A lawsuit has been filed against a South Florida company, alleging that hackers accessed the personal information of potentially billions of individuals, including Social Security numbers, addresses, and family member names. This information could facilitate identity theft and fraudulent activities.
Christopher Hofmann, a California resident, initiated the lawsuit after receiving alerts from his identity theft protection service about a data leak linked to “nationalpublicdata.com.” The breach reportedly took place in April 2024, when a hacker group known as USDoD extracted unencrypted personal data from National Public Data (NPD), a background check company. A version of this stolen data was subsequently released for free on a hacking forum.
The alleged breach reportedly involved the theft of 2.7 billion records, which include extensive personal details such as full names, addresses, dates of birth, Social Security numbers, and phone numbers. Experts suggest that virtually anyone with a Social Security number could be affected. Cliff Steinhauer, a cybersecurity expert, emphasized the need for individuals to protect themselves, as companies and the government may not adequately safeguard personal data.
National Public Data, based in Coral Springs, Florida, provides background checks used by employers and businesses. The lawsuit raises concerns about the nature of data collection and the lack of national privacy legislation in the U.S.
The hacker group USDoD is alleged to have offered the NPD database on the dark web for $3.5 million but the files were later leaked for free. The extent of the impact is still uncertain, with the lawsuit suggesting that billions of records were compromised, including data of deceased individuals.
The lawsuit claims that NPD did not alert those affected by the breach, leaving many unaware of the potential risks to their personal information. To enhance security, experts recommend consumers freeze their credit files and take additional precautions, such as creating complex passwords, using password managers, and being vigilant against phishing scams. It’s also suggested to enable multifactor authentication and keep security software updated. Individuals can utilize services that monitor the dark web for compromised personal information.