Once discovered, the data was reportedly scraped and posted to the dark web by a threat actor known as "USDoD." The hacker initially attempted to sell the database for , claiming it contained 2.9 billion records , including: Full names Social Security numbers (SSNs) Mailing addresses Phone numbers The Impact
: Direct access to the company's proprietary software. index_breached.vc.zip
The breach wasn't necessarily a complex hack but a critical oversight. A security researcher discovered that NPD had left a zip file—often identified as index_breached.vc.zip or similar variants—publicly accessible on their website. This file contained: Once discovered, the data was reportedly scraped and
: Details on how their databases were structured and accessed. The Dark Web Leak claiming it contained 2.9 billion records