As individuals will each have multiple records associated with them, one for each of their previous home addresses, the breach does not expose information about 2.7 billion different people. Furthermore, according to BleepingComputer, some impacted individuals have confirmed that the SSN associated with their info in the data dump is not correct.

National Public Data scrapes the personally identifying information of billions of individuals from non-public sources

Honest question: If these sources are non-public, how did National Public Data get access?

Facetious questions: If they are using private or restricted sources of data accumulation on an international scale, should they be calling themselves National Public Data? Seems like Global Private Data would be more fitting.

Think of it like this

• HTTPS hides what you are saying.
• VPN hides who you are saying it to.