National Public Data, a Florida-based company that performs background checks for businesses by collecting and selling personal information from public sources, has closed its doors following a breach that exposed the personal data of up to 170 million individuals.
Despite efforts to manage the fallout, the company was unable to survive the financial and reputational damage. In October, it filed for Chapter 11 bankruptcy, citing less than $50,000 in assets and extensive legal and regulatory challenges, but a judge dismissed the case, stating the company had no viable path to recovery.
Now, all that remains of the company is a brief two-sentence message on its website, expressing regret for its closure after two decades in operation. The incident has left consumers and regulators questioning the future of this lightly regulated industry.
The Breach That Broke the Business
In early 2024, a hacker known as “USDoD” successfully infiltrated National Public Data’s systems, stealing 2.9 billion records and offering them for sale on the dark web for $3.5 million. The data trove included sensitive details such as names, addresses, Social Security numbers, and more, leaving millions vulnerable to identity theft and fraud.
National Public Data, like many brokers, collected its data by scraping public records from government sources, then packaged and sold it for various uses, including background checks and app development.
After halting operations in September and filing for bankruptcy in October, the company could not overcome mounting lawsuits and regulatory scrutiny, ultimately leading to its closure after a Florida judge rejected its bankruptcy bid.
A Spotlight on Data Brokers and Regulation
The breach has reignited debate around the regulation of the data broker industry, valued at over $319 billion in 2021 and projected to exceed $545 billion by 2031.
Critics argue that the industry operates with minimal oversight, often selling sensitive information without individuals’ knowledge or consent. Researchers and legislators have identified troubling trends, including the sale of data related to mental health, financial distress, and even military personnel.
Regulatory bodies are beginning to take notice.
For instance, the Consumer Financial Protection Bureau recently proposed rules requiring brokers to seek consumer consent before selling personally identifiable information. Similarly, state-level efforts, such as California’s data privacy laws, aim to limit the type of data brokers can collect and distribute.
Law Enforcement Strikes Back
In a dramatic turn, Brazilian authorities arrested the hacker, “USDoD” in October, linking the individual to multiple high-profile breaches, including attacks on the FBI’s InfraGard portal, Airbus, and the U.S. Environmental Protection Agency.
USDoD, who had been active on dark web forums, had also been tied to leaking sensitive information from CrowdStrike and TransUnion earlier in the year.
The arrest highlights the global nature of cybercrime and the challenges in combating it. Operation Data Breach, the initiative that led to USDoD’s capture, illustrates the increasing commitment by law enforcement to target individuals behind these devastating attacks, especially as breaches continue to affect critical institutions across the globe.
The Wrap
National Public Data’s downfall is a stark reminder of how devastating a cyberattack can be, not just for consumers but for businesses as well.
What was once a leader in the data brokerage industry, the company was brought to its knees by a single breach, exposing the personal information of millions, sparking lawsuits, and eroding trust in its operations.
For the data broker industry, this serves as a cautionary tale, emphasizing the urgent need for stronger safeguards, greater transparency, and stricter regulatory oversight. Without these measures, even the most established companies can collapse under the weight of a cyberattack.
Go Deeper -> National Public Data Shuts Down Months After Massive Breach – Security Boulevard
Company Behind Massive Social Security Number Leak Shuts Down – PC Mag