More lawsuits have been filed against the background check company National Public Data (NPD) following its confirmation of a significant data breach that exposed Americans’ personal information, including Social Security numbers.
Earlier in August, the breach became more widely known after a class-action lawsuit was filed against the Florida-based company, alleging that 2.9 billion records that included Social Security numbers were leaked online and put up for sale for $3.5 million on the dark web.
Days later, NPD confirmed a data breach in a letter to the Maine attorney general’s office and in a statement on its website, although it said that only 1.3 million people’s records were leaked.
This week and late last week, additional lawsuits were filed against the firm, including one by two women on August 23 in the U.S. District Court for the Northern District of Florida.
Since early August, over a dozen lawsuits have been filed against National Public Data (NPD) or its parent company, Jerico Pictures, according to a review of the Justia database.
NPD said that a “data security incident” from an attempted hack by a “third-party bad actor” led to the breach, according to a statement posted on its website last week.
There was an attempted hack of its systems in December 2023 and “potential leaks of certain data in April 2024 and summer 2024,” the statement said. “Additional security measures in efforts to prevent the reoccurrence of such a breach and to protect our systems,” it added.
The company advised those potentially affected by the breach to “closely monitor your financial accounts and if you see any unauthorized activity, you should promptly contact your financial institution.”
The company recommended that Americans reach out to the three major credit reporting agencies—TransUnion, Equifax, and Experian—to request a free credit report or place a fraud alert on any potential accounts that may have been opened without authorization.
A lawsuit filed on August 1 by Christopher Hoffman, a California resident, claims that the company was breached by the cybercriminal organization USDoD, which allegedly posted a database of Social Security numbers and other records on the dark web.
The suit further alleges that hackers accessed data on past addresses, relatives, and other information spanning three decades.
“The present and continuing risk to victims of the data breach will remain for their respective lifetimes,” his lawsuit said.
His lawsuit, along with several others filed since, accuses NPD of negligence and breaching its fiduciary duty. The company has yet to respond to these allegations in court.
The allegations prompted a House committee to open an investigation into the firm, according to a letter sent to the company by several lawmakers.
If the lawsuit is accurate, the “data breach likely represents one of the largest cyberattacks ever in terms of impacted individuals,” the lawmakers wrote.
“The Committee requests a briefing to confirm the veracity of the attack, and if accurate, assess the potential impacts of the breach to the U.S. government, businesses, and the American people, as well as National Public Data’s response to the attack.”
Meanwhile, at least two websites have been created to help individuals check if their data, including Social Security numbers, has been compromised.
Share your thoughts by scrolling down to leave a comment.
