Page Loader
Summarize
Biggest leak in decades: 3B records exposed on dark web 
Your personal data might be up for sale on the dark web

Biggest leak in decades: 3B records exposed on dark web 

Aug 08, 2024
10:03 am

What's the story

National Public Data (NPD), a background check company also known as Jerico Pictures, is facing a class action lawsuit for allegedly leaking the personal information of nearly 2.9 billion individuals onto the dark web. The leaked data includes sensitive details such as social security numbers, full names, addresses, and relative's information. This massive breach is one of the largest in history and has reportedly been exploited by cybercriminal group USDoD.

Data harvesting

NPD's data collection method under scrutiny

The lawsuit alleges that NPD used a method known as 'scraping' to gather and store personally identifiable information from non-public sources. The individuals whose data was collected were not informed about this practice, raising concerns about consent and privacy. The cybercriminal group USDoD has reportedly obtained this leaked data and is offering a database containing the personal information for sale at $3.5 million on the dark web.

Legal action

Lawsuit initiated by victim of data breach

The class action lawsuit against NPD was initiated by Christopher Hofmann, who discovered his data had been exposed and leaked onto the dark web. He was alerted about this breach by his identity-theft protection service provider. The lawsuit accuses NPD of negligence, breaches of fiduciary duty, and third-party beneficiary contract, as well as unjust enrichment due to their handling of personal information.

Demands

Plaintiffs demand financial compensation and enhanced security measures

The plaintiffs are demanding financial compensation from NPD for the data breach. They are also urging the company to implement more robust data protection measures such as database scanning, threat management systems, and annual cybersecurity evaluations by a third-party assessor for the next decade. Additionally, they want NPD to delete all personal data of affected individuals and encrypt all collected information in future.

Comparison

Breach's scale rivals 2013 Yahoo! incident

If these allegations are confirmed, the scale of this data breach would rival the 2013 Yahoo! incident that impacted three billion customers. However, it remains unclear how this breach occurred at NPD. In light of such incidents, experts recommend using an identity theft protection service to receive alerts if personal information has been compromised.