Cyber-Heist of 2.9 Billion Personal Records Leads to Class Action Lawsuit (theregister.com) 18
"A lawsuit has accused a Florida data broker of carelessly failing to secure billions of records of people's private information," reports the Register, "which was subsequently stolen from the biz and sold on an online criminal marketplace."
California resident Christopher Hofmann filed the potential class-action complaint against Jerico Pictures, doing business as National Public Data, a Coral Springs-based firm that provides APIs so that companies can perform things like background checks on people and look up folks' criminal records. As such National Public Data holds a lot of highly personal information, which ended up being stolen in a cyberattack. According to the suit, filed in a southern Florida federal district court, Hofmann is one of the individuals whose sensitive information was pilfered by crooks and then put up for sale for $3.5 million on an underworld forum in April.
If the thieves are to be believed, the database included 2.9 billion records on all US, Canadian, and British citizens, and included their full names, addresses, and address history going back at least three decades, social security numbers, and the names of their parents, siblings, and relatives, some of whom have been dead for nearly 20 years.
Hofmann's lawsuit says he 'believes that his personally identifiable information was scraped from non-public sources," according to the article — which adds that Hofmann "claims he never provided this sensitive info to National Public Data...
"The Florida firm stands accused of negligently storing the database in a way that was accessible to the thieves, without encrypting its contents nor redacting any of the individuals' sensitive information." Hofmann, on behalf of potentially millions of other plaintiffs, has asked the court to require National Public Data to destroy all personal information belonging to the class-action members and use encryption, among other data protection methods in the future... Additionally, it seeks unspecified monetary relief for the data theft victims, including "actual, statutory, nominal, and consequential damages."
If the thieves are to be believed, the database included 2.9 billion records on all US, Canadian, and British citizens, and included their full names, addresses, and address history going back at least three decades, social security numbers, and the names of their parents, siblings, and relatives, some of whom have been dead for nearly 20 years.
Hofmann's lawsuit says he 'believes that his personally identifiable information was scraped from non-public sources," according to the article — which adds that Hofmann "claims he never provided this sensitive info to National Public Data...
"The Florida firm stands accused of negligently storing the database in a way that was accessible to the thieves, without encrypting its contents nor redacting any of the individuals' sensitive information." Hofmann, on behalf of potentially millions of other plaintiffs, has asked the court to require National Public Data to destroy all personal information belonging to the class-action members and use encryption, among other data protection methods in the future... Additionally, it seeks unspecified monetary relief for the data theft victims, including "actual, statutory, nominal, and consequential damages."
...and the Florida firm quickly disolves itself (Score:5, Insightful)
This one goes bankrupt and the next one takes over. Stronger laws are needed; civil suits aren't going to be enough here.
Re: (Score:3)
Not just better laws but systematic changes to our financial system.
It's ridiculous that scammers can apply for credit by knowing a victim's SSN. Using SSNs for authentication should be banned.
Credit cards should move to chip-and-pin, and online payments should not be based on CCs.
Many other countries don't have the identity theft problems that America does.
In America, to make an online payment, I need to provide the merchant with: My name, my CC number, the CC's CCV, my address, my phone number, and my ema
Re: ...and the Florida firm quickly disolves itsel (Score:1)
Prevent collection in the first place (Score:2)
- Opt out by default of the government selling your name, address, and other currently public data to anyone. Insurance companies buy lists of driver licenses from the state under the guise of for business purposes.
- Prevent companies such as credit bureaus Equifax from compiling a database of paycheck per paycheck records for tens of millions of persons and then selling access to that data for income verification purposes. https://www.equifax.com/busine... [equifax.com]
- Most people do not
Re: Prevent collection in the first place (Score:1)
Re: (Score:2)
Anonymous to the merchant.
The government gets all the transaction details.
Re: ...and the Florida firm quickly disolves itsel (Score:4, Interesting)
Remind me, isn't China the country that's been implementing the infamous, privacy-raping social credit system ? In that context, transaction details are tied to your identity and shared with the government. This is not progress.
That said, the identity theft problems you mentioned in the US system are real and badly need solving. I just don't think the Chinese system should be the template. I would look at European countries instead.
Re: (Score:2)
It's weird that you think that identifying one thing China has implemented in a good way means the OP was saying we should implement everything China does including social credit (which is different than financial credit and has fuck all to do with the discussion about credit cards).
Oh, wait. I get it. You couldn't argue against any of the actual points made in the post you replied to, so you latched onto China and pulled out a strawman.
Re: (Score:3)
Actually, China's social credit system covers financial transactions, and that's the reason I brought it up.
https://www.npr.org/2018/10/31/662696776/what-its-like-to-be-on-the-blacklist-in-chinas-new-social-credit-system
Re: (Score:2)
How do you think they get the transaction details for the social credit system?
This payment system everyone must use.
Re: (Score:2)
It's ridiculous that scammers can apply for credit by knowing a victim's SSN.
which scammers? the company hoarding private information it isn't legally allowed to access in the first place, exploiting it commercially and misshandling it to the point it gets to the black market, or the thousands of businesses who routinely buy that illegal information from that company for background checks, or the guys that hacked into that company just to undercut them competing in the same shady business, or the guys that used the hacker's service at the end of the chain? it's hard to tell because
Re: ...and the Florida firm quickly disolves itsel (Score:2)
Re: (Score:2)
Many other countries don't have the identity theft problems that America does.
Many other countries don't have the wealth of the average American. The countries targeted by scammers are overwhelmingly western countries with high net personal wealth.
Freeze your credit (Score:4, Insightful)
Sadly we have to assume all our data is already known. Freezing credit at least stops others from opening up be accounts under your name.
Re: (Score:2)
This should be the default.
You want to get credit? Request the bureau unlock you data first.
The current system of the bureau asking the merchant if they have obtained your permission first is broken. They haven't positively identified the customer.
But it was anonymized! (Score:2)