A class action lawsuit has been filed against background check company National Public Data (also known as Jerico Pictures), alleging that the personal information of 2.9 billion individuals was leaked onto the dark web in a data breach.
National Public Data uses a process called scraping to collect and store personally identifiable information from non-public sources, allowing them to perform background checks on billions of people.
This means that sensitive information, such as social security numbers, full names, addresses, and family member details, has been exposed. More importantly, it means that the information was not voluntarily provided to the company, and many victims are completely unaware that the information was stored.
Data in the hands of cybercriminals
Named plaintiff Christopher Hofmann was alerted by his identity theft protection service provider that his data had been exposed and leaked on the dark web. Cybercriminal group ASDoD had listed a database that claimed to have the individuals’ personal data for sale for $3.5 million.
Hofman and the plaintiffs accused NPD of negligence, breaches of fiduciary duty and contract with third-party beneficiaries, and unjust enrichment. Hofman is seeking monetary damages and for NPD to segment data, perform database scans, deploy a threat management system, and appoint a third-party assessor to conduct an annual review of its cybersecurity frameworks for 10 years.
The court has been asked to require NPD to erase the personal data of all persons involved and to encrypt all collected information from now on.
If confirmed, this would be considered one of the largest data breaches ever in terms of the number of people affected. It would be comparable to the Yahoo data breach in 2013, which affected three billion customers. What’s worse, it’s not yet clear how the breach happened.
Experts recommend using an identity theft protection service for alerts if your information has been compromised – read more about our tips and recommendations here.
Through Bloomberg