In a recent development, National Public Data, a background check service owned by Jerico Pictures Inc, is facing a class-action lawsuit for a massive data breach that has exposed the personal details of almost three billion individuals, potentially leaving them vulnerable to identity theft and financial fraud. The lawsuit, filed in the US District Court for the Southern District of Florida, alleges that a security lapse at National Public Data led to the exposure of sensitive information that was later released on the dark web by a threat actor known as “USDoD”.
The leaked data includes full names, addresses, and Social Security Numbers (SSNs) of individuals, making it one of the largest cybersecurity incidents in recent history. This breach has the potential to impact a vast number of people, surpassing even the infamous 2013 Yahoo data breach that affected three billion users.
This is not the first time National Public Data has faced security issues. Earlier this year, a hacker using the alias ‘sxul’ claimed to have breached the company and offered to sell the database for $2 million. The recent lawsuit, brought by Christopher Hofmann, a California resident, alleges that the data leaked by “USDoD” contains a wealth of sensitive information, including SSNs, addresses spanning 30 years, and details of deceased relatives dating back nearly two decades.
The lawsuit claims that National Public Data collected this information through “scraping”, a technique that involves gathering data from websites and online sources. While scraping itself is not illegal, the issue arises from the scale and non-public sources from which the data was collected. Many of the affected individuals may not have consented to their information being collected in this manner.
In response to the breach, the plaintiff has requested the court to compel National Public Data to remove all personal information of affected individuals, encrypt all future data collection, and implement various cybersecurity measures. These measures include segmenting data, conducting database scans, implementing a threat management program, and undergoing annual evaluations by a third-party assessor for the next decade.
As the legal proceedings unfold, it is important for individuals to take steps to protect themselves from potential identity theft and fraud. Monitoring credit reports regularly, enabling a credit freeze, considering identity theft protection services, and changing passwords for online accounts are recommended measures to mitigate the damage from the data breach.
In conclusion, the lawsuit against National Public Data highlights the importance of securing personal information and holding companies accountable for data breaches that expose individuals to significant risks. The outcome of this case will likely have implications for data privacy and cybersecurity practices in the future.