A class action lawsuit brought against background check company National Public Data (also known as Jerico Pictures) alleges the personal information of 2.9 billion individuals has made its way onto the dark web via a data breach.
National Public Data uses a process called ‘scraping’ to collect and store personally identifying data from non-public sources to carry out background checks on billions of people.
This means that sensitive information like social security numbers, full names, addresses, relative’s information was exposed – and crucially, it also means the information was not given willingly to the company, and many victims may not know it was stored at all.
Data in the hands of cybercriminals
Named plaintiff Christopher Hofmann was alerted by his identity-theft protection service provider that his data was exposed and leaked onto the dark web. Cyber criminal group ASDoD had listed a database which claimed to have the personal data of the individuals for sale at $3.5 million.
Hofman and the plaintiffs accused NPD of negligence, breaches of fiduciary duty and third-party beneficiary contract, and unjust enrichment. Hofman is fighting for financial compensation, and for the NPD to segment data, conduct database scanning, employ a threat-management system, and appoint a third-party assessor to conduct an evaluation of its cybersecurity frameworks annually for 10 years.
The court has been asked to require NPD purge personal data of all affected individuals and to encrypt all collected information going forward.
If confirmed, this would be classified as one of the largest data breaches ever in terms of affected individuals – rivalling the Yahoo! 2013 breach which affected three billion customers – and what’s worse is that it’s not yet clear how the data breach occurred.
Experts recommend using an identity theft protection service for alerts if your information has been compromised – read more about our tips and recommendations here.
Via Bloomberg