A new lawsuit alleges hackers gained access to the personal information of “billions of individuals,” including their Social Security numbers, current and previous addresses, and the names of siblings and parents — personal information that could allow fraudsters to break into bank accounts or take out loans in their names.
The allegation arose in a lawsuit filed earlier this month by Christopher Hofmann, a California resident who claims his identity theft protection service alerted him that his personal information had been leaked to the dark web through the hack of nationalpublicdata.com. Bloomberg Law previously reported on the lawsuit.
The breach allegedly occurred around April 2024, when a hacking group called USDoD exfiltrated the unencrypted personal information of billions of people from a company called National Public Data (NPD), a background check company, according to the lawsuit. Earlier this month, a hacker posted a version of the stolen NPD data for free on a hacker forum, tech site Bleeping Computer reported.
This hacker claimed the stolen files included 2.7 billion records, with each record containing a person’s full name, address, date of birth, social security number and phone number, according to Bleeping Computer.
The NPD did not immediately respond to a request for comment.
Here’s what you need to know about the alleged hack.
What are national public data?
National Public Data is a data company based in Coral Springs, Florida, that provides background checks for employers, investigators and other companies looking to check people’s backgrounds. Search capabilities include criminal records, vital records, SSN searches and more information, the website says.
What happened in the USDoD hack?
According to the new lawsuit, the U.S. Department of Defense released a database called “National Public Data” on the dark web on April 8, which allegedly contains data on around 2.9 billion people. The purchase price is said to be $3.5 million, the lawsuit says.
However, Bleeping Computer reported that, as mentioned above, the file was later leaked for free on a hacker forum.
Did the NPD warn individuals about the hack?
It is unclear, although the lawsuit alleges, that NPD “still has not provided any notice or warning” to Hoffman or others affected by the breach.
“In fact, the vast majority of class members were unaware, to the best of their knowledge and belief, that their sensitive (personal) information had been compromised and that they were and continue to be exposed to a substantial risk of identity theft and various other forms of personal, social and financial harm,” the lawsuit states.
Information security company McAfee said it found no reports filed with state attorneys general. Some states require companies that have been victims of data breaches to file reports with their attorneys general.
What do I need to do to protect my data?
Security experts recommend that consumers have their credit information blocked by the three major credit reporting agencies: Experian, Equifax and TransUnion.
Freezing your credit is free and prevents fraudsters from taking out loans or opening credit cards in your name.
You can also use a tracking service that will notify you if your data appears on the dark web. Also, be sure to enable two-factor authentication, which makes it harder for hackers to access your accounts.
Trump presents his economic plan at campaign rally in North Carolina
Biden and Kamala Harris appear together in the election campaign for the first time since Biden dropped out of the race
91-year-old North Carolina nurse has no plans to retire
