You may be one of the countless individuals impacted by an enormous data security breach without your knowledge.
A recent legal action in the form of a class-action lawsuit against Jerico Pictures Inc., trading as National Public Data, indicates that this background checking firm fell victim to cybercriminal intrusion earlier this year.
The lawsuit alleges that hackers compromised and made off with sensitive information pertaining to approximately 2.9 billion individuals, orchestrated by a hacker collective identified as USDoD.
Microsoft reveals CrowdStrike service outage affected far more devices than initially reported.
To exacerbate the situation, those who may have had their data compromised likely remain unaware of their involvement. National Public Data allegedly acquires its datasets through scraping personal information from non-public sources without individuals knowing or providing consent.
The breached database encompasses diverse details for nearly 3 billion individuals, comprising full names, previous and current addresses, Social Security numbers, along with personal details connected to both living and deceased family members.
This significant breach had previously flown under the radar until now. The timeline regarding when exactly this incident transpired remains uncertain. Plaintiff Christopher Hofmann disclosed he learned of his personal information being compromised only after an identity theft protection service alerted him in July about its appearance on illicit online marketplaces.
In April, hackers publicly shared a “National Public Data” database containing leaked records on a dark web forum while demanding $3.5 million from interested buyers.
Just last month, Mashable covered another substantial data leak called RockYou2024 affecting nearly 10 billion user password credentials; however, it was primarily an updated aggregation of older data breaches from various years rather than new incidents.
The scale of exposed personal information places the National Public Data breach amongst history’s most extensive data infractions—second only to Yahoo’s monumental 2013 data compromise, which also impacted around 3 billion accounts.
Mashable has reached out for comments from National Public Data and will provide updates if they respond.
Source