You may be a victim in one of the worst data breaches in history

By Judy Sanhz Published August 8, 2024

Background check company National Public Data — also known as Jerico Pictures — suffered what is reportedly one of the most significant data breaches in history, affecting 2.9 billion personal records that leaked sensitive data such as Social Security numbers and more, as mentioned in a class-action lawsuit document and sourced by Bloomberg Law. What’s even worse is that it’s not known how the breach happened in the first place — or who has been included in it.

Before getting into it, it’s worth noting that National Public Data has not confirmed the breach yet, so there’s a lot of information that’s only coming from the lawsuit or the hacking group. That means some of the figures will need to be taken with a grain of salt. Still, it doesn’t sound good.

Recommended Videos

The lawsuit indicates that critical data, such as addresses, full names, and relative information, have reportedly been leaked to the dark web. The data even includes information on deceased relatives dating back decades.

The lawsuit also claims that the National Public Data scraping data from non-public sources to conduct personal background checks. The process used reveals that many users were unaware that the company possessed this information in the first place.

According to the lawsuit, an identify-theft protection service provider notified affected user Christopher Hofmann of the leak on or around July 24, though they believe the breach may have occurred in April. By the time the service informed him, his and potentially billions of others’ info was already up for sale for $3.5 million by the cybercriminal group USDoD on a dark web database.

The class action lawsuit accuses NPD of unjust enrichment, negligence, third-party beneficiary, and breaches of fiduciary duty. The lawsuit also demands that NPD conduct database scanning, segment data, use a threat-management system, and hire a third-party assessor annually to evaluate its cybersecurity frameworks for the next 10 years. The court has also asked NPD to cleanse the personal data of all those affected and encrypt all gathered data from now on.

This could be the most significant data breach since the 2013 Yahoo breach, where the personal data of 3 billion users was leaked. To help stay safe, we recommend using one of the best identify-theft protection service providers on the market.

Topics

Computing Writer

Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.

Computing

Why new antivirus software may have just installed itself on your PC

A person compares Bitdefender and Norton antivirus software pricing on a Windows PC.

Late last week, cybersecurity company Kaspersky started deleting its anti-malware software from computers located in the United States. As a replacement, the company automatically downloaded antivirus software from UltraAV instead.

If you use Kaspersky antivirus software, you may know the Russian company was added to the U.S. government's Entity List and subjected to a ban on sales and updates within the United States earlier this year. As a result, the company told BleepingComputer in July that it had decided to shut down its U.S. operations and lay off its American employees.

Computing

Hackers claim 440GB of user data breached from large cybersecurity company

A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Cybersecurity firm Fortinet has confirmed that user data has been taken from its Microsoft Sharepoint server and was posted to a hacking forum early this morning, as BleepingComputer reports.

The threat actor, "Fortib**ch," shared the credentials to an alleged S3 bucket (a digital box to store files online) for others to download, claiming the total is 440GB.

Computing

Credit card info for 1.7 million users leaked in huge breach

A credit card is passed from one person to another.

Florida-based payment gateway provider Slim CD has confirmed in a notification sent to affected clients (almost 1.7 million) that their full names, credit card info, physical address, and payment card expiration date have been breached, according to a letter from the company, It's a trend that's unfortunately becoming fairly common.

What's more shocking about the number of affected users is how long it took the company to notice the breach since the hackers had access from August 2023 to June 2024. The company first noticed suspicious activity on June 15, stating, "That access may have enabled an unauthorized actor to view or obtain certain credit card information between June 14, 2024, and June 15, 2024,”