National Public Data Declares Bankruptcy Following Massive Data Breach
National Public Data, a data brokerage firm, has filed for bankruptcy several months after acknowledging a massive data breach that affected "hundreds of millions" of individuals. This breach is considered one of the largest in history, as reported by The Register.
Bankruptcy Petition Details
The bankruptcy petition reveals that the company is likely liable under various state laws to notify and pay for credit monitoring for hundreds of millions of potentially impacted individuals. The document further states, "As the debtor’s schedules indicate, the enterprise cannot generate sufficient revenue to address the extensive potential liabilities, not to mention defend the lawsuits and support the investigations. The debtor’s insurance has declined coverage."
Lawsuits and Regulatory Challenges
The Register reports that the company is facing more than a dozen class-action lawsuits due to data loss. Additionally, it may face regulatory challenges from the Federal Trade Commission (FTC) and over 20 U.S. states. However, plaintiffs may find it difficult to collect damages due to the company's limited physical assets.
Company's Limited Assets
The company, operated by Salvatore Verini, Jr. from his home office, has limited physical assets. These include two $200 HP desktops, a $100 ThinkPad, and five Dell servers worth approximately $2,000. Despite generating $1.15M in revenue last year, the company has just $33,105 in a New York account. Its total assets are estimated to be between $25,000 and $75,000.
Recalling the Data Breach
In August, we reported on the data theft, labeling it as one of the "biggest data breaches ever". A lawsuit at the time alleged that confidential data of 2.9 billion people had been exposed and stolen. The worst part is that those affected by this cyberattack may not even be aware of their involvement. This is because National Public Data allegedly gathers data from non-public sources without consent.
The breach exposed nearly 3 billion people's information, including full names, addresses, Social Security numbers, and personal details of both living and deceased relatives. The exact timing of the breach remains unclear.
Plaintiff's Discovery of the Breach
Christopher Hofmann, a plaintiff, became aware of the breach in July when an identity theft protection service notified him that his data had been leaked on the dark web. Hackers had posted the "National Public Data" database on a dark web forum in April, asking for $3.5 million from a potential buyer.
Bottom Line
This case serves as a stark reminder of the potential consequences of data breaches, not only for the individuals affected but also for the companies involved. It raises questions about the responsibility of companies to protect user data and the ramifications when they fail to do so. What are your thoughts on this matter? Feel free to share this article with your friends and start a conversation. Don't forget to sign up for the Daily Briefing, delivered every day at 6pm.
