Data leak
IBM Think / Wikipedia / KrebsOnSecurity
Primary Source βIncident Details
Background check company National Public Data (Jerico Pictures) breached via plaintext admin credentials found in Members.zip archive on sister site RecordsCheck.net. 2.9 billion records allegedly stolen including SSNs, current and past addresses, DOBs, phone numbers for US, UK, Canada citizens. Data circulated from April 2024; confirmed breach disclosed Aug 16 2024. NPD filed Chapter 11 bankruptcy Oct 2024. Class action lawsuits filed in multiple states. One of largest data exposures in history by record count.
Technical Details
- Initial Attack Vector
- CWE-312: Cleartext Storage of Sensitive Information (plaintext admin credentials in publicly accessible Members.zip on sister site RecordsCheck.net)
- Vendor / Product
- National Public Data / Jerico Pictures
Timeline
- 2024-04-01 Breach occurred
- 2024-08-16 Publicly disclosed
- 2024-08-16 Customers notified