Nearly every American’s social security number and other sensitive information is believed to have been leaked and sold on the dark web in what has been described as the largest data breach in today’s digital age.
Bloomberg Law first reported on the data breach after a proposed class action lawsuit was filed last week in the US District Court for the Southern District of Florida. The lawsuit details that a nefarious group by the name of USDoD compiled and posted a database on the dark web titled “National Public Data.” The database which is reported to have the personal data of nearly three billion people was put up for sale and eventually sold for $3.5 million.
Murmurs of the data breach were first reported in April. After the group USDoD posted the date for sale on the dark web, other nefarious actors followed in their tracks. One actor known online as “Fenice” posted the most complete version of the data for free in August, as reported on by the tech and cybersecurity news outlet, BleepingComputer.
According to the lawsuit, it’s not yet clear how the data breach happened, but officials have been able to pinpoint how the information of nearly three billion individuals was targeted, extracted, and compiled for profit on the dark web.
At the center of what will likely be a historic data breach — following the 2013 Yahoo breach which is believed to have impacted nearly three billion individuals – is the company Jerico Pictures Inc., which operates under the name National Public Data.
National Public Data is a background check company, one of hundreds if not thousands in the country. The company collects the personal identifying information (PII) of individuals by scouring non-public sources. These sources include national and state databases, public records, and court records. The company then sells this aggregated data to background check websites, investigators, data resellers, and app developers. Included in the data is everything from an individual's name to their social security number, date of birth, all known addresses, and other sensitive information. The complaint details that the PII the company collected was done so without the consent of the plaintiffs.
National Public Data states in the lawsuit that it has cooperated and will continue to work with investigators. Despite this assurance, California resident and lead plaintiff, Christopher Hofmann, alleges that National Public Data was negligent in failing to safeguard its systems, engaged in unjust enrichment, and breached its fiduciary duty and third-party beneficiary contracts.
In the lawsuit, Hofmann is seeking to have a court require that National Public Data purge the PII of all the individuals impacted, essentially nearly every American if the reports of the individuals impacted are verified. Additionally, Hoffmann is seeking to have National Public Data encrypt all data collected going forward.
Keeping in line with cybersecurity practices, Hoffman is also asking the court to require National Public Data to segment data, conduct database scanning, implement a threat-management program, and appoint a third-party assessor that will evaluate cybersecurity frameworks every year for 10 years.
A data broker owned by major U.S. airlines, including Delta, American Airlines, and United, collected and sold domestic flight information of American travelers to Customs and Border Protection (CBP), according to internal agency documents obtained by 404 Media. The records include passengers' names, full travel itineraries, and financial information. The... Read More »
A former student at Whitworth University in Spokane, Washington, has filed a lawsuit against the university after becoming the target of a ransomware attack discovered in July 2022. The lawsuit was filed Thursday in U.S. District Court in Spokane and accuses the university of negligence after hackers were able to... Read More »
T-Mobile has been hit with a data breach that has impacted about 37 million of its customers. The data breach resulted in the personal identification information of millions of customers across the nation being shared with unauthorized individuals. In a form filed with the U.S. Securities and Exchange Commission on... Read More »
Cyber hackers working on behalf of a foreign government that is widely believed to be Russia broke into numerous government agencies and networks, including the Commerce, Treasury Departments, and several national security agencies. The cyber hackers breached the protected email systems in a sophisticated attack that has left the feds... Read More »
After a report unveiled a computer glitch that impacted millions of credit scores, credit reporting agency Equifax is at the center of a class-action lawsuit. Earlier this month, The Wall Street Journal reported that the credit bureau was responsible for the technical glitch that caused millions of individuals to receive... Read More »
