The company, which was named in a class action lawsuit filed by internet users who claim that the Social Security numbers of every American were stolen from the company’s servers, acknowledged that it was hacked by cybercriminals who gained access to sensitive data.
Jericho Pictures, a Coral Springs, Florida-based company doing business as National Public Data, released a statement last week acknowledging that “the allegedly leaked information included names, email addresses, phone numbers, Social Security numbers and mailing addresses.”
NPD said the “data security incident” was the result of a hacking attempt by a “third-party malicious actor.” The company released a statement on its website.
The company said there was an attempted hack in December 2023 and that “certain data may be compromised in April 2024 and summer 2024.”
NPD offers criminal background checks at “the lowest rates in the industry” for employers and investigators, but declined to say how many people were affected.
The company said it was “working with law enforcement and government investigators to conduct an investigation into potentially affected records.”
NPD also said it had “implemented additional security measures to prevent a recurrence of this breach and to protect our systems.”
The company said it would contact all affected users “so they can take action to help minimize or eliminate any potential damage.”
The NPD advised online users to “closely monitor their financial accounts and immediately contact their financial institutions if they notice any unauthorized activity.”
Social Security number holders are also encouraged to contact the three major credit reporting agencies — Equifax, Experian and TransUnion — to obtain a free credit report and to have a fraud alert placed on their file.
A free fraud alert will let creditors know they should contact you if someone tries to open a new account in your name or make changes to an existing account.
At least eight lawsuits have been filed against NPD since Aug. 1, when news of the breach broke.
On August 1, California resident Christopher Hoffman filed a lawsuit alleging that a cybercrime group known as “USDoD” had posted a database on the dark web that allegedly contained the personal information of 2.9 billion people.
The group has put the database up for sale for $3.5 million, according to the lawsuit, first reported by Bloomberg Law.
Hoffman’s lawsuit alleges that the hackers obtained data on his relatives and past addresses going back at least 30 years.
NPD is accused of negligence and breach of fiduciary duty in the lawsuit, which does not specify how much damages Hoffman is seeking.
