ALBAWABA - National Public Data, a company that collects information in order to perform background checks, has revealed that it has been the victim of a large data breach in which millions of Americans' Social Security numbers and other personal information were compromised.
A class action suit filed in U.S. District Court in Fort Lauderdale, Florida, provided the first information regarding the hack, which was initially covered by Bloomberg Law. According to the legal firm Schubert, Jonckheer & Kolbe, which filed the lawsuit, 2.9 billion records—including names, residences, Social Security numbers, and family members—dating back at least thirty years were obtained from National Public Data (NPD).
According to the lawsuit filed on Thursday in the US District Court for the Southern District of Florida, a cybercriminal group known as USDoD published a database dubbed "National Public Data" on a dark web site on April 8, claiming it contained the personal information of 2.9 billion people, adding that the group offered to sell the database for $3.5 million.
Names, email addresses, phone numbers, postal addresses, and Social Security numbers were among the information compromised, according to the NPD. The company said that it has "implemented additional security measures in efforts to prevent the reoccurrence of such a breach and to protect our systems" and that it is assisting investigators.
If the breach is verified, it has the potential to be among the most significant breaches ever, in terms of the amount of people who were impacted, according to Bloomberg. A similar data breach in terms of affected individuals occurred at Yahoo! in 2013, exposing the personal information of around 3 billion people.
The company made a statement on its website, saying “there appears to a have been a data security incident that may have involved some of your personal information,” adding that the incident is believed to have involved “a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024.”
