A class-action lawsuit filed in federal court in Florida claimed that a hacking group known as USDoD stole nearly 3 billion personal records, including Social Security numbers.
The lawsuit was first reported by Bloomberg Law.
Reportedly, on April 8, the cybercriminal group posted a database called “National Public Data” on a dark web forum, claiming to have the personal data of 2.9 billion people. The lawsuit said that the group put the database up for sale for $3.5 million.
If it is confirmed, then this breach could be among the biggest ever in terms of individuals affected, Bloomberg added (via Bloomberg):
Some of the information exposed includes Social Security numbers, current and past addresses spanning decades, full names, information about relatives—including some deceased for nearly two decades—and more, according to the complaint.
[...]
Named plaintiff Christopher Hofmann, a California resident, said he received a notification from his identity-theft protection service provider on July 24, notifying him that his data was exposed in a breach and leaked on the dark web.
He accused National Public Data of negligence, unjust enrichment, and breaches of fiduciary duty and third-party beneficiary contract.
Hofmann asked the court to require National Public Data to purge the personal information of all the individuals affected and to encrypt all data collected going forward. In addition to monetary relief, he also asked for a series of requirements, including that National Public Data segment data, conduct database scanning, implement a threat-management program, and appoint a third-party assessor to conduct an evaluation of its cybersecurity frameworks annually for 10 years.
Recommended
According to CBS News, National Public Data is a data company based in Coral Springs, Florida, that provides background checks for employers, investigators and other businesses that want to check people's backgrounds. This includes criminal records, SSN traces, among other things.
The lawsuit claims that NPD “has still not provided any notice or warning” to people affected by the breach.
Several news sites that have examined portions of the data reported that the it appears to be real people’s information.
Join the conversation as a VIP Member