Scraping Service ‘National Public Data’ Breached and Sensitive Details Leaked Online

• A threat actor breached a data scraping company called National Public Data.
• The database was recently leaked online after a class action lawsuit was filed.
• The breach included sensitive information, such as names, addresses, phone numbers, and Social Security Numbers.

Background check company Jerico Pictures Inc., trading as “National Public Data,” allegedly suffered a data breach. Members of a cybercriminal group called USDoD leaked the company's data on a popular hacker forum on August 6, a few days after a complaint was filed in the US District Court for the Southern District of Florida. 

The filing accused Jerico Pictures of failing to properly secure and safeguard personally identifiable information (PII), which goes against the FTC Act. The data scraping company offers a database with billions of records from non-public sources that users can instantly search.

A member of the hacker group put up for sale for $3.5 million the database containing 2.9 billion records. Earlier this week, another member of the USDoD group offered the 277 GB of stolen data for free on the forum.

The exposed details included first names, last names, middle names, dates of birth, addresses, cities, counties, states, zip codes, phone numbers, and Social Security Numbers. People who used some sort of data opt-out service were not impacted.

Since the breached company collects these details without people’s knowledge or consent, the impacted individuals have no way of knowing that their data leaked.

The plaintiff filed the class action complaint after an identity theft protection service notified them in July that their data had been leaked as a direct result of the National Public Data breach, and some of the victims had already noticed the misuse of their Social Security Numbers.

Recently, a threat actor known as 'emo' decided to leak 15,115,516 Trello members’ accounts on a popular hacking forum, which included email addresses, users’ full names, and public Trello account information.

In July, Fujitsu revealed they identified unauthorized third-party access to the company’s systems that occurred earlier this year and resulted in the exfiltration of customers’ personal details and those of their businesses.