Nov 20, 2024

Nearly Every American’s SSN Is Believed to Have Been Leaked in April Cybersecurity Breach, Class-action Lawsuit to Follow

by Nadia El-Yaouti | Aug 20, 2024
Stack of U.S. Treasury checks with a Social Security card on top. Photo Source: Kevin Dietsch/Getty Images via Yahoo Finance

Nearly every American’s social security number and other sensitive information is believed to have been leaked and sold on the dark web in what has been described as the largest data breach in today’s digital age.

Bloomberg Law first reported on the data breach after a proposed class action lawsuit was filed last week in the US District Court for the Southern District of Florida. The lawsuit details that a nefarious group by the name of USDoD compiled and posted a database on the dark web titled “National Public Data.” The database which is reported to have the personal data of nearly three billion people was put up for sale and eventually sold for $3.5 million.

Murmurs of the data breach were first reported in April. After the group USDoD posted the date for sale on the dark web, other nefarious actors followed in their tracks. One actor known online as “Fenice” posted the most complete version of the data for free in August, as reported on by the tech and cybersecurity news outlet, BleepingComputer.

According to the lawsuit, it’s not yet clear how the data breach happened, but officials have been able to pinpoint how the information of nearly three billion individuals was targeted, extracted, and compiled for profit on the dark web.

At the center of what will likely be a historic data breach — following the 2013 Yahoo breach which is believed to have impacted nearly three billion individuals – is the company Jerico Pictures Inc., which operates under the name National Public Data.

National Public Data is a background check company, one of hundreds if not thousands in the country. The company collects the personal identifying information (PII) of individuals by scouring non-public sources. These sources include national and state databases, public records, and court records. The company then sells this aggregated data to background check websites, investigators, data resellers, and app developers. Included in the data is everything from an individual's name to their social security number, date of birth, all known addresses, and other sensitive information. The complaint details that the PII the company collected was done so without the consent of the plaintiffs.

National Public Data states in the lawsuit that it has cooperated and will continue to work with investigators. Despite this assurance, California resident and lead plaintiff, Christopher Hofmann, alleges that National Public Data was negligent in failing to safeguard its systems, engaged in unjust enrichment, and breached its fiduciary duty and third-party beneficiary contracts.

In the lawsuit, Hofmann is seeking to have a court require that National Public Data purge the PII of all the individuals impacted, essentially nearly every American if the reports of the individuals impacted are verified. Additionally, Hoffmann is seeking to have National Public Data encrypt all data collected going forward.

Keeping in line with cybersecurity practices, Hoffman is also asking the court to require National Public Data to segment data, conduct database scanning, implement a threat-management program, and appoint a third-party assessor that will evaluate cybersecurity frameworks every year for 10 years.

Share This Article

If you found this article insightful, consider sharing it with your network.

Nadia El-Yaouti
Nadia El-Yaouti
Nadia El-Yaouti is a postgraduate from James Madison University, where she studied English and Education. Residing in Central Virginia with her husband and two young daughters, she balances her workaholic tendencies with a passion for travel, exploring the world with her family.

Related Articles

Hands typing on a backlit keyboard, representing cybersecurity and potential data breach scenarios.
CareSource Faces Multiple Lawsuits After Cybersecurity Data Breach

A data breach that targeted an Ohio-based insurance company has prompted multiple lawsuits including a class action lawsuit filed by victims who lost sensitive personal information following the data breach. One class action suit is seeking more than $9.9 million in damages. CareSource, the administrator of one of the nation’s... Read More »

A close-up of hands typing on a laptop keyboard with green code displayed on the screen, illustrating themes of cybersecurity and data breaches.
Massachusetts-Based Company Faces Multiple Lawsuits After Data Breach

A Massachusetts-based company that specializes in background checks is at the center of four lawsuits. The lawsuit accused the company, Creative Services, Inc., of negligently failing to protect the private information of its clients. The company, which is located in Mansfield, Massachusetts, offered services to employers, universities, and government agencies... Read More »