – like mobile drivers’ licenses – represent the next progression to better verifying people. However, they alone are not a panacea. As the Biden administration drafts an executive order that would encourage state adoption of mobile drivers licenses, we need to do more than digitize an existing process. We must evaluate how we are better utilizing enhanced fraud risk signals to confirm that devices storing digital IDs are not subject to compromise and potentially open up a pandora’s box of fraud. 
  • Create a strong fraud prevention network: We know that nation-states and criminal organizations are constantly looking to undermine our nation’s economic and national security through sophisticated fraud techniques. Government, financial institutions, businesses, and law enforcement must come together and create a fraud prevention network to identify fraud trends, share best practices, and develop standardized identity verification protocols.  

While data breaches are nothing new, the National Public Data incident has caught the public’s attention. This event must serve as a wake-up call to businesspeople, policymakers, and government leaders on the need to address our nation’s larger identity challenge before the next attack happens.

Jordan Burris, vice president and general manager, Public Sector Solutions, Socure

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

READ MORE HERE