ORLANDO, Fla. – “I found out that I have been a victim of the National Public Data Breach.”
That is not the kind of quote we usually expert to hear from a cybersecurity expert, but that is exactly what Chief Product Officer Rob Allen at ThreatLocker, a cybersecurity firm based in Orlando, told News 6 on Thursday.
That conversation was in reference to reports that billions of personal records were stolen from National Public Data (NPD), a background-check company headquartered in Coral Springs.
According to a class-action lawsuit filed in South Florida on Aug. 1, NPD was believed to have been hacked in April, with potentially billions of individual records being stolen by a criminal gang using the handle “USDoD.”
In that lawsuit — filed by Christopher Hofmann of California — Hofmann says he received an alert from his identity-theft protection service back in July. He was told that his personal information and social security numbers (SSN) had been found on the Dark Web as a result of the NPD breach.
[EXCLUSIVE: Become a News 6 Insider (it’s FREE) | PINIT! Share your photos]
The lawsuit shows that USDoD claimed to have taken the personal information of up to 2.9 billion people, and the gang offered the database online at a price of $3.5 million back in April.
But according to the tech news site BleepingComputer, others have already released different copies of the stolen data. One hacker by the name of “Fenice” has leaked the most complete version of the data for free on an online forum, the website reports.
“It is important to note that a person will have multiple records, one for each address they are known to have lived,” BleepingComputer wrote. “This also means that this data breach did not impact 3 billion people as has been erroneously reported in many articles that did not properly research the data.”
Meanwhile, Allen received an email from “Have I Been Pwned.com,” confirming that he was one of at least 133 million individuals involved in the breach.
“Generally speaking, it’s not people’s fault. It’s not your fault. Your information has got out there,” Allen said. “But it’s out there, so act accordingly. Be vigilant, be careful. Don’t trust somebody when they ring you or email you or text you with whatever it happens to be. Always verify.”
The scope of the breach has not been confirmed, but on Tuesday, NPD published a breach disclosure to its website, acknowledging that the personal records — including names, email addresses, phone numbers, SSNs and mailing addresses — may have been accessed.
The class-action law firm Schubert, Jonckheer & Kolbe LLP announced earlier this week that the stolen information reportedly includes over 277 gigabytes of data spanning back at least three decades.
“Because individuals did not affirmatively provide their private information to NPD, individuals may not even know that they have been affected,” the law firm wrote. “To date, NPD has not confirmed the breach or what information may have been stolen.”
Additionally, the law firm warns that anyone whose private information was impacted by the breach could be at risk of identity theft, financial fraud or other privacy violations.
To check whether your email address has been impacted by a data breach, click here.
The full class-action lawsuit has been attached to this story and can be read below.
Hofmann v Jerico Pictures (Complaint) by Anthony Talcott on Scribd
Get today’s headlines in minutes with Your Florida Daily: