An American company is being sued for not adequately protecting the private data of its users against a cyber attack

An American has filed a class action lawsuit against Jerico Pictures, operator of National Public Data, for failing to adequately protect billions of private information records. National Public Data, a US-based company located in Florida, provides APIs for background checks and criminal record queries, handling sensitive personal data. According to the lawsuit filed by Christopher Hofmann, the information was extracted in a cyberattack and then sold in April for $3.5 million on a criminal forum.

Kaspersky Anti-Virus DOWNLOAD

The stolen database contained 2.9 billion records of citizens from the United States, Canada, and Great Britain, including full names, addresses, address history of over thirty years, social security numbers, and names of relatives, some of whom died decades ago. A known digital thief called SXUL extracted the files and transferred them to a criminal gang called USDoD, which acted as an intermediary assuring buyers that the information did not come from public sources.

On July 24th, Hofmann received a notification from his identity theft protection service informing him that his personal information was on the Dark Web. The American claims that he never provided this data to National Public Data and that he ‘believes his information was extracted from non-public sources by the defendant.’ The lawsuit alleges that National Public Data extracts information from ‘potentially billions’ of people without their consent, and in doing so, the company assumed legal obligations to protect such information.

‘This unencrypted and unhidden personal identification information was put at risk, published, and then sold on the Dark Web, due to the negligent and/or careless acts and omissions of the accused,’ the lawsuit claims. The stolen data can be used for identity theft, digital fraud, and even physical harassment, posing a ‘continuing risk to the victims’ throughout their lives.

Hofmann, representing other potential millions of claimants, requests that National Public Data destroy all personal information of the members of the class action and that in the future it uses encryption and other protection methods. The lawsuit also calls for the implementation of an information security program and employee training, as well as the hiring of external auditors to prevent future data breaches. Finally, unspecified monetary compensation is requested for the victims, including ‘actual, statutory, nominal, and consequential damages.’

Kaspersky Anti-Virus DOWNLOAD