The breach, which includes Social Security numbers and other sensitive data, could power a raft of identity theft, fraud and other crimes, said Teresa Murray, consumer watchdog director for the U.S. Public Information Research Group.
"If this in fact is pretty much the whole dossier on all of us, it certainly is much more concerning" than prior breaches, Murray said in an interview. "And if people weren’t taking precautions in the past, which they should have been doing, this should be a five-alarm wake-up call for them."
According to a class-action lawsuit filed in U.S. District Court in Fort Lauderdale, Fla., the hacking group USDoD claimed in April to have stolen personal records of 2.9 billion people from National Public Data, which offers personal information to employers, private investigators, staffing agencies and others doing background checks. The group offered in a forum for hackers to sell the data, which included records from the United States, Canada and the United Kingdom, for $3.5 million, a cybersecurity expert said in a post on X.
The lawsuit was reported by Bloomberg Law.
Last week, a purported member of USDoD identified only as Felice told the hacking forum that they were offering "the full NPD database," according to a screenshot taken by BleepingComputer. The information consists of about 2.7 billion records, each of which includes a person's full name, address, date of birth, Social Security number and phone number, along with alternate names and birth dates, Felice claimed.