A California resident has filed a complaint against Jerico Pictures, which operates the background-Fchecking service National Public Data, for failing to protect the data of a whooping 2.9 billion individuals in what’s been touted as the biggest data breach in history. Here’s everything that we know about the case.

Founded in 2008, National Public Data is a Coral Springs-based public records data provider that specializes in background checks and fraud prevention. Among others, it counts background check websites, investigators, and data resellers as its customers.

The company scraps personally identifiable information (PII) from public sources, which means many of the victims did not provide their data to the company in the first place. The data is quite extensive and includes full names, current and past addresses, information about parents and siblings, as well as social security numbers.

California Resident Files a Class Action Complaint Against National Public Data

The class action complaint filed by Christopher Hofmann against National Public Data says that the company failed “to properly secure and safeguard the personally identifiable information that it collected and maintained as part of its regular business practices.”

The lawsuit adds that National Public Data “derived a substantial economic benefit” by collecting data and “assumed legal and equitable duties and knew or should have known that it was responsible for protecting Plaintiff’s and Class Members’ PII from disclosure.”

What Happened In the Data Breach?

Public Data hasn’t provided any information on how the data breach occurred. However, a cybercriminal group named USDoD gained access to encrypted PIIs of billions of individuals on its network.

According to The Register, a “digital thief using the handle SXUL exfiltrated the files from National Public Data and then passed” it to USDoD which in turn put it up for sale for $3.5 million on the dark web with an assurance for prospective buyers that the data wasn’t scrapped from any of the public sources.

The lawsuit alleges that National Public Data failed to encrypt or redact the data that it possessed. “This unencrypted, unredacted PII was compromised, published, and then sold on the Dark Web, due to Defendant’s negligent and/or careless acts and omissions and their utter failure to protect customers’ sensitive data,” says the lawsuit.

How to Check If Your Data Was Violated?

Notably, Johnson who is the plaintiff in the case against National Public Data, got to know about his PII being breached in July through an identity-theft protection service. So far, National Public Data hasn’t provided any public platform to users to check whether their data was breached.

Meanwhile, in case you want to know if your data was also stolen along with billions of other users, you might need to rely on a third-party identity theft protection service.

Major Data Breach Instances in 2024

2024 has been a rough year for data security already with a handful of massive data breaches affecting tens of millions of people so far. In May, Change Healthcare, which is owned by United Health, was struck by a cyberattack where data of around a third of Americans might have been stolen making it the biggest healthcare breach in the US.

The fact that their portal did not have multifactor authentication only made the job of hackers easier. Since multifactor authentication (MFA) is quite the norm these days for any company that cares about the data credentials of its users, the lack of MFA on the said portal is quite perplexing.

But then, even MFA is not perfect and last month Twilio revealed that “threat actors” were able to identify the cellphone numbers of Authy, which is a popular two-factor app that it owns.

Meanwhile, in a world where hacks and cyberattacks are becoming more frequent and devastating, some companies don’t seem to be paying enough attention to the sensitive user data that they possess.

How to Protect Yourself from Data Breaches

There is not much that users can do to totally protect themselves from incidents like the National Public Data breach. However, users must follow some basic hygiene online to reduce the risk of their data getting breached.

Firstly, while opening any website it’s prudent to check that they are secure and begin with Hypertext Transfer Protocol Secure (HTTPS). One should be doubly cautious when filling out PII on a website and refrain from doing so on unsecured websites. Also, don’t click on any unverified links, and never provide your personal information.

Always keep passwords as unique and importantly don’t use the same passwords across different accounts as it increases the risk multi-fold in a breach since multiple accounts could be hacked with the same password.

Next, apps should be downloaded through official stores like Google Play Store and Apple App Store. Downloading these from other channels could be risky and could be a potential security threat. While not perfect, an MFA app could dramatically help lower the risk of a data breach.

You can check the above video for more ways to protect your data online.

Having an identity threat protection service might also be helpful as it helps you figure out whether you have been part of a breach. Finally, if you discover that you were part of a breach, try changing the passwords for your accounts that were part of the breach.