This from Wikipedia regarding the recent "security breach":

Jerico Pictures, Inc., doing business as National Public Data,[1][2] is a data broker company that performs employee background checks. Their primary service is collecting information from public data sources, including criminal records, addresses, and employment history, and offering that information for sale.[3]

2024 data breach
In August 2024, a class-action lawsuit was filed against National Public Data, claiming that the company permitted hackers to steal sensitive private information covering millions of individuals. The theft was alleged to have occurred in April 2024.[4][5]

The lawsuit claims that in April, a hacker group by the name of USDoD posted a notice on the dark web, offering the data for sale at the price of $US3.5 million.[6]

The information stolen is alleged to include 2.9 billion records containing full names, current and past addresses, Social Security numbers, dates of birth, and phone numbers.[7] The stolen data contains records for people in the US, UK, and Canada.[8][9] National Public Data confirmed on August 16, 2024, there was a breach originating from someone trying to breach their systems since December 2023, with the breach occurring from April 2024 and over the next few months. The company also confirmed that 2.9 billion records were obtained, though they were still working to determine how many people were affected by the breach, and were working with law enforcement to identify the hacker.[10]
So---I ask---how in the hell did they get this information?

In my case they got old information including:

Name
DOB
SS#
Address and telephone number (of the cottage)
email

I suspect they have the same information for other properties as well.