A Hack May Have Exposed the Data of Three Billion People
More than a third of the planet may have had their data breached.
Nearly three billion of us may have had our personal data exposed in an April hack. Seeing as there are just over eight billion people alive on the planet today, that means more than a third of the world's population may have been affected.
As reported by Bloomberg Law, the exposure is the fault of Jerico Pictures Inc., operating as the background check company National Public Data, according to a lawsuit against the company. The suit alleges that, on April 8 of this year, the hacking group USDoD uploaded a database on the dark web site Breach Forums, called, simply, "National Public Data." This 277GB database supposedly contained the information of 2.9 billion people. That data could be yours for the price of $3.5 million.
National Public Data (the company, not the database) reportedly collects the data of billions of us from "non-public" sources, unbeknownst to those the data belongs to. This data isn't anonymous, either: It includes information like Social Security numbers, home addresses (both current and former), full legal names, and ancestry—data that can easily be tied directly to you.
The suit has been brought forth by one Christopher Hofmann from California, who says he learned about this practice after his identity protection service alerted him to the data breach. Through the lawsuit, Hofmann wants a few things: a payout, the National Public Data to delete all the data it collected from affected users, and for the company to implement changes to prevent this from happening again—namely, to protect future collected data with encryption.
It's not clear how National Public Data was able to obtain some of this information, particularly sensitive data like Social Security numbers. The details of the breach have also not been confirmed: However, Bloomberg Law says if confirmed, the breach is one of the largest ever, rivaling a 2013 Yahoo! breach that affected three billion people.
What can you do?
These situations are tricky, because the breached data wasn't stolen from a service you actively use. As such, you can't change a password or close an account. Instead, it may be best to seek professional services.
If you don't have one already, consider signing up for a credit monitoring service. National Public Data is not warning affected users: Only a service that looks for stolen data online can let you know if your data, such as your Social Security number, was included in this breach. From here, the service may be able to guide you through steps to take going forward. PCMag, our sister site, has a list of the best identity theft protection services, including: