Biggest leak in decades: 3B records exposed on dark web
What's the story
National Public Data (NPD), a background check company also known as Jerico Pictures, is facing a class action lawsuit for allegedly leaking the personal information of nearly 2.9 billion individuals onto the dark web. The leaked data includes sensitive details such as social security numbers, full names, addresses, and relative's information. This massive breach is one of the largest in history and has reportedly been exploited by cybercriminal group USDoD.
Data harvesting
NPD's data collection method under scrutiny
The lawsuit alleges that NPD used a method known as 'scraping' to gather and store personally identifiable information from non-public sources. The individuals whose data was collected were not informed about this practice, raising concerns about consent and privacy. The cybercriminal group USDoD has reportedly obtained this leaked data and is offering a database containing the personal information for sale at $3.5 million on the dark web.
Legal action
Lawsuit initiated by victim of data breach
The class action lawsuit against NPD was initiated by Christopher Hofmann, who discovered his data had been exposed and leaked onto the dark web. He was alerted about this breach by his identity-theft protection service provider. The lawsuit accuses NPD of negligence, breaches of fiduciary duty, and third-party beneficiary contract, as well as unjust enrichment due to their handling of personal information.
Demands
Plaintiffs demand financial compensation and enhanced security measures
The plaintiffs are demanding financial compensation from NPD for the data breach. They are also urging the company to implement more robust data protection measures such as database scanning, threat management systems, and annual cybersecurity evaluations by a third-party assessor for the next decade. Additionally, they want NPD to delete all personal data of affected individuals and encrypt all collected information in future.
Comparison
Breach's scale rivals 2013 Yahoo! incident
If these allegations are confirmed, the scale of this data breach would rival the 2013 Yahoo! incident that impacted three billion customers. However, it remains unclear how this breach occurred at NPD. In light of such incidents, experts recommend using an identity theft protection service to receive alerts if personal information has been compromised.