In a significant data breach event, National Public Data has reportedly compromised billions of personal records.
According to KREX Daily News, a class-action lawsuit has emerged following a massive exposure of personal data held by the background check company National Public Data (NPD).
Jerico Pictures Inc., trading as NPD, faces serious accusations in a recently filed lawsuit in Florida. The company purportedly failed in its duty to safeguard the personal data it compiled.
Database Uploaded on Dark Web Raises Alarms
The cybersecurity educational site VX-Underground revealed that a threat actor named "USDoD" was attempting to sell a database containing 2.9 billion records on the dark web. This alarming situation came to light when the site analyzed an advanced copy of this 277.1GB dataset, confirming its legitimacy.
The database was not just any heap of data; it included intricate details such as names, addresses, Social Security numbers, and relative information. Significantly, the exposure did not affect individuals who had opted out of data-sharing practices.
Failure to Notify the Impacted Individuals
One major concern about NPD's handling of the incident is its failure to inform the affected parties promptly. The revelation shocked Christopher Hofmann, a plaintiff in the case, who only learned of the breach through his identity theft protection service on July 24.
Attorneys stated, "NPD told those submitting a background check that their information would be 'safe,' 'confidential' and private, and held only as long as needed." This statement highlights a promise that, according to the lawsuit, was broken to the detriment of countless U.S. residents.
Is Your Information Safe? Industry Experts Weigh In
A stark contrast is drawn by the cybersecurity experts between the promised data security measures and the vivid reality of the breached information appearing for sale on a notorious platform. The lawsuit vehemently points to the gross negligence of NPD in their security protocols.
In a bid to underscore the severity of the breach, attorneys have argued that NPD collected sensitive data via non-consensual means from undisclosed sources and failed to provide crucial protections for such sensitive information.
According to VX-Underground, "a Threat Actor operating under the moniker 'USDoD' placed a large database up for sale on Breached titled: 'National Public Data.'"
While NPD has yet to respond publicly regarding the breach, no official details regarding the exact nature, timing, or method of the breach have been disclosed. Furthermore, no future court dates for this lawsuit have been scheduled as of now.
Conclusion
The class-action lawsuit against National Public Data highlights the critical gaps between data security promises and the harsh realities of a significant digital breach. With billions of personal records reportedly floating in precarious parts of the Internet without necessary notifications to those affected, trust in digital security continues to waver.
The case highlights the urgency and necessity of robust cybersecurity protocols to protect individuals’ personal information from falling into the wrong hands and fuel the ongoing debates on privacy and data protection in the digital age.