In one of the largest data breaches in history, the personal information of nearly 3 billion individuals has been stolen from National Public Data, a background check and fraud prevention service provider.
The breach, which came to light through a class action lawsuit filed in Florida, has sent shockwaves through the cybersecurity community and raised serious concerns about data privacy and protection.
The stolen data includes highly sensitive information such as full names, current and former addresses dating back 30 years, Social Security Numbers, and family member details.
This breach is particularly alarming because many affected individuals may be unaware that National Public Data even collected their data, as the company reportedly scraped personally identifiable information (PII) from non-public sources without explicit consent.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access
According to the lawsuit, a hacker group gained unauthorized access to National Public Data’s systems and exfiltrated the massive database. The hackers subsequently attempted to sell the stolen information on the dark web for $3.5 million.
“Threat Actor operating under the moniker “USDoD” placed a large database up for sale on Breached titled: “National Public Data.” They claimed it contained 2,900,000,000 records on United States citizens. They put the data up for sale for $3,500,000,” reads the Court Docket shared by Bloomberg.
The scale of this breach is staggering, potentially affecting nearly 40% of the world’s population. It rivals the infamous Yahoo data breach of 2013, which impacted 3 billion accounts.
Christopher Hofmann, the lead plaintiff in the class action lawsuit, discovered the breach after receiving a notification from his identity theft protection service. The lawsuit alleges that National Public Data failed to implement adequate security measures to protect its collected sensitive information.
This incident highlights the vulnerabilities in data collection practices and the potential risks of large-scale data aggregation. It also underscores the importance of robust cybersecurity measures and transparent data handling policies.
Experts advise affected individuals to remain vigilant, monitor their financial accounts closely, and consider using identity theft protection services. As the investigation unfolds, National Public Data may face significant legal and financial consequences, as well as a loss of trust from the public.
How to Build a Security Framework With Limited Resources IT Security Team (PDF) - Free Guide