There has been news about a prominent hacking group that claimed a large amount of sensitive personal information was allegedly stolen from a major data broker about four months ago, but a member of that group has reportedly released most of the information for free on an online marketplace where stolen personal information is sold.
A breach of sensitive data, including Social Security numbers and other personal information of Americans, could have a transnational impact on identity theft, fraud and other crimes, said Teresa Murray, director of consumer advocacy for the U.S. Public Information Research Group.
An online hacking forum has exposed nearly 2.7 billion personal information records belonging to Americans, including names, addresses and even Social Security numbers.
Information including Social Security numbers was also posted to the forum. This data originated from a company which collected and sold the data for legitimate purposes but in April 2024, it is claimed that the data was stripped and offered for sale by the company.
As part of the investigation, it was reported that the information had been stolen from National Public Data by a threat actor called USDoD.
Using information scraping from public sources, National Public Data compiles individual profiles that are then used to create portfolios of individual properties, which are marketed to consumers. In addition to serving private investigators, the company also provides background checks and criminal record searches to a variety of government agencies and organizations.
It was reported that the data was scraped by a company called National Public Data, along with names, addresses, and even Social Security numbers, which were retrieved from a database scraping company.
Earlier this year, Jericho Pictures Inc., which is an operator of the National Public Data program, played a key role in the court case that occurred in the Southern District of Florida regarding the data.
As Bloomberg Law reports, plaintiff Christopher Hofmann brought forth a claim against Jericho Pictures over a violation of data privacy and the gross negligence of the company about sensitive and personal information.
Hoffman also argues that the method of assembling data that National Public Data uses is not open to the public and, as a result, not approved by the people whose data is being gathered in this way.
As Jericho Pictures and National Public Data have yet to comment on the massive data breach that affected more than 2.7 billion people, it remains uncertain if they will purge or encrypt their existing data to avoid any further damage to their reputations.
A hacker forum in which Fenice is known has been flooded with files obtained from the hacker community, which had been purloined. Fenice's posts were a much more complete version of previous breaches, which he uploaded for free.
Fenice now lays legal responsibility for the leak of National Public Data's information, however, it is clear that it has been caused by another hacker, SXUL, rather than USDoD, a prominent hacker suspected of leaking information.
It is worth noting that when USDoD first acquired the data, it offered to sell it for 3.5 million dollars.
As per the hacker, the database had been compromised and had contained 2.9 billion records containing information on millions of people in Canada, the United Kingdom, and America. There has been a lot of buzz about USDoD, ever since it was linked to an alleged attempt for $50,000 to be made on InfraGard's user database in December of 2023 by two individuals.
As a result, a variety of threats have penetrated the network and released partial copies of the data, with each leak sharing a different number of records and, in some cases, different data types compared to the previous leak.
An individual identified as "Fenice" on August 6th leaked the most complete version of the stolen National Public Data data free of charge on the Breached hacking forum under the name of Fenice.
The data breach, however, was subjected to another threat actor that Fenice referred to as "SXUL," instead of the US Department of Defense, who was responsible.
In addition, this data may have become outdated, having no current address for any of the people checked, so there is a possibility that this data has been taken from an old backup, which would indicate that older data may have been used.
Jerico Pictures, which is believed to be operating under the name National Public Data, has been sued numerous times for not adequately protecting the personal information of people as a result of the data breach. This data contains a huge number of social security numbers, which means that users should monitor their credit report for any signs of fraudulent activity and report it to the appropriate credit bureau if they find any.
As previously leaked samples will also contain phone numbers and email addresses, users must remain vigilant against phishing attempts as well as SMS texts that may attempt to get them to provide additional sensitive information through phishing e-mails and SMS texts.
Christopher Hofmann, the named plaintiff, reported that on July 24, he was informed by his identity theft protection service provider that his personal information had been compromised.
According to the notification, the breach occurred as a direct result of the security incident involving the website "nationalpublicdata.com." It was further disclosed that Hofmann's data had been published on the dark web, highlighting the serious nature of the breach and its potential implications for those affected.
