A lawsuit has been filed against a South Florida company, claiming a significant data breach exposed the personal information of billions of individuals, including Social Security numbers, residential addresses, and family details. The suit was initiated by Christopher Hofmann from California, who reported that his identity theft protection service notified him about his information being leaked on the dark web due to a breach linked to National Public Data (NPD).
According to the lawsuit, which was filed earlier this month, a hacking group known as USDoD infiltrated NPD and accessed vast amounts of unencrypted personal data around April 2024. The stolen data was reported to contain approximately 2.7 billion records, each including sensitive information such as full names, addresses, birthdates, Social Security numbers, and phone numbers. Cybersecurity experts suggest that nearly everyone with a Social Security number may have been affected by this compromise.
NPD is located in Coral Springs, Florida, and provides background check services for employers and various businesses. The lawsuit highlights a significant gap in data protection laws in the U.S., allowing companies to collect and sell personal data without consent.
The hacker group USDoD purportedly posted a database named “National Public Data” on the dark web on April 8, with an asking price of $3.5 million for the data. However, it was later made available for free on a hacking forum.
The exact number of individuals impacted remains uncertain, as while the lawsuit claims “billions” may be affected, the U.S. population is around 330 million, and some records may pertain to deceased individuals. The data could date back over three decades, according to investigations initiated by a law firm looking into the breach.
There have been no reports from NPD indicating whether they informed those affected by the breach, raising concerns about the lack of notification to individuals at risk of identity theft. Reports suggest that many people may be wholly unaware of the exposure of their sensitive information.
Cybersecurity experts recommend that affected individuals should check if their data is on the dark web using reliable tools and consider freezing their credit with major credit bureaus to prevent fraudulent activities. Additional steps for protecting personal data include creating complex passwords, using password managers, enabling multifactor authentication, and remaining vigilant against phishing attempts. Regularly updating security software is also advised to enhance protection against future breaches.