The Los Angeles Times reports that according to Bloomberg Law, a class-action lawsuit has been filed in U.S. District Court in Fort Lauderdale, Florida, alleging that a hacking group known as “USDoD” claims to have stolen personal records of 2.9 billion persons from Jerico Pictures, Inc. d/b/a National Public Data (“NPD”). NPD is a major data broker which collects or ‘scrapes’ personal information from various sources and then offers that information to employers, private investigators, staffing agencies and others doing background checks.
According to a cybersecurity expert, USDoD offered to sell the scraped data in a post on X (formerly Twitter), which included records from the United States, Canada and the United Kingdom, for $3.5 million. The post may be read HERE.
It is alleged by USDoD that the leaked NPD information includes full names, addresses, birthdates, telephone numbers and associated Social Security numbers.
The Los Angeles Times article may be read in full HERE.
Bloomberg Law has made a PDF copy of the class-action lawsuit available to the public HERE. The lawsuit, Hofmann v. Jerico Pictures, Inc., Docket No. 0:24-cv-61383 (S.D. Fla. Aug 01, 2024), states, in part, that:
“Plaintiff [Christopher Hofmann] brings this Complaint against Defendant [NPD] for its failure to properly secure and safeguard the personally identifiable information that it collected and maintained as part of its regular business practices. Upon information and belief, such sensitive information includes, but is not limited to, Plaintiff’s and Class Members’ full names; current and past addresses (spanning at least the last three decades); Social Security numbers; information about parents, siblings, and other relatives (including some who have been deceased for nearly 20 years); and/or other personal information…”.
and
“Defendant [NPD] has failed to provide Plaintiff [Christopher Hofmann] and Class Members with timely and adequate notice including, but not limited to, information about how the Data Breach occurred and even when it occurred and when Plaintiff’s and Class Members’ information was released onto the Dark Web. Indeed, Defendant has still not provided any notice or warning to Plaintiff and Class Members. In fact, upon information and belief, the vast majority of Class Members were unaware that their sensitive PII [personal information] had been compromised, and that they were, and continue to be, at significant risk of identity theft and various other forms of personal, social, and financial harm.”
Malwarebytes Labs, a major cybersecurity company based in the United States, reported on August 8, 2024 that stolen data from scraping service NPD was leaked online.
Malwarebytes says on its website HERE that the stolen data comes from a data scraping service trading under the name “scraping” which was allegedly breached by a cybercriminal group known as USDoD.
In April 2024, a USDoD member posted the NPD database, which contained the data of about 2.9 billion persons and is for sale for $3.5 million. The 277 GB of data was subsequently offered for download for free on the notorious BreachForums by another member of USDoD.
Malwarebytes corroborates the reporting of the Los Angeles Times by stating that the database information released by USDoD included, but was not limited to, the following fields:
- first name;
- last name;
- middle name;
- date of birth;
- address;
- city;
- county;
- state;
- zip code;
- telephone number, and
- Social Security number.
The Malwarebytes Labs report may be read in full HERE.
My brothers and sisters, cybersecurity failure and data breaches, even large ones, have become common in our modern society; however, the scope of this apparent data breach is somewhat breathtaking. Of course, we don’t know the actual or complete damage that may have been done, but we do know that such releases are rarely, if ever, immediately disclosed to the public (read: to those who are actually impacted the most) to ‘allow for unfettered investigation’ including the collection of necessary evidence.
As the Los Angeles Times article suggests, we should all watch over our financial accounts and transactions closely, and take immediate action if there are signs of foul play.
The Lord has a lot to say about dishonesty, theft and greed:
Proverbs 11:1-3 (Amplified Bible)
Contrast the Upright and the Wicked
“A false balance and dishonest business practices are extremely offensive to the Lord, [b]ut an accurate scale is His delight. When pride comes [boiling up with an arrogant attitude of self-importance], then come dishonor and shame, [b]ut with the humble [the teachable who have been chiseled by trial and who have learned to walk humbly with God] there is wisdom and soundness of mind. The integrity and moral courage of the upright will guide them, [b]ut the crookedness of the treacherous will destroy them.”
Leviticus 19:11 (NKJV)
“You shall not steal, nor deal falsely, nor lie to one another.”
John 10:10 (NKJV)
“The thief [the devil or Satan] does not come except to steal, and to kill, and to destroy. I [Jesus] have come that they may have life, and that they may have it more abundantly.”
Romans 1:28-29 (Amplified Bible)
“And since they did not see fit to acknowledge God or consider Him worth knowing [as their Creator], God gave them over to a depraved mind, to do things which are improper and repulsive, until they were filled (permeated, saturated) with every kind of unrighteousness, wickedness, greed [emphases mine], evil; full of envy, murder, strife, deceit, malice and mean-spiritedness.”
