USCrime & Public Safety

Lawsuits Pile Up After Company Confirms Social Security Numbers Were Hacked

National Public Data says that a ‘data security incident’ from an attempted hack by a ’third-party bad actor' led to the breach.
Save
Lawsuits Pile Up After Company Confirms Social Security Numbers Were Hacked
A Social Security card sits alongside checks from the U.S. Treasury in Washington on Oct. 14, 2021. Kevin Dietsch/Getty Images
Jack Phillips
Updated:
0:00

More lawsuits have been filed against background check company National Public Data (NPD) after it confirmed that a major data breach exposed Americans’ personal records, including Social Security numbers.

Earlier in August, the breach became more widely known after a class-action lawsuit was filed against the Florida-based company, alleging that 2.9 billion records that included Social Security numbers were leaked online and put up for sale for $3.5 million on the dark web.
Days later, NPD confirmed a data breach in a letter to the Maine attorney general’s office and in a statement on its website, although it said that only 1.3 million people’s records were leaked.
But this week and late last week, several more lawsuits were filed against the firm, including one filed by two women on Aug. 23 in the U.S. District Court for the Northern District of Florida. So far, more than a dozen suits have been filed against NPD or its parent company, Jerico Pictures, since early August, according to a review of the Justia database.
NPD said that a “data security incident” from an attempted hack by a “third-party bad actor” led to the breach, according to a statement posted on its website last week.

There was an attempted hack of its systems in December 2023 and “potential leaks of certain data in April 2024 and summer 2024,“ the statement said. ”Additional security measures in efforts to prevent the reoccurrence of such a breach and to protect our systems,” it added.

Related Stories
How to Tell If Your Social Security Number Was Compromised in Massive Data Breach
8/24/2024
How to Tell If Your Social Security Number Was Compromised in Massive Data Breach
Social Security Distributed Almost $72 Billion in Improper Payments, Watchdog Says
8/21/2024
Social Security Distributed Almost $72 Billion in Improper Payments, Watchdog Says

The company said that if you were potentially affected by the breach you should “closely monitor your financial accounts and if you see any unauthorized activity, you should promptly contact your financial institution.”

Americans are being urged to contact the three largest credit reporting agencies—TransUnion, Equifax, and Experian—to get a free credit report or place a fraud alert on any potential lines of credit that were opened in an unauthorized manner, the company said.

A lawsuit filed on Aug. 1 by Christopher Hoffman, a California resident, alleged the company was hacked by USDoD, a cybercriminal organization, which then posted the database of Social Security numbers and other records on the dark web. His suit further alleged that hackers retrieved data about past addresses, relatives, and other information dating back three decades.

“The present and continuing risk to victims of the data breach will remain for their respective lifetimes,” his lawsuit said.

His lawsuit, as well as others that have been filed since then, accuse NPD of negligence and a breach of fiduciary duty. The firm has not responded to the allegations in court.

The allegations prompted a House committee to open an investigation into the firm, according to a letter sent to the company by several lawmakers.

If the lawsuit is accurate, the “data breach likely represents one of the largest cyberattacks ever in terms of impacted individuals,” the lawmakers wrote. “The Committee requests a briefing to confirm the veracity of the attack, and if accurate, assess the potential impacts of the breach to the U.S. government, businesses, and the American people, as well as National Public Data’s response to the attack.”

In the meantime, at least two websites have been set up to allow people to tell whether their data, including Social Security numbers, have been compromised.

One is operated by Pentester, a cybersecurity testing service, which allows a person to type his or her first name, last name, state, and date of birth. Another site that appeared in the past week or so is www.npdbreach.com, operated by Atlas Privacy, another cybersecurity company.

“We are displaying a redacted version for people to know if they were affected, and if so, is the information correct that was shown about them. Many times it is not. Also, we do not store their searches on npd.pentester.com,” Pentester spokesman Richard Glaser told The Epoch Times.

Jack Phillips
Jack Phillips
Breaking News Reporter
Jack Phillips is a breaking news reporter with 15 years experience who started as a local New York City reporter. Having joined The Epoch Times' news team in 2009, Jack was born and raised near Modesto in California's Central Valley. Follow him on X: https://twitter.com/jackphillips5
twitter