If a company, organization or database holds an abundance of personal data, you can be sure that somewhere out there is a hacker (or hackers) looking to access that information. Unfortunately, we live in a moment where big data breaches seem to be getting more and more widespread. Earlier this year brought news of a Ticketmaster hack, which affected 500 million people.

The latest development in the world of hacks centers around National Public Data, a company that collects personal data for use in things like background checks. Earlier this month, Lawrence Abrams at the informational security website Bleeping Computer reported that hackers had posted 2.7 billion personal records stolen from National Public Data on a forum.

The scope of the hack is unsettling enough, but as WIRED's Lily Hay Newman observed in a new article, that's only part of the problem. The other issue is that it's taken several months for the full scope of the hack to be revealed. As NPD itself wrote in a message to people potentially affected by the hack, "We conducted an investigation and subsequent information has come to light."

That's pretty bad. What's worse is not the size of the hack but the information stolen. Here's NPD again: "The information that was suspected of being breached contained name, email address, phone number, social security number, and mailing address(es)." As Jon Healey at the Los Angeles Times pointed out, the fact that email addresses were involved raise the stakes considerably, as far as what identity thieves could do with this information.

If you're curious to see if your data was affected in the breach, the online security company Pentester does have an online tool that you can use. Given the vast scope of this hack and the information hackers obtained, this is definitely something to be concerned about -- and if you start seeing odd activity online, reaching out to credit bureaus like EquiFax, Experian and TransUnion might be necessary. And it also begs the question: how do companies beef up their security so we aren't all perpetually wondering if our information is being sold to malicious entities?