A major data breach has potentially affected nearly 3 billion people, highlighting the severe risks associated with online data management. Jerico Pictures Inc., operating under the name National Public Data, is at the center of this scandal. The breach, which took place in April, has prompted a proposed class-action lawsuit, revealing the extensive impact of the incident.
Details of the Breach
On April 8, the hacker group “USDoD” released a database on a dark web forum under the name “National Public Data.” This database reportedly includes personal information of 2.9 billion people, with the hackers offering it for sale at $3.5 million. The lawsuit, filed on August 1 in the U.S. District Court for the Southern District of Florida, indicates that this breach could rival the notorious Yahoo! breach of 2013, which exposed the data of 3 billion individuals. Key details about the breach’s timing and method remain unclear, and National Public Data has not yet informed the affected individuals.
Data Collection Methods
National Public Data is alleged to have collected this vast amount of personal information through “scraping,” a method where data is harvested from websites and other online sources without user consent. The complaint claims that National Public Data scraped personally identifiable information (PII) from non-public sources, meaning many affected individuals were unaware that their data was collected or exposed. The breached data includes sensitive information such as Social Security numbers, full names, addresses from various periods, and even details about deceased relatives, posing a significant risk of identity theft and fraud.
Legal Actions and Remedies
Christopher Hofmann, a California resident, is leading the class-action lawsuit against National Public Data. Hofmann learned about the breach on July 24 from his identity theft protection service, which alerted him to his exposed data on the dark web. The lawsuit accuses National Public Data of negligence and breaches of fiduciary duty. Hofmann is seeking compensation and a court order requiring the company to remove all affected individuals’ personal information and enhance its cybersecurity measures. This includes encrypting future data, conducting regular scans, and implementing a threat management program. The lawsuit also calls for an independent review of the company’s cybersecurity practices annually for the next decade.
Impact and Precautions
The scale of the breach has serious implications. With detailed personal information available, affected individuals face increased risks of identity theft and targeted phishing attacks. The data’s availability on the dark web means it could be exploited for years. Typically, companies responsible for such breaches offer free identity theft protection or credit monitoring services for up to two years. However, affected individuals should stay vigilant by monitoring their financial accounts and being cautious of potential phishing attempts.
Company’s Response and Next Steps
National Public Data has not yet commented on the breach. Given the seriousness of the situation, it is expected that the company will soon issue notifications to those affected and take steps to address the breach’s repercussions. Individuals should watch their mail for any official breach notifications and remain cautious of suspicious emails or messages that may attempt to exploit the leaked information.
Comparison to Yahoo! Breach
The National Public Data breach is being compared to the Yahoo! breach of 2013 due to its massive scale. Both breaches highlight the vulnerabilities inherent in managing extensive personal data and suggest that this incident could have significant long-term effects. As the legal proceedings continue, more details about the breach and its impacts are expected to emerge. In the meantime, individuals should actively protect their personal information and stay updated on any developments related to the case.
