Legal actions are escalating against National Public Data following a breach that exposed millions of Social Security numbers.
At a Glance
- Hackers exposed millions of Social Security numbers and personal data from National Public Data.
- The breach is tied to a hacking attempt in December 2023.
- Data stolen includes names, emails, phone numbers, SSNs, and addresses.
- Class action lawsuits have been filed against National Public Data.
Massive Data Breach Uncovered
National Public Data confirmed a breach that compromised millions of Social Security numbers and other sensitive personal information. The breach, linked to a hacking attempt in December 2023, has exposed private data, causing widespread concern about identity theft and privacy violations. Hackers reportedly stole records of 2.9 billion individuals, claiming to sell the information for $3.5 million.
The stolen data, now being sold on the dark web, encompasses Social Security numbers, names, email addresses, phone numbers, and postal addresses. National Public Data has yet to formally notify affected individuals but claims to have purged its database of the compromised information.
Legal Responses Escalate
In response to the breach, several class action lawsuits have been filed. On August 1, 2024, a lawsuit was initiated in the Southern District of Florida by a California resident, represented by Kopelowitz Ostrow, Arnold Law Firm, and Wucetich Korovilas. The breach has prompted scrutiny of National Public Data’s security protocols and transparency.
The advancement of these lawsuits is attracting significant attention to issues of data privacy and the mechanisms available to protect individuals from such massive data leaks. The company has been criticized for its lack of transparency about the incident.
Millions of Social Security numbers and billions of records were leaked https://t.co/gno0tLXcoe
— San Francisco Business Times (@SFBusinessTimes) August 22, 2024
Recommendations and Official Investigations
Experts recommend that individuals affected by the breach place a credit freeze with major credit bureaus to prevent new accounts from being opened in their name. Additionally, there is an increased risk of SIM swaps and port-out fraud. In the meantime, cybersecurity firm Pentester has compiled a list to help individuals check if their information was compromised.
“If this in fact is pretty much the whole dossier on all of us, it certainly is much more concerning” than prior breaches, Murray said in an interview. “And if people weren’t taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them.”
Investigations have been initiated by the House Committee on Oversight and Accountability. Chairman James Comer and Cybersecurity Subcommittee Chairwoman Nancy Mace are examining the cyberattack’s full impact. National Public Data has been requested to provide a briefing by August 30, 2024, detailing the breach and its containment efforts.
“It is reported that the personal information of nearly 3 billion people were compromised, with the stolen data including information such as Social Security numbers, phone numbers, email addresses, and mailing addresses. If true, this data breach likely represents one of the largest cyberattacks ever in terms of impacted individuals,” wrote lawmakers from the House Committee on Oversight and Accountability.
National Public Data, a Florida-based company, is cooperating with investigators and has taken measures to enhance security. However, lawmakers criticize the company for its lack of transparency and failure to promptly notify affected individuals. The breach’s scope and the company’s response have become critical points in ongoing legal actions and regulatory scrutiny.