A South Florida company faces a lawsuit alleging that hackers have compromised the personal information of billions, including Social Security numbers, addresses, and familial details, which could enable identity theft and financial fraud.
The lawsuit was filed by Christopher Hofmann from California, who claims that his identity theft protection service notified him of a data leak linked to “nationalpublicdata.com.” This breach reportedly occurred around April 2024, when a hacking group known as USDoD allegedly accessed unencrypted data from National Public Data (NPD), a background check firm. A portion of this stolen data was recently made publicly available on a hacking forum.
The hacker asserted that the data set contains approximately 2.7 billion records that include names, addresses, birth dates, Social Security numbers, and phone numbers. Experts suggest that it is probable that nearly all individuals with Social Security numbers have been affected. Cliff Steinhauer, from The National Cybersecurity Alliance, emphasized the risk and the need for individuals to protect their own data since companies and the government may not adequately safeguard it.
National Public Data, headquartered in Coral Springs, Florida, specializes in background checks for businesses and investigators. The company is one of many data brokers that compile and sell personal information, a practice currently not restricted by a comprehensive privacy law in the United States.
According to the lawsuit, USDoD offered the NPD database on the dark web for $3.5 million but it was later leaked for free on a hacker forum. The actual number of impacted individuals remains uncertain; while the lawsuit claims billions, the U.S. population is approximately 330 million. It is also noted that the database could contain records spanning over three decades, further complicating the assessment of affected individuals.
The lawsuit alleges that NPD has not notified those whose information was breached, which raises concerns about ongoing risks of identity theft for the victims. There are reports that NPD has not filed any breach notifications with state attorneys general, which are required in several states.
To protect against such threats, experts advise consumers to freeze their credit at major bureaus, a free process that prevents unauthorized loans or credit accounts. They also recommend using complex passwords, password managers, multifactor authentication, and remaining vigilant against phishing scams. Keeping security software up to date and utilizing services that monitor the dark web can also be beneficial.