According to the lawsuit, every American’s sensitive personal information, including Social Security numbers, addresses, dates of birth and phone numbers, was stolen online by hackers and then sold on the dark web.
The class action lawsuit was filed against Jericho Pictures, Inc., a background check and fraud prevention company doing business as National Public Data.
A cybercrime group claiming to be from the United States Department of Defense (USDoD) has uploaded a massive database titled “National Public Data” to a dark web forum.
According to a federal lawsuit filed in Fort Lauderdale on Aug. 1, the database the group is offering for sale for $3.5 million allegedly contains the personal data of approximately 3 billion people living in the U.S., Britain and Canada.
Cybersecurity experts said many of the stolen data records were duplicates and the actual number of people affected by the breach may be lower than claimed in the lawsuit.
The news of the lawsuit The news was first reported by Bloomberg Law.
NPD allegedly collects data from public sources and uses it to create user profiles of people in the U.S. and other countries.
According to News site BleepingComputerMultiple individuals confirmed that they had viewed legitimate personal information about themselves and their family members, including social security numbers and mailing addresses of living and deceased individuals.
The lawsuit was filed by California resident Christopher Hoffman, who claims he was notified by an identity theft monitoring group this summer that his personal information had been leaked and posted on the dark web.
Hoffman is demanding that NPD erase all records of his personal information and encrypt all data it collects going forward.
He is seeking unspecified monetary damages.
The Post has reached out to NPD for comment.
How to Know If Your Social Security Number Has Been Compromised
Dr. Tommy Morris, a cybersecurity expert at the University of Alabama in Huntsville, urges internet users to This free website This is to determine whether data was hacked in the NPD breach.
“There are credit monitoring services that monitor the internet for mentions of Social Security numbers and other personally identifiable information,” Morris told the Post.
Morris said that while such services typically require payment, major credit reporting companies and companies like Google offer them for free.
Cybersecurity experts urge anyone worried their Social Security number may have been hacked to: Have I Been Pwned website.
Visitors to the site can enter their email address to check if their personal data has been leaked, but it likely can’t tell them if their Social Security number has been circulating on the dark web.
Some of your personal data may be listed on underground websites used by cybercriminals to buy and sell information.
How to freeze your Social Security number
The surest way to protect yourself is to freeze your credit file.
“If you suspect your Social Security number has been compromised, the first step you should take is to freeze your credit file with the three major credit reporting agencies: Experian, Equifax and TransUnion,” Ted Jenkin, an Atlanta-based business consultant, told The Post.
“We also recommend notifying your bank or brokerage if you notice any unusual activity.”
Jenkin said taxpayers should be wary of individuals attempting to use stolen data to submit fraudulent tax returns to the IRS.
“Most importantly, make sure you get a PIN number from the IRS for your tax return because there’s a good chance someone will try to file a fraudulent tax return next tax season,” he said.
Michigan-based financial planner Justin Rush agreed, telling The Washington Post, “Keeping your credit report frozen is a good habit to have in case a bad actor tries to apply for a credit card or loan in your name.”
“Then there are a number of identity theft protection products that can help monitor activity and provide additional security and monitoring.”
How to minimize the chance of your Social Security number or data being compromised
Tony Fiorillo, a financial adviser at Indianapolis-based Asset Management Strategies, told The Washington Post that he is telling clients to protect their data by enabling two-factor authentication and purchasing a separate device — an inexpensive laptop or tablet — just to access MoneySite.
“Don’t read your email, browse the web, or do any online activity. [on your separate device] “I can’t do anything except access your money site,” Fiorillo told the Post.
Andy LoCascio of consulting firm QVeritySecure told The Washington Post that people should review all their recent banking transactions and change all of their banking passwords.
“Never assume that only your password was stolen,” he said.
“Always treat this as identity theft and change all your other passwords. If someone tries to access any of those accounts, you’ll likely receive an email that makes it even clearer what’s been captured.”
