Background Check Company Data Breach Exposes Data of 2.9 Billion

A background check company has reportedly experienced a massive data breach, leaking the personal information of 2.9 billion people on the dark web.

Lawyers on behalf of victims filed a lawsuit in the U.S. District Court for the Southern District of Florida against National Public Data, which also operates as Jerico Pictures.

National Public Data provides services to businesses enabling them to perform background checks on prospective employees.

The lawsuit alleges that personal data was collected without consent, meaning victims likely had their data stolen without knowledge it was taken in the first place.

National Public Data is alleged to have gathered data by scraping it from non-public sources and then failed to store it properly, including failing to encrypt it or delete old, irrelevant information.

Christopher Hofmann, a named plaintiff, only found out when an identity theft protection service notified him in July that his personal details had been leaked online.

The criminal group USDoD was allegedly behind the attack and has since offered to sell the data for $3.5 million.

A hacker is believed to have accessed and exfiltrated the company’s files and passed them along to USDoD.

According to cybersecurity firm Malwarebytes, the USDoD group was involved in TransUnion’s September 2023 data breach. 

Related:HealthEquity Data Breach Affects 4.3M Customers

As recently as May 2024, the group published a database containing the criminal records of millions of Americans online.

Their latest breach could be one of the biggest of the year so far, with considerably more amounts of information taken than in breaches at HealthEquity, Rite Aid or Dell Technologies.