Lawsuit claims hackers gained access to "billions" of Social Security numbers by breaching background check company.
A new lawsuit is claiming hackers have gained access to the personal information of "billions of individuals," including their Social Security numbers, current and past addresses and the names of siblings and parents — personal data that could allow fraudsters to infiltrate financial accounts or take out loans in their names.
The allegation arose in a lawsuit filed earlier this month by Christopher Hofmann, a California resident who claims his identity theft protection service alerted him that his personal information had been leaked to the dark web by the "nationalpublicdata.com" breach. The lawsuit was earlier reported by Bloomberg Law.
The breach allegedly occurred around April 2024, with a hacker group called USDoD exfiltrating the unencrypted personal information of billions of individuals from a company called National Public Data (NPD), a background check company, according to the lawsuit. Earlier this month, a hacker leaked a version of the stolen NPD data for free on a hacking forum, tech site Bleeping Computer reported.
The past addresses thing is kind of spooky. I once got a bequest of stock options from the company I worked for and they were claimable online. One of the ways in which they verified my identity was to have me pick out actual addresses I'd lived at in the past (one of them more than 15 years prior) from a list containing other addresses. Somebody with access to a list of my past addresses might have been able to claim my fifty grand worth of options before I did.
I had no stock account at this point, at least none involving my company since my company did not have stock before this. What had happened was my non-stock company was purchased by a larger stock company and I was granted a bequest of the new company's stock.
Uh, I got bad news. If I search for my name, there are freely and publicly available online directories that show all my past addresses (and phone numbers) going back over 20 years. That's why I had to pay a service that searches for this crap and submits requests on my behalf to have them take it down. I think California's law where you can also ask once to be removed from all of them will go into effect soon?