USA: Class action threatened over leak of 2.9 billion data records
A data leak at National Public Data, a company specializing in background checks, causes a stir. One affected person initiates a class action lawsuit.
(Image: Muhrfotografi/Shutterstock.com)
A data leak at National Public Data, a company specializing in background checks, has consequences. A victim named Christopher Hofmann is planning a class action lawsuit in the Federal District Court for South Florida against Jerico Pictures Inc, the parent company of National Public Data. He accuses the company of failing to adequately protect the personal data of billions of people.
Hofmann received a notification from his identity protection system around July 24. According to the notification, his personal data had appeared in the underground forum. The data includes first and last names, previous and current addresses from the past 30 years, social security numbers and information about siblings. This was reported by The Register, among others.
Based on previous findings, Hofmann is convinced that the data was also "collected from non-public sources". He had not passed on any data to National Public Data. The data had been stored negligently by the company and its content had not been encrypted. Sensitive information was also not redacted, which opens the door to fraud and poses an "ongoing risk". According to information from The Register, all data is currently being offered for free on the underground forum. The cybercriminals claim that the leak includes 2.9 billion records containing information from citizens in the US, Canada and the UK.
Videos by heise
Company should thin out database
The plaintiff is demanding that the company remove the affected individuals from the database and take stricter security measures in future. He is also demanding financial compensation. According to the vx underground group, which is named as a source in the statement of claim, the threat actor USDoD offered to buy a National Public Data database in the underground forum for USD 3.5 million on April 8, 2024. USDoD is said to have obtained the data from a data thief , according to The Register.
The plaintiff is asking the court to order National Public Data to encrypt the data and delete personal data. The company is also being asked to hire external auditors and penetration testers. According to a report by Bloomberg Law, the published data set is one of the largest in history.
(mack)
