In a startling revelation, one of the most significant data breaches in history has compromised the personal details of an estimated 2.9 billion people, with private information—including Social Security numbers from millions of Americans—now available on the dark web. The breach involved a Florida-based background check company, Jerico Pictures, which operates under the name National Public Data. 

The company’s database was allegedly breached and subsequently put up for sale by a cybercriminal group known as 'USDoD,' which is thought to be based in Latin America. The hackers are reportedly asking for $3.5 million for access to the compromised data, which is said to rival the infamous 2013 Yahoo! breach that impacted three billion accounts.

To confirm the legitimacy of the data, the cybercriminals shared it with a cybersecurity expert who verified its authenticity. This leak poses a significant risk to Americans, as most citizens—and even many deceased individuals—likely have their private information exposed unless they have invested in data opt-out services that shield them from such breaches.

The leaked database reportedly includes extensive personal records, such as address histories and the names of relatives, of hundreds of millions of U.S. residents. Alarmingly, some records date back decades and include information about deceased individuals. A class action lawsuit has been filed against National Public Data by attorneys representing a victim, who first learned of the breach through his identity-theft protection service. The suit claims that the company failed to adequately secure hardware containing protected personal identifiable information (PII) and improperly sourced its files from other databases without individuals' consent. 

The lawsuit further alleges that the company's conduct constitutes at least negligence, as stated by the Kopelowitz Ostrow Firm, which is leading the legal charge. A quick examination of the leaked 277.1 gigabyte database revealed that any individual residing in the United States who had not utilized data opt-out services was readily identifiable in the breach. The exposed files typically included full names, current and previous addresses, Social Security numbers, and detailed information about family members, allowing easy access to find parents, siblings, and even deceased relatives.

While National Public Data, located in Coral Springs, Florida, has yet to disclose the specifics of how this breach occurred, it has faced mounting criticism for failing to notify hundreds of millions of affected individuals in the U.S., as well as those likely impacted abroad. According to estimates from the U.S. Census Bureau, the breach encompasses approximately 11.2 percent of the total U.S. population, equating to around 336.8 million individuals, including many who may be deceased.

As the situation develops, the cybersecurity community and affected individuals are left reeling from the implications of this massive breach. The database does not include data from individuals who had previously opted out of data collection services, highlighting the importance of such protections, which often require substantial financial investment—from $499 a year—as a means to safeguard personal information in an increasingly perilous digital landscape. 

As discussions around privacy and data protection intensify, this incident underscores the urgent need for robust security measures and greater transparency from companies handling sensitive personal information. The fallout from this breach serves as a wake-up call for both individuals and organizations about the critical importance of data privacy.