The background check company National Public Data (NPD), also known as Jerico Pictures, is facing allegations of a massive data breach, potentially impacting a staggering 2.9 billion personal records. This breach, detailed in a class-action lawsuit document cited by Bloomberg Law, reportedly exposed sensitive information such as Social Security numbers, addresses, full names, and even data on deceased relatives. While NPD has yet to confirm the breach, the lawsuit and reports surrounding the incident paint a concerning picture.
It’s important to note that much of the information currently available originates from the lawsuit and reports attributed to the hacking group claiming responsibility. Therefore, some details should be interpreted cautiously pending official confirmation from NPD.
The lawsuit alleges that NPD scraped data from non-public sources to conduct background checks, a practice that seemingly occurred without the knowledge of many individuals whose data was collected. The exposed information reportedly includes details on deceased relatives spanning decades.
The breach allegedly came to light around July 24th when an identity theft protection service provider notified affected user Christopher Hofmann. However, it’s believed the breach itself may have occurred as early as April. By the time Hofmann was alerted, a cybercriminal group known as USDoD was reportedly already selling the stolen data on a dark web database for $3.5 million.
The class-action lawsuit against NPD cites accusations of unjust enrichment, negligence, breaches of fiduciary duty, and third-party beneficiary violations. The lawsuit demands that NPD implement a range of security measures, including database scanning, data segmentation, a threat management system, and annual third-party cybersecurity assessments for the next decade. The court has also requested NPD to purge the compromised personal data and implement mandatory encryption for all data collected going forward.
This incident has the potential to be the largest data breach since the 2013 Yahoo breach, which affected 3 billion users. In light of this, considering reputable identity theft protection services is highly recommended.
