National Public Data Breach Lawsuit Filed After Hackers Claim To Have Social Security Numbers of Nearly Every American
Following a massive data breach at the background-checking business National Public Data, a class action lawsuit has been filed on behalf of nearly all Americans who had their social security number and other information compromised.
The hacker group known as USDoD allegedly stole the personal identifiable information (PII) of 2.9 billion individuals in the U.S., U.K. and Canada, which was obtained from National Public Data in December 2023. Portions of the data began to appear on sale on dark web hacker forums in April for $3.5 billion.
The National Public Data lawsuit (PDF) was filed by Christopher Hofmann in U.S. District Court for the Southern District of Florida on August 1, alleging that vast amounts of personal information was left unsecure by Jerico Pictures, while doing business as National Public Data. As a result, records including people’s first and last names, social security numbers and addresses for the past three decades have all been compromised.
According to the complaint, National Public Data mined and scraped data from non-public sources without individuals’ consent, which they then used to conduct criminal background checks. Despite assurances that data would be kept safe, confidential and private, the company held the data unredacted and in unencrypted files, leaving it susceptible to hackers.
Did You Know?
Ticketmaster Data Breach Impacts Millions of Customers
A massive Ticketmaster data breach exposed the names, addresses, phone numbers, credit card numbers and other personal information of more than 560 million customers, which have now been released on the dark web. Lawsuits are being pursued to obtain financial compensation.
Learn MoreNational Public Data Provided Poor Cybersecurity
Hofmann indicates that he received notification from his identity theft protection service in July 2024, warning that his personal information was found on the dark web. The lawsuit claims this leak was a direct result of the National Public Data breach, which the company did not publicly acknowledge until the following month.
A National Public Data statement was first issued in early August 2024, indicating that a “third-party bad actor” was responsible for attempted hacks of company data in December 2023, with the leaked information starting to appear on dark web hacker forums in April 2024.
While the company has outlined steps consumers should take to reduce potential harm, the massive release of the social security numbers and other personal information of nearly every American already creates a severe threat of identity theft and economic damage for affected individuals.
The hacker group USDoD started posting information on the dark web forum “Breached” in April, claiming that it has access to a database obtained through a National Public Data breach, which contains 2.9 billion records of individuals’ PII. In addition, USDoD reportedly has plans to leak the data, which contains names, social security numbers and addresses that the open-source malware website VX-Underground has confirmed is valid information.
VX-Underground claims that individuals who use data opt-out services were not included in the information obtained from the National Public Data hack. However, the organization was able to use the leaked data to find people’s parents, nearest siblings and deceased relatives. In some instances, compromised individuals had been dead for up to 20 years.
Hofmann’s complaint alleges that the data breach could have been prevented if National Public Data conducted better employee training and employed other cybersecurity measures.
“The present and continuing risk to victims of the Data Breach will remain for their respective lifetimes,” Hofmann said in the National Public Data class action lawsuit, which seeks to pursue damages for individuals throughout the United States, with a proposed sub-class limited to California residents.
AT&T, Ticketmaster Hacks Spotlight Cybersecurity Risks
The National Public Data hack occurs amid a flurry of class action lawsuits filed against a number of companies in recent months, after massive amounts of customer data has been accessed through cybersecurity breaches.
Two separate AT&T data breaches have led to multiple lawsuits this year. The first data breach was announced in March 2024, stemming from a 2021 hack where vast amounts of data was stolen, including customer social security numbers.
A second AT&T hack was announced in July 2024, indicating that customers’ cell phone call records had been stolen out of a cloud-based server operated by the storage company Snowflake.
Ticketmaster also announced that its customers were impacted by a Snowflake breach of its data in May 2024, indicating that hackers were attempting to sell customers’ information on the dark web after the data was taken from Snowflake servers.
Following these high profile hacks, a motion was filed with the U.S. Judicial Panel on Multidistrict Litigation (JPML) to establish an MDL to centralize data breach lawsuits against Snowflake. If the JPML chooses to consolidate the Snowflake data breach lawsuits before one judge, it would likely include both the AT&T and Ticketmaster data breach lawsuits.
6 Comments
KennethSeptember 10, 2024 at 4:37 pm
I've been in breach after breach I'm getting tired because I can't seem to get any help allstat supposed to have a specialist help me I'm trying to find a lawyer who can represent me I had some one use my social security to open a att account 3 time in one day
GessellSeptember 8, 2024 at 6:15 pm
My social security number was obtained in the National Public Database breach.
LisaAugust 23, 2024 at 9:27 pm
I can't believe this is happening to me again.
JoanneAugust 23, 2024 at 2:34 pm
I did receive a breach notice about AT&T , but can’t find out about if there is a class action lawsuit pending! I have also purchased tickets through Ticketmaster but have not yet received a notification of any! Please keep me posted
HetherAugust 22, 2024 at 10:19 pm
Not happy about this
AaronAugust 22, 2024 at 11:35 am
My wife and I went to see the Doobie Brothers at credit one stadium and we don't like that our information is now on sale on the dark web