National Public Data, a background check company, is facing three separate class action lawsuits following a significant data breach that exposed the personal information of millions of individuals. The lawsuits were filed in Florida federal courts in August 2024, accusing the company of failing to protect sensitive data during a cyberattack that occurred in April 2024. Reports indicate that approximately 2.9 billion records were stolen, including full names, Social Security numbers, and addresses, with the data allegedly put up for sale on the dark web.
The breach was first reported on June 1, 2024, by cybersecurity research group VX-Underground, which claimed that a cybercriminal group named “USDoD” was responsible for the attack. The group reportedly offered the stolen database for sale at a price of $3.5 million, confirming the authenticity of the compromised data. Despite the severity of the breach, National Public Data has not publicly acknowledged the incident or directly notified the affected individuals.
The plaintiffs argue that National Public Data failed to adequately secure the sensitive information it collected, leaving it vulnerable to unauthorized access. They claim that much of the stolen data was obtained from non-public sources without the knowledge or consent of the individuals involved. One plaintiff, James Thomas Jones, discovered in late July that his information had been compromised and allegedly scraped by the company from non-public sources.
The lawsuits seek to represent all U.S. residents whose personally identifiable information was compromised in the breach. The plaintiffs are suing for negligence and breach of implied contract, demanding damages, fees, costs, and orders requiring National Public Data to improve its cybersecurity practices. They are also seeking certification of the class action lawsuits and a jury trial.
Reference:
