[Data Codes through Eye Glasses, Photo Credit to Pexels]

In what could be one of the largest data breaches in U.S. history, National Public Data failed to detect unauthorized access to approximately 270 million Americans’ personal information for more than eight months, according to a class action lawsuit filed in August 2024.

The breach, which occurred in December 2023, was only discovered after the class action lawsuit brought it to light.

According to investigators, hackers stole an estimated 2.9 billion records, including sensitive data such as social security numbers, names, mailing addresses, emails, and phone numbers.

The stolen information first surfaced in April 2024, when a hacking group known as USDoD began offering it for sale on the dark web.

In July 2024, much of the stolen data was leaked and made freely available in a 4TB dump on a cybercrime forum.

While the breach also exposed data about Canadian and British residents, much of the information appears to be outdated or inaccurate.

More concerning, an estimated 70 million rows of records contain U.S. criminal records, creating additional risks for potential misuse.

The exact mechanism of the initial breach remains unconfirmed, but investigative reporter Brian Krebs reported that until early August 2024, an NPD property, recordscheck.net, contained the usernames and passwords for the site's administrator in a plain text archive.

The legal challenge began when Christopher Hofmann filed a class action lawsuit after learning about the breach through a notification from an identity theft protection service provider.

The lawsuit seeks monetary relief and requires National Public Data purge all breached personally identifiable information (PII).

In addition, Hofmann requests that the company implement stricter security measures, including data encryption, segmentation, and the launch of a threat-management program.

The scale of this breach is staggering, potentially making it one of the most significant data breaches in history, second only to the 2013 Yahoo breach that affected 3 billion accounts.

Teresa Murray, Consumer Watchdog Director for the U.S. Public Information Research Group, emphasized the severity of the situation. 

"If this, in fact, is pretty much the whole dossier on all of us, it certainly is much more concerning than prior breaches," she said.

"And if people weren't taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them."

Jericho Pictures, which trades as National Public Data, has advised people to monitor their financial accounts closely for unauthorized activity.

In a statement, the company said it is working with law enforcement and governmental investigators to understand the full scope of the breach.

As the investigation continues, consumers are urged to remain vigilant and take necessary precautions to protect their personal information.

This unprecedented incident serves as a stark reminder of the vulnerabilities inherent in contemporary society’s increasingly digital world and the potential consequences of inadequate data protection measures.