Aug 8th – A massive data breach has compromised the personal details of roughly 2.9 billion individuals, according to a class action lawsuit filed against background check company National Public Data (also known as Jerico Pictures).
The litigation presents National Public Data as negligent, stating that the company’s practice of ‘scraping’ data – which involves gathering and storing personal information from non-public sources – led to the data’s exposure.
Compromised data
The compromised data includes social security numbers, full names, addresses and information about relatives. Notably, this information was gathered without the consent of most of the affected individuals.
Named plaintiff Christopher Hofmann discovered that his data had been leaked on the dark web through his identity theft protection plan.
A cyber criminal group, called ASDoD, appears to have listed a database, containing Hofmann’s data and that of others, for sale on the dark web. The price is $3.5 million.
The court case
Hofmann and other plaintiffs say that National Public Data not only behaved negligently, but also breached fiduciary duty and benefited from unjust enrichment.
The plaintiffs are seeking financial compensation. They have also demanded that the company implement cyber security measures.
Said cyber security measures include data segmentation, regular database scans, implementation of a threat management system, and third-party evaluation of cyber security frameworks, conducted on an annual basis.
The court has been asked to force National Public Data to delete all personal data of affected individuals and to encrypt all future data collection.
What it means
In the event that these claims are substantiated, this breach may become known as the largest in history.
For more on this story, click here. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.