2.9 Billion Personal Data Leaked in NationalPublicData Cyberattack

TapTechNews August 7th news, the background check company NationalPublicData was cyberattacked in April this year, resulting in the leakage of 2.9 billion personal privacy data, which is the data leakage event second only to the Yahoo incident in 2013 (affecting 3 billion).

TapTechNews note: The NationalPublicData company is a background check company operated by JericoPictures, mainly collecting personal identity information (PII) from non-public sources.

Leaked data

According to the proposed class-action lawsuit filing, the hacker USDoD was selling the data of the NationalPublicData company on the underground forum Breached, claiming to have personal data related to 2.9 billion people.

USDoD claims that the database spans from 2019 to 2024, has a total of 2.9 billion rows, and is 277.1 GB after decompression, and the selling price is 3.5 million US dollars.

USDoD said that it will also provide the buyer with credentials to access the NPD server, and the leaked information includes social security numbers, full names, family information, and current and former addresses.

Class-action lawsuit

Plaintiff Christopher Hofmann accused NationalPublicData of breaching fiduciary duties and third-party beneficiary contracts, negligence and unjust enrichment, and demanded a series of requirements including financial compensation.

The plaintiff also requires the company to scan the database, introduce a security threat management system, segment the data, and hire a third-party institution to conduct an assessment of the company's network security framework once a year for the next 10 years.