Jerico Pictures Inc., operating as National Public Data (NPD), has confirmed a significant data breach involving the theft of sensitive information, including the Social Security numbers of millions of Americans. The company, which offers criminal background checks for employers and investigators, revealed that its servers were hacked by cybercriminals who accessed a trove of personal data.
In a statement released last week, NPD acknowledged that the breached information included names, email addresses, phone numbers, Social Security numbers, and mailing addresses. The company attributed the incident to an attempted hack by a “third-party bad actor” and noted that there were attempts to hack its systems in December 2023, as well as potential data leaks in April and summer 2024.
NPD did not disclose the exact number of people affected but stated that it has cooperated with law enforcement and governmental investigators in reviewing the compromised records. The company has implemented additional security measures to prevent future breaches and protect its systems.
The company announced plans to notify all affected users, advising them to take steps to minimize potential harm. NPD urged users to closely monitor their financial accounts and report any unauthorized activity to their financial institutions. Social Security number holders were also encouraged to contact credit reporting agencies—Equifax, Experian, and TransUnion—to obtain free credit reports and place fraud alerts on their files.
At least eight lawsuits have been filed against NPD since news of the breach surfaced on August 1. Among the plaintiffs is Christopher Hoffman, a California resident, who filed a suit on the same day, alleging that a cybercriminal group named “USDoD” posted a database on the dark web containing the personal data of 2.9 billion people. The group allegedly offered the database for sale at $3.5 million.
Hoffman's lawsuit claims that the hackers accessed data about relatives and past addresses dating back at least three decades. NPD is accused of negligence and breaches of fiduciary duty, although the lawsuit does not specify the damages sought.
The breach has raised significant concerns about data security and the protection of personal information, with many users now taking steps to safeguard their identities in the wake of this massive exposure.
