National Public Data Breach Class Action: Billions of Records May Be Exposed

Case Overview: A class action lawsuit has been filed against National Public Data, a background check company, alleging a massive data breach exposed the personal information of potentially billions of individuals.

Consumers Affected: Individuals whose personal information was compromised in the National Public Data breach.

Court: U.S. District Court for the Southern District of Florida, Fort Lauderdale Division

A massive data breach earlier this year has put millions, possibly billions, at risk of identity theft and fraud with social security numbers and other personal details exposed in the breach of the National Public Data system, Tech Informed reports.

The breach, which could have exposed the details of up to 2.9 billion people, came to light through a class action lawsuit filed by California resident Christopher Hofmann who alleges his personal data was leaked to the dark web in connection with the breach of the website "nationalpublicdata.com." 

The lawsuit claims that NPD, which specializes in background checks, failed to secure sensitive personal information, allowing hackers to access and potentially sell this data.

National Public Data: What Is It and How Did the Breach Happen?

National Public Data (NPD) is a data broker that aggregates information from public and private records, including from court documents and state databases. According to the lawsuit, NPD collects the information without knowledge of those whose data it is collecting, violating laws and ethical standards. Hofmann further accuses the company of gathering and storing the data without proper security measures.

Despite the severity of the breach, NPD has been criticized for its lack of transparency and failure to notify those affected by the breach, and, to date, no filings have been made with state attorneys general. 

Billions Of People Potentially Affected By Data Leak

The breach has exposed an array of personally identifiable information, including Social Security numbers, names, addresses, and other sensitive data, according to the lawsuit, and that data was then leaked onto the dark web, making those affected highly susceptible to identity theft and other forms of fraud. 

The hacker group USDoD has taken responsibility for the breach, claiming they were able to access the unencrypted data of around 2.9 billion people. According to the lawsuit, the data was listed for sale on the dark web for $3.5 million.

Experts Question Extent Of Breach But Warn Of Serious Risks

While cybersecurity experts are sounding the alarm over the potential consequences of this breach, Troy Hunt, who operates the data breach tracking website "Have I Been Pwned," cautioned that the numbers might not be as alarming as they seem. 

Hunt told Tech Informed he had analyzed the data and said many of the records appeared to be duplicates or contain inaccuracies, and the actual number of affected individuals may be closer to 899 million rather than 2.9 billion. Nonetheless, the threat remains significant and Jasdev Dhaliwal, a director at McAfee, said he was concerned, particularly about the exposure of Social Security numbers, saying it was a matter that demands immediate action. 

Law Requires Agencies To Protect Consumer Data

In the United States there are federal and state laws designed to safeguard personal information from misuse, unauthorized access, and breaches, and they require companies to implement strict data security measures, obtain consent before collecting personal data, and provide consumers with rights to access, correct, and delete their information. 

The Federal Trade Commission has data protection measures that it lists for companies, which include encrypting all sensitive information, implementing strong access controls, and conducting regular security audits. Educating employees on recognizing phishing attempts and other cyber threats is also crucial, as human error often plays a role in data breaches. 

Consumers Take Action Against Companies After Data Breaches

Companies targeted by hackers in data breaches often find themselves subjected to consumer lawsuits after the fact, as people try to regain some agency over their personal information and get assistance dealing with the ramifications of the breaches.

Just this month, a class action lawsuit was filed against HealthEquity, alleging the company's negligence in data security practices led to a data breach exposing sensitive customer information, and Neiman Marcus and its cloud storage vendor Snowflake were also hit with a consumer lawsuit, alleging negligence in a data breach that exposed millions of customers' personal information.

Meanwhile, Cash App users can now file claims for up to $2,500 after the company reached a $15 million settlement with users following a data breach that allowed unauthorized access to users’ accounts.

In the National Public Data data breach class action lawsuit, Hofmann is seeking to represent a nationwide class of consumers whose PII was accessed and/or acquired by an unauthorized party as a result of the data breach, along with equitable and injunctive relief.

Case Details

• Lawsuit: Hofmann v. Jericho Pictures, Inc. d/b/a National Public Data
• Case Number: 0:24-cv-61383-DSL
• Court: U.S. District Court for the Southern District of Florida, Fort Lauderdale Division

Plaintiffs' Attorneys

• Jeff Ostrow (Kopelowitz Ostrow P.A.)
• M. Anderson Berry, Gregory Haroutunian, and Brandon P. Jack (Clayeo C. Arnold, APC)
• Jason M. Wucetich (Wucetich & Korovilas LLP)

Have you been impacted by the National Public Data breach or concerned about your personal information being exposed? Let us know in the comments below.