News of a major data breach that could affect nearly three billion people, including Canadians, comes to light from a class-action lawsuit filed in Florida, McAfee reports.According to documents filed in U.S. District Court in Fort Lauderdale, Fla., the hacking group USDoD claimed in April to have stolen personal records of 2.9 billion people from National Public Data, which offers personal information to employers, private investigators, staffing agencies and others doing background checks.In June, The Register reported that a hacker group by the name of USDoD claimed it hacked the records of 2.9 billion people and put them up for sale on the dark web. The price tag, U.S. $3.5 million. The group further claimed that the records include U.S., Canadian, and British citizens.The complaint filed in the U.S. District Court alleges that NPD was hit by a data breach in or around April an further explains:The company had sensitive info breached, such as full names; current and past addresses spanning at least the last three decades; Social Security numbers; info about parents, siblings, and other relatives (including some who have been deceased for nearly 20 years); and other personal info.The company “scraped” this info from non-public sources. This info was collected without the consent of the person who filed the complaint and the billions of others who might qualify to join in the class action complaint.The company “assumed legal and equitable duties to those individuals to protect and safeguard that information from unauthorized access and intrusion.”Typically, companies self-report these breaches due to regulations and legislation that require them to report them in a timely manner. In this case, it appears that no notices were sent to potential victims, nor could McAfee find any filings with state attorney generals.The filing explained the primary plaintiff Christopher Hofmann discovered the breach when he “received a notification from his identity theft protection service provider notifying him that his [personal info] was compromised as a direct result of the ‘nationalpublicdata.com’ breach."The complaint requests, "Pursuant to its authority under the Declaratory Judgment Act, this Court should enter a judgment declaring, among other things, the following:"a. NPD owes a legal duty to secure patients’ PII [personally identifiable information] and to timely notify consumers of a data breach ... and"b. NPD continues to breach this legal duty by failing to employ reasonable measures to secure patients’ PII."The suit adds, "If an injunction is not issued, Plaintiff will suffer irreparable injury, and lack anadequate legal remedy, in the event of another data breach at NPD. The risk of another such breach is real, immediate, and substantial. If another breach at NPD occurs, Plaintiff will not have an adequate remedy at law because many of the resulting injuries are not readily quantified and he will be forced to bring multiple lawsuits to rectify the same conduct."
News of a major data breach that could affect nearly three billion people, including Canadians, comes to light from a class-action lawsuit filed in Florida, McAfee reports.According to documents filed in U.S. District Court in Fort Lauderdale, Fla., the hacking group USDoD claimed in April to have stolen personal records of 2.9 billion people from National Public Data, which offers personal information to employers, private investigators, staffing agencies and others doing background checks.In June, The Register reported that a hacker group by the name of USDoD claimed it hacked the records of 2.9 billion people and put them up for sale on the dark web. The price tag, U.S. $3.5 million. The group further claimed that the records include U.S., Canadian, and British citizens.The complaint filed in the U.S. District Court alleges that NPD was hit by a data breach in or around April an further explains:The company had sensitive info breached, such as full names; current and past addresses spanning at least the last three decades; Social Security numbers; info about parents, siblings, and other relatives (including some who have been deceased for nearly 20 years); and other personal info.The company “scraped” this info from non-public sources. This info was collected without the consent of the person who filed the complaint and the billions of others who might qualify to join in the class action complaint.The company “assumed legal and equitable duties to those individuals to protect and safeguard that information from unauthorized access and intrusion.”Typically, companies self-report these breaches due to regulations and legislation that require them to report them in a timely manner. In this case, it appears that no notices were sent to potential victims, nor could McAfee find any filings with state attorney generals.The filing explained the primary plaintiff Christopher Hofmann discovered the breach when he “received a notification from his identity theft protection service provider notifying him that his [personal info] was compromised as a direct result of the ‘nationalpublicdata.com’ breach."The complaint requests, "Pursuant to its authority under the Declaratory Judgment Act, this Court should enter a judgment declaring, among other things, the following:"a. NPD owes a legal duty to secure patients’ PII [personally identifiable information] and to timely notify consumers of a data breach ... and"b. NPD continues to breach this legal duty by failing to employ reasonable measures to secure patients’ PII."The suit adds, "If an injunction is not issued, Plaintiff will suffer irreparable injury, and lack anadequate legal remedy, in the event of another data breach at NPD. The risk of another such breach is real, immediate, and substantial. If another breach at NPD occurs, Plaintiff will not have an adequate remedy at law because many of the resulting injuries are not readily quantified and he will be forced to bring multiple lawsuits to rectify the same conduct."
