Reports have emerged indicating that National Public Data (NPD), a background-check firm headquartered in Coral Springs, experienced a massive data breach. A class-action lawsuit filed in South Florida on August 1 alleges that NPD was hacked in April, with a criminal group known as “USDoD” allegedly stealing up to 2.9 billion personal records.
Christopher Hofmann, the plaintiff behind the lawsuit, revealed he was alerted by his identity-theft protection service in July. He learned that his personal details and Social Security Number (SSN) were found on the Dark Web, linked to the NPD breach.
The lawsuit details that the USDoD gang purportedly offered the stolen data—potentially encompassing the records of 2.9 billion individuals—on the dark web for a staggering $3.5 million in April. However, tech news site BleepingComputer reports that various copies of the stolen data have already been disseminated. Notably, a hacker named “Fenice” has released a comprehensive version of the data for free on an online forum.
BleepingComputer clarifies that while the breach did involve a significant amount of data, it does not necessarily affect 3 billion people as some reports inaccurately suggest. The data likely includes multiple records per individual due to various addresses over time.
Allen confirmed receiving an alert from “Have I Been Pwned.com,” indicating his personal information was among the compromised. He emphasized that while individuals are not to blame for these breaches, they must remain vigilant. “Your information is out there,” Allen advised. “Be cautious, verify communications, and stay alert.”
NPD has yet to fully verify the breach’s extent. On Tuesday, the company updated its website with a disclosure, admitting that personal records—including names, email addresses, phone numbers, SSNs, and mailing addresses—might have been accessed.
Schubert, Jonckheer & Kolbe LLP, the class-action law firm handling the case, revealed that the stolen data spans over 277 gigabytes and dates back at least thirty years. The firm also cautioned that individuals might not be aware they are affected if they did not knowingly provide their information to NPD.
The firm warns that victims of the breach may face risks including identity theft, financial fraud, and other privacy violations. To determine if your email address has been compromised, please check your information here.
