A new lawsuit alleges that hackers have accessed the personal information of “billions of individuals,” including Social Security numbers, current and previous addresses, and the names of siblings and parents—data that could enable fraudsters to compromise financial accounts or take out loans in the victims’ names.
The claim was made in a lawsuit filed this month by Christopher Hofmann, a California resident who says his identity theft protection service alerted him that his personal information had been leaked to the dark web as a result of the “nationalpublicdata.com” breach. Bloomberg Law was the first to report on the lawsuit.
According to the lawsuit, the breach occurred around April 2024 when a hacker group known as USDoD allegedly stole unencrypted personal data belonging to billions of people from National Public Data (NPD), a background check company.
Earlier this month, a hacker reportedly leaked some of the stolen NPD data for free on a hacking forum, as reported by tech site Bleeping Computer.
According to Bleeping Computer, the hacker claimed that the stolen files contain 2.7 billion records, each including a person’s full name, address, date of birth, Social Security number, and phone number.
Here’s what to know about the alleged hack.
What is National Public Data?
National Public Data, a Florida-based company located in Coral Springs, specializes in providing background checks for employers, investigators, and other businesses seeking to verify individuals’ backgrounds.
According to its website, the company’s services include searches for criminal records, vital records, SSN traces, and additional information.
What happened with the USDoD hack?
The new lawsuit alleges that on April 8, a group called USDoD posted a database titled “National Public Data” on the dark web, claiming it contained records for approximately 2.9 billion individuals.
According to the lawsuit, the group allegedly sought $3.5 million for the database.
However, Bleeping Computer reported that the file was released for free on a hacker forum.
Did NPD alert individuals about the hack?
It remains uncertain, but the lawsuit alleges that NPD “has still not provided any notice or warning” to Hoffman or others affected by the breach.
“Indeed, based on available information, the majority of Class Members were likely unaware that their sensitive [personal information] had been compromised and that they are, and remain, at significant risk of identity theft and various other forms of personal, social, and financial harm,” the lawsuit asserts.
McAfee, an information security company, reported that it has not found any filings with state attorneys general. Some states mandate that companies experiencing data breaches must report them to their AG offices.
What should I do to protect my information?
Security experts advise consumers to place freezes on their credit files with the three major credit bureaus: Experian, Equifax, and TransUnion.
Freezing your credit is a free service that prevents unauthorized individuals from taking out loans or opening credit accounts in your name.
Additionally, you can subscribe to a monitoring service that will notify you if your data surfaces on the dark web. It’s also wise to enable two-factor authentication to make it more difficult for hackers to access your accounts.