Several lawsuits have been filed over a huge data breach involving an estimated 2.9 billion Social Security records.
Eight class-action lawsuits have been filed against Florida-based Jerico Pictures, which operates as National Public Data, after criminals put a database of personal details—including Social Security numbers, names, addresses and contact details—up for sale on the dark web in April, 2024.
One suit, filed on behalf of California resident Christopher Hofmann and more than 100 others in the U.S. District Court of Southern Florida on August 1, alleges a cybercriminal group, USDoD, stole and posted a database on a dark web forum claiming to hold the personal data contained in 2.9 billion records, which it put up for sale for $3.5 million.
More From Newsweek Vault: What Are the Three Main Credit Bureaus?
According to a report by USA Today, seven other lawsuits have also been filed in the same court against National Public Data.
The company, a background check firm that allows its customers to search billions of records, said in a statement on its website that “there appears to a have been a data security incident” which “involved a third-party bad actor that was trying to hack into data in late December 2023, with potential leaks of certain data in April 2024 and summer 2024.”
Newsweek has contacted National Public Data for comment via email.
The company said it has complied with “law enforcement and governmental investigators and conducted a review of the potentially affected records.” It did not clarify the number of records that were stolen, but the August 1 lawsuit put it at 2.9 billion.
More From Newsweek Vault: Learn About the Best High-Yield Checking Accounts
Hofmann said he received a notification from his identity-theft protection service provider in July. The complaint says Hoffman had never provided his details to the company.
According to the complaint, the data that was exposed includes Social Security numbers, full names, addresses and information about relatives—including some who have been deceased for almost 20 years. It says the company failed to “properly secure and safeguard the personally identifiable information that it collected and maintained as part of its regular business practices.”
More From Newsweek Vault: Checking Account vs. Savings Account: Which is Best for Your Finances?
The Social Security Administration (SSA) has confirmed to Newsweek that the breaches “are unrelated to the Social Security Administration’s internal systems and data, neither of which has been compromised.”
What To Do if You Suspect Identity Theft
The SSA told Newsweek that if someone suspects they are a victim of identity theft, they should take the following steps:
- Contact the Federal Trade Commission at www.idtheft.gov, or call 1-877-IDTHEFT (1-877-438-4338); TTY 1-866-653-4261.
- File a report with the local police department where the identity theft took place and keep a copy of the report as proof of the crime.
- Contact the fraud unit at a consumer reporting company. The company you call is required to contact others.
- Monitor your credit report.
If a person receives a suspicious call or email that states there is a problem with their Social Security number or account, they should hang up or not respond to the email. People should then go online to oig.ssa.gov to report the scam to the government agency.
