In April 2024 [1] [2] [4] [5] [7] [8] [9] [10], National Public Data [1] [2] [3] [4] [5] [6] [7] [8] [9] [10], a Florida-based data broker company owned by Jerico Pictures Inc., experienced two cyberattacks that compromised the identities of individuals in the US, UK [1], and Canada [1].
Description
The data breach resulted in the theft of nearly 3 billion unencrypted records by the cybercriminal group known as “USDoD.” The stolen data included personal information such as full names, addresses [2] [3] [4] [5] [7] [9] [10], phone numbers [1] [2] [3] [4] [5] [9] [10], dates of birth [2], Social Security Numbers [1] [2] [3] [4] [5] [6] [7] [8] [9] [10], and email addresses [4] [5] [9] [10], as well as data related to family members. The compromised data was later leaked online and put up for sale on the dark web for $3.5 million. NPD confirmed the breach in June 2024 and advised affected individuals to monitor their financial accounts, obtain free credit reports [5], and put a fraud alert on their file [5]. The company has implemented additional security measures to prevent future breaches and is cooperating with law enforcement and government investigators [9]. A class action lawsuit has been filed in US District Court in Fort Lauderdale, Florida [6] [8] [9], accusing National Public Data of negligence and breach of fiduciary duty [7]. Security researchers warn that the stolen data could be used for scamming [4], cybercrime [1] [4] [8] [9] [10], and espionage [4], posing a serious risk to individuals whose information was compromised [4].
Conclusion
The breach has serious implications for the affected individuals, who are advised to take necessary precautions to protect their financial information. The legal actions taken against the company highlight the importance of data security and the consequences of negligence in handling sensitive information. Moving forward, it is crucial for companies to prioritize cybersecurity measures to prevent similar incidents and safeguard the privacy of their customers.
References
[1] https://www.infosecurity-magazine.com/news/national-public-data-confirms-data/
[2] https://www.cbsnews.com/news/social-security-number-leak-npd-breach-what-to-know/
[3] https://www.snopes.com/news/2024/08/16/social-security-numbers-hack-release/
[4] https://www.wired.com/story/national-public-data-breach-leak/
[5] https://www.engadget.com/cybersecurity/national-public-data-confirms-breach-that-exposed-americans-social-security-numbers-100046695.html
[6] https://www.usatoday.com/story/tech/2024/08/15/social-security-hack-national-public-data-breach/74807903007/
[7] https://www.nbcnewyork.com/news/national-international/2-9-billion-data-records-may-have-been-exposed-in-a-data-breach-heres-what-to-know/5708650/
[8] https://www.usatoday.com/story/tech/2024/08/17/social-security-hack-national-public-data-confirms/74843810007/
[9] https://www.cnet.com/personal-finance/identity-theft/social-security-numbers-and-personal-data-of-billions-breached-in-national-public-data-cyber-attack-heres-what-you-need-to-know/
[10] https://www.cnet.com/personal-finance/was-your-social-security-number-stolen-in-the-national-public-data-hack-what-you-can-do/
