3 Billion People’s Personal Data Stolen in Huge Hack

Despite one’s precautions, personal data can still be compromised, as demonstrated by a recent data breach that exposed the sensitive information of nearly 3 billion individuals.

According to a Bloomberg report, hackers have stolen the sensitive data of around 3 billion people from Jerico Pictures Inc., a background-check company operating as NPD.

3 Billion People’s Personal Data Stolen in Huge Hack

The exposed data includes full names, past and current addresses spanning 30 years, Social Security Numbers, and information about relatives, some deceased for nearly two decades.

This hack, one of the largest data breaches ever reported, is the latest addition to a growing list of companies targeted by cybercriminals in recent months.

The breach became public on April 8 when a group of cybercriminals named USDoD posted a database titled “National Public Data” on a dark web forum, claiming to have personal data on 3 billion people.

They listed the database for sale at $3.5 million, as stated in a complaint filed Thursday in the US District Court for the Southern District of Florida.

National Public Data Hacked

This massive data breach was recently revealed as part of a class action lawsuit filed recently. The lawsuit claims that National Public Data, a company focused on background checks and fraud prevention, has been negligent.

The hackers tried to sell the huge collection of personal data on the dark web for $3.5 million. Given the large number of people affected, the data likely includes individuals from both the U.S. and other countries.

Data Scraping: A Pathway for Cybercriminals

The details of the breach, including the timing and method, are still unclear, and the provider has not yet notified the affected individuals.

Here’s what is known so far, along with some steps you can take to safeguard yourself if your personal information has been exposed.

National Public Data collects personal data by scraping websites and other online sources. According to the complaint, the company scraped personally identifiable information (PII) from non-public sources, meaning individuals did not knowingly provide their data to the company.

Bloomberg wrote:

“To conduct its business, National Public Data scrapes the personally identifying information of billions of individuals from non-public sources—meaning plaintiffs didn’t knowingly provide their data to the company, the complaint said.”

The leaked information includes Social Security numbers, addresses from many years, full names, and details about relatives, some of whom have been deceased for nearly 20 years.

One person from California found out about the breach when an identity theft protection service told him that his data had been released on the dark web.

Christopher Hofmann, the named plaintiff, received a notification from his identity theft protection service on July 24, informing him that his data was exposed in the breach and leaked on the dark web.

He accused National Public Data of negligence, unjust enrichment, and breaches of fiduciary duty and third-party beneficiary contracts.

Hofmann asked the court to require National Public Data to purge the personal information of all affected individuals and to encrypt all data collected in the future.

He also requested several measures, including data segmentation, database scanning, a threat-management program, and an annual third-party assessment of its cybersecurity frameworks for 10 years.

Stories You May Like

Help Someone By Sharing This Article