Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Crime Privacy The Courts

Cyber-Heist of 2.9 Billion Personal Records Leads to Class Action Lawsuit (theregister.com) 18

"A lawsuit has accused a Florida data broker of carelessly failing to secure billions of records of people's private information," reports the Register, "which was subsequently stolen from the biz and sold on an online criminal marketplace." California resident Christopher Hofmann filed the potential class-action complaint against Jerico Pictures, doing business as National Public Data, a Coral Springs-based firm that provides APIs so that companies can perform things like background checks on people and look up folks' criminal records. As such National Public Data holds a lot of highly personal information, which ended up being stolen in a cyberattack. According to the suit, filed in a southern Florida federal district court, Hofmann is one of the individuals whose sensitive information was pilfered by crooks and then put up for sale for $3.5 million on an underworld forum in April.

If the thieves are to be believed, the database included 2.9 billion records on all US, Canadian, and British citizens, and included their full names, addresses, and address history going back at least three decades, social security numbers, and the names of their parents, siblings, and relatives, some of whom have been dead for nearly 20 years.

Hofmann's lawsuit says he 'believes that his personally identifiable information was scraped from non-public sources," according to the article — which adds that Hofmann "claims he never provided this sensitive info to National Public Data...

"The Florida firm stands accused of negligently storing the database in a way that was accessible to the thieves, without encrypting its contents nor redacting any of the individuals' sensitive information." Hofmann, on behalf of potentially millions of other plaintiffs, has asked the court to require National Public Data to destroy all personal information belonging to the class-action members and use encryption, among other data protection methods in the future... Additionally, it seeks unspecified monetary relief for the data theft victims, including "actual, statutory, nominal, and consequential damages."
This discussion has been archived. No new comments can be posted.

Cyber-Heist of 2.9 Billion Personal Records Leads to Class Action Lawsuit

Comments Filter:
  • by aaarrrgggh ( 9205 ) on Saturday August 10, 2024 @08:40PM (#64695728)

    This one goes bankrupt and the next one takes over. Stronger laws are needed; civil suits aren't going to be enough here.

    • Not just better laws but systematic changes to our financial system.

      It's ridiculous that scammers can apply for credit by knowing a victim's SSN. Using SSNs for authentication should be banned.

      Credit cards should move to chip-and-pin, and online payments should not be based on CCs.

      Many other countries don't have the identity theft problems that America does.

      In America, to make an online payment, I need to provide the merchant with: My name, my CC number, the CC's CCV, my address, my phone number, and my ema

      • In USA people are incentivized to use credit cards by the rewards programs, along with ability to dispute transactions (if an item is not as described). Even if rewards are stopped, what other payment method has dispute capability?
      • by madbrain ( 11432 ) on Saturday August 10, 2024 @11:33PM (#64695898) Homepage Journal

        Remind me, isn't China the country that's been implementing the infamous, privacy-raping social credit system ? In that context, transaction details are tied to your identity and shared with the government. This is not progress.

        That said, the identity theft problems you mentioned in the US system are real and badly need solving. I just don't think the Chinese system should be the template. I would look at European countries instead.

        • It's weird that you think that identifying one thing China has implemented in a good way means the OP was saying we should implement everything China does including social credit (which is different than financial credit and has fuck all to do with the discussion about credit cards).

          Oh, wait. I get it. You couldn't argue against any of the actual points made in the post you replied to, so you latched onto China and pulled out a strawman.

          • by madbrain ( 11432 )

            Actually, China's social credit system covers financial transactions, and that's the reason I brought it up.

            https://www.npr.org/2018/10/31/662696776/what-its-like-to-be-on-the-blacklist-in-chinas-new-social-credit-system

          • How do you think they get the transaction details for the social credit system?
            This payment system everyone must use.

      • by znrt ( 2424692 )

        It's ridiculous that scammers can apply for credit by knowing a victim's SSN.

        which scammers? the company hoarding private information it isn't legally allowed to access in the first place, exploiting it commercially and misshandling it to the point it gets to the black market, or the thousands of businesses who routinely buy that illegal information from that company for background checks, or the guys that hacked into that company just to undercut them competing in the same shady business, or the guys that used the hacker's service at the end of the chain? it's hard to tell because

      • Nothing is anonymous in China, silly
      • by vlad30 ( 44644 )

        Many other countries don't have the identity theft problems that America does.

        Many other countries don't have the wealth of the average American. The countries targeted by scammers are overwhelmingly western countries with high net personal wealth.

  • Freeze your credit (Score:4, Insightful)

    by Ogive17 ( 691899 ) on Sunday August 11, 2024 @06:12AM (#64696142)
    Last year someone opened up a few accounts in my name and made some charges. Took me about a month to get it cleared up and luckily I was never out any money, only time. When I reported it to law enforcement, they suggested keeping my credit at the three major bureaus frozen at all times. I can schedule a thaw when needed.

    Sadly we have to assume all our data is already known. Freezing credit at least stops others from opening up be accounts under your name.
    • This should be the default.
      You want to get credit? Request the bureau unlock you data first.
      The current system of the bureau asking the merchant if they have obtained your permission first is broken. They haven't positively identified the customer.

  • Oh wait that's always, indisputably, a bullshit claim.

FORTUNE'S FUN FACTS TO KNOW AND TELL: A guinea pig is not from Guinea but a rodent from South America.

Working...