Data Breach Exposes 3 Billion Personal Information Records

A major player in the data world, Jerico Pictures Inc., also acts as a background-check company doing business as National Public Data (NPD). This is not your momma’s average database; NPD is a colossal repository of personal information, including the kind of details you wouldn’t want your worst enemy to know—let alone a faceless hacker. Social security numbers, email addresses, phone numbers, relatives, physical addresses, and more.  Earlier this year, NPD’s treasure trove of 2.9 billion records was cracked, spilling sensitive information into the dark web (and ofc, the hacker’s PFP is an adorable cat).

So, who’s behind this audacious cyber heist? Murky. The breach was first flagged in April 2024 when the bid was out, but the culprits remain in the shadows. One thing is known: the data is out there, and it’s causing havoc.  

👨‍💻 Data or Drama?

Now, the internet loves a good mystery, and this breach has more than its fair share. Questions about the validity of the data have surfaced. Some claim it's genuine, others cry foul — arguing the records are incomplete, outdated, or just plain wrong. But the real issue here isn’t the data itself; it’s the growing realization that massive data aggregators like NPD are sitting on landmines sans sufficient guardrails. The breach has triggered a domino effect of legal challenges and regulatory scrutiny that could reshape the landscape of data privacy, and data brokers.

‍

😲 The Exposed Data: What’s in the Wild? 

Now, let’s get to the heart of the matter—what exactly was exposed? The NPD breach laid bare an alarming range of personal data points, including:

• Full Names: This might seem benign, but combined with other data, it’s a key to your stolen identity, and the ability to profit from your data.  
• Addresses: Home addresses–making this breach physically invasive and threatening.
• Social Security Numbers: The crown jewels of personal information, these were unfortunately part of the leak as well.
• Phone Numbers: The gateway to more personalized scams and phishing attempts, and just this one credential opening up the book to your life (see for yourself, cloaked.com/scan).
• Financial Records: Bank details and credit histories were among the most concerning data stolen.
• Background Check Information: Everything from criminal records to employment history, the kind of stuff you hope never sees the light of day.

With this kind of data out in the wild, the possibilities for misuse are endless. Identity theft, financial fraud, and targeted scams are just the tip of the iceberg.

‍

Are you on the List?!    

Due to NPD’s practice of scraping data from non-public sources without consent, many affected by this data breach may be unaware that their credentials are compromised. However, the sheer scale of this breach has attracted lawsuits like moths to a flame. One case alleges NPD overstepped legal requirements by hoarding, then failing to protect, data it had no business collecting.

The plaintiffs argue the breach wasn’t just a lapse in security—it was a ticking time bomb that finally exploded. And now, with billions of people’s information out in the wild, the fallout could be catastrophic. Lawyers are sharpening their pencils, and the courts are bracing for a showdown that could set new precedent in data security law.

‍

❓What’s Next?

As we watch this drama unfold, a few things are clear. First, the way we think about data privacy is about to change. The NPD breach is a wake-up call, not just for data companies but for anyone that has handed over their personal information to websites or data brokers (yes, all of us). Second, this incident will likely fuel the ongoing debate about data aggregation. Is it worth the risk to have companies like NPD compiling vast amounts of personal data? Or, is it time to rein in these digital behemoths before they cause more damage? Finally, and perhaps most importantly, the NPD breach is a reminder that our digital lives are far more vulnerable than we’d like to believe. As we navigate this brave new world of big data, we must ask ourselves: who’s really watching out for our privacy?  It is up to us, and only us.  Put the protection of your data back in your hands.  

‍‍

How Cloaked Helps with Data Breaches

• Cloaked Identities: Cloaked allows users to create unique, disposable identities for every online interaction. By generating Cloaked phone numbers, email addresses, and more, you never have to share your real personal information. In the case of NBD, users would have had their real information shielded from data brokers, significantly reducing the impact of such a breach. Cloaked also allows users to mute or completely remove their virtual identities if they are compromised or no longer needed. This would enable affected breach victims to quickly eliminate any virtual identities linked to their accounts, minimizing the risk of further misuse.
• Cloaked Identity Theft Insurance: Cloaked offers identity theft protection with up to $1 million in insurance coverage. For those hit by NBD, this insurance would provide essential support and financial protection in the aftermath of the breach should they face identity theft.
• Cloaked Pay Virtual Cards (beta): Cloaked Pay allows users to generate virtual payment cards for online transactions. These virtual cards can be used once or for a limited number of transactions, significantly reducing the risk of credit card information being compromised. 
• Cloaked Identity Monitoring and Data Removal: In the event of a data breach like the one experienced by Neiman Marcus, Cloaked's identity monitoring and data removal services provide essential protection and remediation. Cloaked monitors for exposed personal information across various sources, including data brokers and breached databases. When sensitive data is detected, Cloaked initiates removal processes to eliminate this information from over 120 data brokers, thereby reducing the risk of identity theft and fraud. ‘vx-underground’, a well-respected source on malwares, breaches, and hacks, pointed out that the database conspicuously lacked information from individuals who had opted out of data collection services. They noted, "The database DOES NOT contain information from individuals who use data opt-out services. Every person who used some sort of data opt-out service was not present." This proactive approach ensures that even if personal details are compromised, they are swiftly removed from potential misuse channels, enhancing user security and peace of mind. 

‍