By Jack Phillips
More lawsuits have been filed against background check company National Public Data (NPD) after it confirmed that a major data breach exposed Americans’ personal records, including Social Security numbers.
Earlier in August, the breach became more widely known after a class-action lawsuit was filed against the Florida-based company, alleging that 2.9 billion records that included Social Security numbers were leaked online and put up for sale for $3.5 million on the dark web.
Days later, NPD confirmed a data breach in a letter to the Maine attorney general’s office and in a statement on its website, although it said that only 1.3 million people’s records were leaked.
But this week and late last week, several more lawsuits were filed against the firm, including one filed by two women on Aug. 23 in the U.S. District Court for the Northern District of Florida. So far, more than a dozen suits have been filed against NPD or its parent company, Jerico Pictures, since early August, according to a review of the Justia database.
NPD said that a “data security incident” from an attempted hack by a “third-party bad actor” led to the breach, according to a statement posted on its website last week.
There was an attempted hack of its systems in December 2023 and “potential leaks of certain data in April 2024 and summer 2024,“ the statement said. ”Additional security measures in efforts to prevent the reoccurrence of such a breach and to protect our systems,” it added.
The company said that if you were potentially affected by the breach you should “closely monitor your financial accounts and if you see any unauthorized activity, you should promptly contact your financial institution.”
Americans are being urged to contact the three largest credit reporting agencies—TransUnion, Equifax, and Experian—to get a free credit report or place a fraud alert on any potential lines of credit that were opened in an unauthorized manner, the company said.
A lawsuit filed on Aug. 1 by Christopher Hoffman, a California resident, alleged the company was hacked by USDoD, a cybercriminal organization, which then posted the database of Social Security numbers and other records on the dark web. His suit further alleged that hackers retrieved data about past addresses, relatives, and other information dating back three decades.
“The present and continuing risk to victims of the data breach will remain for their respective lifetimes,” his lawsuit said.
His lawsuit, as well as others that have been filed since then, accuse NPD of negligence and a breach of fiduciary duty. The firm has not responded to the allegations in court.
The allegations prompted a House committee to open an investigation into the firm, according to a letter sent to the company by several lawmakers.
If the lawsuit is accurate, the “data breach likely represents one of the largest cyberattacks ever in terms of impacted individuals,” the lawmakers wrote. “The Committee requests a briefing to confirm the veracity of the attack, and if accurate, assess the potential impacts of the breach to the U.S. government, businesses, and the American people, as well as National Public Data’s response to the attack.”
In the meantime, at least two websites have been set up to allow people to tell whether their data, including Social Security numbers, have been compromised.
One is operated by Pentester, a cybersecurity testing service, which allows a person to type his or her first name, last name, state, and date of birth. Another site that appeared in the past week or so is www.npdbreach.com, operated by Atlas Privacy, another cybersecurity company.
“We are displaying a redacted version for people to know if they were affected, and if so, is the information correct that was shown about them. Many times it is not. Also, we do not store their searches on npd.pentester.com,” Pentester spokesman Richard Glaser told The Epoch Times.
Discover more from USNN World News
Subscribe to get the latest posts sent to your email.