Background check company National Public Data — also known as Jerico Pictures — suffered what is reportedly one of the most significant data breaches in history, affecting 2.9 billion personal records that leaked sensitive data such as social security numbers and more, as mentioned in a class action lawsuit document and sourced by Bloomberg Law. What’s even worse is that it’s not known how the breach happened in the first place — or who all has been included in it.
Before getting into it, it’s worth noting that National Public Data has not confirmed the breach yet, so there’s a lot of information that’s only coming from the lawsuit or the hacking group. That means some of the figures will need to be taken with a grain of salt. Still, it doesn’t sound good.
The lawsuit indicates that critical data, such as addresses, full names, and relative information, have reportedly been leaked to the dark web. The data even includes information on deceased relatives dating back decades.
The lawsuit also claims that the National Public Data scraping data from non-public sources to conduct personal background checks. The process used reveals that many users were unaware that the company possessed this information in the first place.
According to the lawsuit, an identify-theft protection service provider notified affected user Christopher Hofmann of the leak on or around July 24, though they believe the breach may have occurred in April. By the time the service informed him, his and potentially billions of others’ info was already up for sale for $3.5 million by the cybercriminal group USDoD on a dark web database.
The class action lawsuit accuses NPD of unjust enrichment, negligence, third-party beneficiary, and breaches of fiduciary duty. The lawsuit also demands that NPD conduct database scanning, segment data, use a threat-management system, and hire a third-party assessor annually to evaluate its cybersecurity frameworks for the next 10 years. The court has also asked NPD to cleanse the personal data of all those affected and encrypt all gathered data from now on.
This could be the most significant data breach since the 2013 Yahoo breach, where the personal data of 3 billion users was leaked. To help stay safe, we recommend using one of the best identify-theft protection service providers on the market.