National Public Data, which aggregates data to provide background checks, has confirmed it suffered a massive data breach involving Social Security numbers and other personal data on millions of Americans.

The Coral Springs, Florida company posted on its website a notice that "there appears to a have been a data security incident that may have involved some of your personal information. The incident is believed to have involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024."

News about the breach first came from a class action lawsuit filed in U.S. District Court in Fort Lauderdale, Florida, and first reported on by Bloomberg Law. Stolen from National Public Data (NPD) were 2.9 billion records including names, addresses, Social Security numbers and relatives dating back at least three decades, according to law firm Schubert, Jonckheer & Kolbe, which filed the suit.

NPD said the breached data included names, email addresses, phone numbers and mailing addresses, as well as Social Security numbers. The company said it is cooperating with investigators and has "implemented additional security measures in efforts to prevent the reoccurrence of such a breach and to protect our systems."

National Public Data breach: Why you should be worried about massive data breach and what to do.

Identity protection: How and why to freeze your credit

NPD also advised consumers to "closely monitor your financial accounts and if you see any unauthorized activity, you should promptly contact your financial institution." Consumers might want to get a credit report and get a fraud alert on their credit file, the company said.

Consumers should do more than that and freeze their credit report, Odysseas Papadimitriou, the CEO of personal finance site WalletHub, told USA TODAY. "Placing a fraud alert is not as effective as freezing your report," he said.

"A fraud alert is more of a heads up to lenders, which they can easily ignore. It doesn't do much in practice," Papadimitriou said. "A freeze, on the other hand, stops fraud in its tracks by preventing identity thieves from opening accounts in your name."

He and other security experts suggest consumers take that step because the personal data is likely in the hands of hackers.

The class action suit alleges it was cybercriminal group USDoD that accessed NPD's network and stole unencrypted personal information. Then, the group posted a database it said had information on 2.9 billion people on the dark web on about April 8, 2024 seeking to sell it for $3.5 million.

Follow Mike Snider on X and Threads: @mikesnider & mikegsnider.

What's everyone talking about? Sign up for our trending newsletter to get the latest news of the day

This article originally appeared on USA TODAY: Social security number hack: National Public Data confirms data breach