A lawsuit has been filed against National Public Data, a background check service owned by Jerico Pictures Inc, for an alleged data breach that could leave nearly three billion people vulnerable to identity theft and financial fraud.
The class-action lawsuit, filed earlier this month in a US District Court for the Southern District of Florida, accuses National Public Data of a security lapse that exposed a staggering 2.9 billion people’s personal details. It says that due to the security lapse, a threat actor, acting under the alias “USDoD”, released the sensitive data for free on the dark web, potentially impacting a staggering number of individuals.
The leaked data includes full names, addresses, and Social Security Numbers (SSNs), on a notorious cybercrime forum. This breach, if proven, ranks among the largest cybersecurity incidents in recent history, potentially surpassing the infamous 2013 Yahoo data breach that compromised 3 billion users.
This isn’t the first time that the National Public Data has been targeted. Back in April, a hacker using the alias ‘sxul’ claimed to have breached the company and put the database up for sale for $2 million.
National Public Data Breach Claims in Detail
The lawsuit, filed by Christopher Hofmann, a California resident, alleges that “USDoD” leaked a massive trove of data stolen from National Public Data. This data includes a goldmine of sensitive information, including full names of individuals, their past and present addresses (spanning 30 years), Social Security Numbers (SSNs) – in plain text and information about relatives—including some deceased for nearly two decades.
The lawsuit shared that National Public Data obtained such a vast amount of personal information through a technique called “scraping.” Scraping involves collecting data from websites and other online sources. While scraping itself isn’t inherently illegal, the issue here is the scale and source of the data National Public Data collected.
The lawsuit alleges that National Public Data scraped this sensitive data, including SSNs, from non-public sources. This means that many of the individuals impacted likely never gave their consent for their information to be collected by National Public Data.
While National Public Data hasn’t put out an official statement, hackers could use potentially stolen information to carry out identity theft and tax frauds using the SSN.
Meanwhile, the plaintiff has asked the court to direct the firm to purge the personal information of all the individuals affected and to encrypt all data collected going forward. In addition to monetary relief, Hofmann has asked for a series of requirements, including that National Public Data segment data, conduct database scanning, implement a threat-management program, and appoint a third-party assessor to conduct an evaluation of its cybersecurity frameworks annually for 10 years.
Protecting Yourself in the Aftermath
While the legal battle unfolds, what can you do if you suspect your information might be part of this colossal leak? Here are some steps you can take to mitigate the damage:
- Monitor Your Credit Reports: Regularly checking your credit reports with all three major credit bureaus (Equifax, Experian, and TransUnion) is crucial. Look for any suspicious activity, such as new accounts being opened in your name.
- Enable a Credit Freeze: A credit freeze restricts access to your credit report, making it significantly harder for criminals to open new accounts under your name. While a credit freeze may cause some inconvenience when applying for new credit, it’s a powerful safeguard against identity theft.
- Consider Identity Theft Protection Services: While not foolproof, identity theft protection services can monitor your personal information for signs of misuse and offer assistance in the event of identity theft.
- Change Your Passwords: As a precaution, consider changing your passwords for any online accounts that might contain sensitive information. Use strong passwords that are unique to each account.