Historic Cyberattack: 3 Billion Personal Data Stolen and Sold

Historic Cyberattack: 3 Billion Personal Data Stolen and Sold on the Dark Web, Are You Affected?

The year 2024 has been a particularly bad year in terms of cybersecurity. A historic cyberattack has exposed the personal data of nearly 3 billion individuals. From the hacking of Viamedis and Almerys at the beginning of the year, the LockBit attack on the Simone Veil hospital, to the very recent Parisian attack in the midst of the Olympics, the past months have been eventful.

This time, it happened across the Atlantic. Last April, Jerico Pictures Inc., operating under the name National Public Data (a company specializing in fraud detection), was the victim of a massive cyberattack. The cybercriminal group UsDoD claimed responsibility for the attack and subsequently sold the stolen information on the dark web.

Thunderbolt in the World of Cybersecurity

The database held by National Public Data reportedly contains the personal information of no less than 2.9 billion people, according to the hackers. This collection is said to have been gathered over three decades.

As astonishing as it may seem, this treasure trove of confidential information is offered to the highest bidder for a sum that, given its content, seems almost derisory: $3.5 million, or approximately €3.2 million.

The plaintiffs, outraged by this blatant violation of their privacy, claim that this collection contains a myriad of sensitive data. It includes, among other things, social security numbers, past and present addresses, the full identity of individuals, and information about their family circle, even including people who have been missing for nearly twenty years.

The alleged victims of this digital plundering loudly proclaim that this information was gathered without their knowledge by National Public Data, which allegedly extracted it from sources not accessible to the general public, thus blatantly violating basic principles of confidentiality and consent.

Legal and Security Repercussions

At the heart of this tumultuous affair is Christopher Hofmann, a Californian citizen and the main plaintiff. He was abruptly jolted from his daily routine on July 24 by an alert from his identity theft protection device, leading to the shocking discovery of his personal data being compromised.

Indignant, Hofmann quickly pointed fingers at National Public Data, accusing it of a litany of failings: gross negligence, unjust enrichment, breach of fiduciary duty, and third-party beneficiary contract violation.

His demands to the court are clear: he urges the court to compel the company to completely erase the personal information of all affected individuals and to implement systematic encryption for future data collections.

He also demands that National Public Data implement a suite of security measures: a threat management program, rigorous data segmentation, thorough database analyses, as well as an annual audit of its IT infrastructure by an independent body, over a decade.

This attack constitutes an exceptionally serious event in the cybersecurity landscape and highlights two main issues. On one hand, there is a company collecting personal data on a very large scale without the informed consent of individuals. On the other hand, this same company appears unable to properly secure its IT ecosystem against potential attacks. The repercussions of this case will undoubtedly be significant for all parties concerned by the cyberattack.

Links

• National Public Data breach publishes private data of 2.9B US citizens – Security Intelligence
• Sell pre-owned electronic device online – iGotOffer

Social Security numbers, personal data hacked, lawsuit claims [Video]

Video uploaded by CBS News on August 16, 2024.