One of The Biggest Data Breaches Ever Leaks 2.9 Billion Records - Here’s What You Need to Know!

A new class action lawsuit alleges that up to 2.9 billion personal records belonging to U.S. residents may have been exposed following a data breach at a background check company. The lawsuit was filed against Jerico Pictures Inc., operating as National Public Data (NPD), which provides access to public records sourced from various databases and repositories across the country.

The complaint, filed in Florida, claims that NPD illegally "scrapes" personal information from non-public sources without individuals' consent. The plaintiff in the case, Christopher Hofmann, reportedly received a notification from his identity theft protection service on July 24, alerting him that his data had been exposed and leaked on the dark web.

Hofmann asserts that he never authorized NPD to access his personal information. The lawsuit argues that NPD assured those undergoing background checks that their information would be kept "safe," "confidential," and used only for as long as necessary. However, the attorneys claim that NPD failed to properly secure and protect the personally identifiable information it collected.

The lawsuit acknowledges that NPD has yet to officially disclose the specifics of the breach, including when it occurred and how it happened, and that those affected have not been formally notified. Instead, the lawsuit references findings from VX-Underground, a website focused on malware and cybersecurity. According to VX-Underground, in early April 2024, a threat actor using the alias "USDoD" offered a massive database titled "National Public Data" for sale on a site called Breached. The database allegedly contained 2.9 billion records of U.S. citizens and was priced at $3.5 million.

VX-Underground claims it received an advanced copy of the 277.1GB database and verified its authenticity. The database reportedly includes names, addresses (some dating back over three decades), Social Security numbers, and enough information to identify relatives of those who did not use a data opt-out service.

The lawsuit accuses NPD of failing to protect the personal information of those affected and not providing timely notification of the breach. While the breach allegedly impacted billions of records, it remains unclear how many individuals were actually affected, as the U.S. population is well below 1 billion.

If the breach is confirmed to have impacted billions, it could rank among the largest in history, rivaling Yahoo’s 2013 data breach that compromised all 3 billion of its user accounts.

Measures to Safeguard Your Identity After a Data Breach

Experiencing a data breach doesn't automatically mean your identity will be stolen, but it does increase the risk of being targeted by bad actors who now have more detailed information about you. Fortunately, there are several steps you can take to protect your identity if your data has been compromised.

Update Your Passwords As soon as you learn that your data has been compromised, your first priority should be changing the password for the affected account to prevent unauthorized access. If you use the same password for multiple accounts, it's wise to update those as well. A strong security practice is to use a unique password for each of your online accounts. If keeping track of them all feels overwhelming, consider using a password manager to securely store and manage your passwords.

Stay Vigilant Against Phishing and Smishing Scams Cybercriminals may attempt to exploit your compromised data through targeted phishing (via email) and smishing (via text message) scams designed to trick you into revealing more personal information. With so much personal data available online and on social media, scammers have become increasingly sophisticated in their fraudulent schemes. Avoid clicking on unsolicited links sent to your phone or email, as these can download malicious software onto your devices. Additionally, be cautious about sharing sensitive information like your Social Security number or financial details, as this can open the door to unauthorized access to your bank accounts or even identity theft.

Consider Identity Theft Protection Services If you're particularly worried about your identity being stolen, signing up for identity theft protection services might be a good option.